Articles about Security

The increase in the number and variety of connected devices has made enterprise IT environments much more complex.

Maintaining security and compliance is a tricky problem and IoT security specialist ForeScout is integrating with IBM Security solutions to offer users stringer endpoint protection and automated risk mitigation.

Continue reading →

The distrust -- at least publicly -- that the US shows for Russia is well-known. Following concerns about potential espionage from the Kremlin, the government has banned the use of Kaspersky software on its systems.

This ban has now been cemented into law as President Trump signed a bill forbidding the use of Kaspersky Lab software on government computers.

Continue reading →

A new study of over 1000 US office workers finds that 99 percent of those surveyed admit to conducting at least one potentially dangerous security action, from sharing and storing login credentials to sending work documents to personal email accounts.

The survey by cloud business solutions provider Intermedia finds that 24 percent of office workers reuse the same login credentials for their work and personal accounts.

Continue reading →

Security polices for USB devices are frequently outdated and inadequate, and enterprises are often failing to monitor their use, according to a new survey.

The study by encrypted drive specialist Apricorn reveals that while nine out of 10 employees rely on USB devices today, only 20 percent of them are using encryption on those devices. Eight out of 10 employees use non-encrypted USBs, such as those received for free at conferences, trade events or business meetings.

Continue reading →

By impersonating brands and fooling consumers, malicious mobile apps are on the increase, according to digital threat management leader RiskIQ in its latest Q3 mobile threat landscape report.

Apps available outside of official stores are most likely to be malicious. Google’s percentage of malicious apps decreased to a low of four percent in Q3 after reaching a high of eight percent in Q2. However, one of the most prolific creators of malicious apps worked exclusively in the Play store.

Continue reading →

The latest Global Threat Index from cyber security specialist Check Point reveals that the Necurs spam botnet -- reckoned to be the largest in the world -- is being used to distribute one of the latest ransomware threats.

During the Thanksgiving holiday in the US, Necurs sent over 12 million emails in just one morning, distributing the relatively new Scarab ransomware, first seen in June 2017.

Continue reading →

Google's Chrome browser has something of a reputation for being memory-hungry. With the release of Chrome 63 this image is not going to be shed -- a new security feature increases memory usage even further.

The latest desktop version of the browser includes a new Site Isolation feature which launches individual sites -- all sites, or a specific list -- in sperate processes. While this is something that will be of particular interest to enterprise users because of the added security it brings, it's something that will appeal to any security-minded user who is willing to shoulder a 10-20 percent increase in Chrome's memory usage.

Continue reading →

Researchers from security firm GuardSquare have discovered an Android vulnerability that allows for app code to be edited without affecting the apps' signature. Dubbed Janus, the vulnerability has massive potential for malicious use, and affects Android 5.0 onwards.

The security hole would allow an attacker to tweak an entirely legitimate app to behave maliciously without triggering any security alerts. Although vulnerability CVE-2017-13156 has been patched in December's Android update, very few people will have access to this security fix.

Continue reading →

Deception in its various embodiments is becoming a critical part of organizations' security infrastructure. According to Gartner, the need for better detection and response is creating new opportunities for security stack automation, integration, consolidation and orchestration while also driving the emergence of new segments like deception.

These trends set up the perfect match of deception and automated detection and response or ADR.

Continue reading →

A new report from anti-malware specialist Malwarebytes says that the volume and sophistication of cyber attacks is growing thanks to an increase in organized cyber crime it dubs the 'New Mafia'.

Ransomware attacks up to the end of October have surpassed total figures for 2016 by 62 percent. In addition, there has been an almost 2,000 percent increase in ransomware detections since 2015 -- rising to hundreds of thousands in September 2017 from less than 16,000 in September 2015.

Continue reading →

As online retailers gear up for their busiest period of the year, how prepared are they to face the threat of cyber attacks?

A new study from cyber security company Tripwire reveals that just 28 percent of respondents say they have a fully tested plan in place in the event of a security breach.

Continue reading →

Secure Shell (SSH) provides a secure channel for communication over unsecured networks and is therefore a popular technology in the financial services sector.

But a new study for machine identity protection company Venafi shows that even though SSH keys provide the highest levels of administrative access, they are routinely untracked, unmanaged and poorly secured.

Continue reading →

Endpoint protection company enSilo has used this week's Black Hat Europe conference in London to reveal how Microsoft Windows features can be used to slip malicious ransomware and other threats past most updated, market-leading AV products.

enSilo researchers demonstrated how, by manipulating how Windows handles file transactions, they could pass off malicious actions as benign, legitimate processes, even if they use known malicious code.

Continue reading →

Third-party Android and iOS keyboard ai-type is at the center of something of a privacy nightmare after a misconfigured database leaked the personal details of more than 31 million of its users.

Researchers at Kromtech Security Center discovered an unprotected database had been exposed by developers, revealing incredibly detailed information about its users. The database was found to be freely available for anyone to download, with no password required to access a treasure trove of information.

Continue reading →

A market cap of over $350 billion, daily volumes in excess of $10 billion, fast rising prices, a growing number of investors and little to no regulation all combine to make the cryptocurrency space a prime target for hackers. What's more, security is not exactly a main priority for many investors and exchanges, as numerous thefts go to show.

Making things even more complicated is the fact that lots of cryptocurrency apps, that let investors and trader store coins, have dangerous vulnerabilities that hackers can exploit to steal users' funds.

Continue reading →