Articles about Security

In a move to bring simpler yet stronger web authentication to internet users, the FIDO Alliance and the World Wide Web Consortium (W3C) are launching a new standard called Web Authentication (WebAuthn).

WebAuthn enables online service providers to offer FIDO Authentication through web browsers. FIDO Authentication makes web access more secure because it uses unique encrypted credentials for each site, eliminating the risk that a password stolen from one site can be used on another.

Continue reading →

A new report from mobile security specialist Lookout exposes the growing risk from phishing attacks on mobile devices, with an increase in the number of users clicking on URLs that bypass security controls.

The mobile phishing URL click rate has increased 85 percent year-on-year. 56 percent of Lookout users received and clicked on their mobile device a phishing URL that bypassed existing layers of phishing defense.

Continue reading →

Employees are still falling for social engineering techniques leading them to download malicious files, click phishing links, correspond with hackers, and even share contact information for their colleagues.

Enterprise security specialist Positive Technologies imitated the actions of hackers by sending emails to employees with links to websites, password entry forms, and attachments.

Continue reading →

The far-reaching tentacles of the likes of Google and Facebook have focused people's attention on online privacy, but for anyone looking to retain a modicum of confidentiality it can be hard to know what to do. There are VPN tools, but these are not for everyone, for anyone looking for a quick solution, Avast Secure Browser could be the answer.

This new Chromium-based browser is billed as being "private, fast, and secure" and it's designed to address the misconceptions many people have about privacy and security online. The browser is a renamed and updated version of SafeZone.

Continue reading →

We already know that cryptomining is currently flavor of the month among malware creators, but a new report released today by Malwarebytes puts some startling figures on the problem.

On consumer systems cryptomining detections were up a massive 4,000 percent in the last quarter, while ransomware detections fell 35 percent over the same period. For businesses cryptomining detections rose 27 percent this quarter and ransomware detections 28 percent. However, Spyware is still the cybercriminals' favourite choice, with over 80,000 detections in January alone.

Continue reading →

Intel has issued a security advisory about its remote keyboard app after discovering a bug that made it possible for a remote user to mimic keyboard and mouse input with elevated privileges.

Intel Remote Keyboard was available for both iOS and Android, but the critical vulnerability -- and two other bugs with a High rating -- means that it has now been pulled from Google Play and the App Store. Intel is also recommending that anyone using the app uninstalls it as soon as possible.

Continue reading →

Verge may not be the biggest cryptocurrency out there, but it does have quite a following and has generated enough interest to attract hackers. The cryptocurrency came under attack for three hours yesterday, enabling a hacker to net 15.6 million Verge coins worth around $780,000.

There was initially speculation that Verge had fallen victim to a ">51% attack" -- in which an attacker is able to forge transactions by taking control of more than half of the network -- but this has been denied by developers. A hard fork is being prepared to patch the bug that allowed the attack to take place.

Continue reading →

Researchers at Recorded Future believe that a Mirai botnet variant, possibly linked to the IoTroop or Reaper botnet, was utilized in attacks on at least one company, and probably more, in the financial sector in late January of this year.

The botnet targeted one company using at least 13,000 devices, each with a unique IP address, and generated traffic volumes up to 30Gb/s.

Continue reading →

The need to protect sensitive data against cyber criminals, address complex compliance requirements, and guard against human error is driving enterprises to adopt encryption.

A new study by cyber security company Thales eSecurity, based on research by the Ponemon Institute, shows that 43 percent of respondents report that their organization has an encryption strategy applied consistently across their enterprise.

Continue reading →

The retail sector suffered the most breaches in 2017, accounting for 16.7 percent followed by the finance and insurance industry at 13.1 percent and hospitality at 11.9 percent.

Geographically, North America is in the lead with 43 percent of breaches, followed by the Asia Pacific region at 30 percent, Europe, Middle East and Africa (EMEA) at 23 percent and Latin America at four percent.

Continue reading →

With little fanfare, Intel has revealed that some processors will simply never receive microcode updates that will patch against the Meltdown and Spectre vulnerabilities.

In a document entitled Microcode Revision Guidelines, the chip-maker says that a wide range of processor families -- equating to over 200 CPUs -- will not receive any more updates. While the majority of the affected chips were on sale between 2007 and 2011, it's safe to assume that a large proportion of them are still in use, meaning that a lot of systems will remain unprotected.

Continue reading →

Serverless computing is increasingly popular because it eliminates infrastructure concerns. However, a new report raises worries about its security.

According to an audit by serverless security company PureSec, more than one in five serverless applications has critical security vulnerabilities.

Continue reading →

Lax policies and a lack of control is giving far too many employees access to sensitive data according to the latest Global Data Risk Report from data security specialist Varonis.

The report, based on analysis of Data Risk Assessments conducted by Varonis in 2017 for customers and potential customers on their file systems, uncovers some startling figures, with 58 percent of organizations found to have more than 100,000 folders open to all employees.

Continue reading →

A new survey from McAfee says that IT security staff report needing to increase their workforces by 24 percent to adequately manage their organization's cyber threats.

Yet a skills crisis means 84 percent admit it's difficult to attract staff and 31 percent say they don't actively do anything to attract new talent. However, 72 percent of respondents say hiring experienced video gamers into the IT department seems like a good way to plug the cyber security skills gap.

Continue reading →

Huawei is being shunned by the US because of the perception that its hardware could be compromised and used by the Chinese government for espionage. The FCC has blocked US mobile carriers from using federal money to purchase products or services from the company on security grounds, and Huawei is understandably unhappy about this.

The smartphone maker has dismissed security claims as "simply not true" and says that it is "no security threat in any country". The Chinese company says that it is disappointed with the FCC's proposal, pointing out that it would give rural operators -- and, in turn, customers -- fewer options to choose from.

Continue reading →