Articles about Security

If you have a ThinkPad, ThinkCentre or ThinkStation system, Lenovo has an important security patch for you to install. And you should install it right now.

Reporting vulnerability CVE-2017-3762, the computer manufacturer says that it discovered a weak algorithm used to encode fingerprint data could be bypassed with a hardcoded password. The problem affects the Lenovo Fingerprint Manager Pro utility for Windows 7, 8 and 8.1.

Continue reading →

Threat intelligence is becoming an essential part of protecting systems. But this information often comes from many different sources, making it hard to see the big picture and limiting flexibility and effectiveness.

To address this issue, Recorded Future is launching a new product providing centralization, collaboration, and customization of intelligence. Called Fusion, it's powered by machine learning and allows users to centralize and customize proprietary and internal threat data with external threat intelligence.

Continue reading →

Military personal who used the fitness app Strava have unwittingly contributed to revealing the location of secret army bases around the world. Strava published a "heatmap" of global user activity in November, and from this data visualization the location of secret military bases was accidentally exposed.

The company argues that the information had already been made public by users who chose to share their location data. It goes on to suggest that military users might want to consider opting out of the heatmap feature of the iOS and Android app.

Continue reading →

The discovery of the Meltdown and Spectre vulnerabilities in processors caused a great deal of panic and confusion. The poor reliability and performance hit brought about by patches did little to help consumer confidence, but Intel says it will be releasing processors in 2018 that are free from the problems.

The move will be welcomed by customers who have been frustrated by problematic bug fixes designed to mitigate against the bug but which brought issues of their own. A timescale for the hardware solution has not been pinned down more specifically than "later this year."

Continue reading →

Ahead of this Sunday's (January 28) Data Privacy Day, enterprise cyber security company Tripwire has conducted a poll of Twitter users asking who they were most concerned about collecting their private information.

Of the more than 300 people who took part, 40 percent say they would be most worried about corporations stealing their information. While nearly a third (27 percent) say they are most concerned about the government gathering their critical data.

Continue reading →

With 99 percent of organizations using big data, 94 percent Internet of Things devices, and 91 percent using or working on mobile payments, there are more attack surfaces than ever and new risks that need to be addressed.

A new study from systems and cyber security company Thales e-Security finds the extent and impact of increased threats clearly shown in levels of data breaches and vulnerability.

Continue reading →

The latest annual State of Malware Report from Malwarebytes shows that ransomware had a bumper year in 2017, though it began to trend downwards towards the end of the year.

Ransomware launched against consumers was up more than 93 percent and ransomware against businesses up 90 percent. As the year end approached though many avenues known for ransomware drops were seen diversifying their payloads with banking Trojans and cryptocurrency miners instead.

Continue reading →

With increasing interest in cryptocurrency it's inevitable that cyber criminals will see the potential to make money from investors and users.

Threat management company RiskIQ has found that hackers are targeting the Apple, Google Play, SameAPK, APKPlz and other app store users with malicious cryptocurrency apps aiming to steal money and personal data.

Continue reading →

When systems are in the cloud, 45 percent of organizations perceive their own employees to be the biggest security risk, according to a new report.

According to user behavior specialist Netwrix, even though the majority of attacks they experienced over the year were external, organizations blame their own IT staff (39 percent) and business users (33 percent) as much as or more than their cloud providers (33 percent).

Continue reading →

With 1.9 billion records stolen in the first six months, more than in the whole of 2016, 2017 proved a bumper year for cyber crime.

According to cyber security company Venafi, this trend is set to continue into 2018, with state-sponsored attacks to the fore.

Continue reading →

The recent Spectre and Meltdown vulnerabilities have been well documented, but for businesses it can be difficult to know which fixes to prioritize.

Software management and security specialist Flexera is announcing a set of recommendations to provide a standardized, risk-based approach to managing this type of vulnerability.

Continue reading →

The fallout from the Meltdown and Spectre bugs continues to plague Intel. The company has been hit with lawsuits, users complained about performance drops, and some users found that their computers were rendered unbootable. For people with Broadwell and Haswell chips, there was a problem with random reboots, and as a result of this -- some two weeks down the line -- Intel is now advising people to stop installing its patches.

Executive vice president Navin Shenoy says that the company is close to determining the root cause of the problem, apologized for reboots and "unpredictable system behaviour," and warns that customers should stop deploying the current version of the patches until an update is produced.

Continue reading →

As the digital economy expands and software becomes more critical, security worries grow. In a new survey, 74 percent of respondents agree that security threats due to software and code issues are a growing concern.

The study of over 1,200 IT leaders, conducted by analysts Freeform Dynamics for software company CA Technologies, finds 58 percent of respondents cite existing culture and lack of skills as hurdles to being able to embed security within processes.

Continue reading →

Last week it emerged that OnePlus was conducting an investigation after a number of customers complained about fraudulent credit card charges. Now the company has given an update on the matter, saying that its website was attacked and a malicious script stealing credit card details was injected, affecting up to 40,000 people.

The company has issued an apology for the incident and says that it has contacted those it feels may have been directly affected. In a statement, OnePlus explains that over a two-month period, customers who entered their credit card details at oneplus.net may be at risk.

Continue reading →

Gaining threat intelligence from the dark web can be a difficult task for security providers due to its unstructured nature.

Similarly, when data breaches occur, companies often face the problem of knowing exactly which data has been exposed on underground marketplaces.

Continue reading →