Articles about Security

Just as Kaspersky says that it will open up its source code in the name of transparency, so McAfee has indicated something of a step in the other direction. The security software manufacturer has announced that it is no longer going to allow foreign governments to scrutinize its code.

The practice was originally introduced to help convince other countries -- particularly Russia -- that its software did not include backdoors that could be used for espionage. But there have been concerns that opening up source code to examination could also give foreign powers the ability to detect and abuse vulnerabilities.

Continue reading →

Using passwords to get online may soon be a thing of the past thanks to a new launch from Intel.

The computing giant has revealed that its Intel Online Connect service will now ship in all 7th and 8th-generation Core processors, allowing users a smoother and easier way to get online quickly using just a fingerprint -- with users of Lenovo's latest PC devices the first to benefit from safer browsing.

Continue reading →

Nation-state attacks and hacktivists are among the biggest worries for IT security professionals according to a new study.

The report by AI security company Cylance and the Enterprise Strategy Group shows that 82 percent of respondents are concerned or extremely concerned by the threat posed by nation-states, and 79 percent are by the threat of hacktivists.

Continue reading →

Conventional antivirus solutions are failing to protect users from attacks according to a  Malwarebytes report.

The study is based on real-world clean up scans performed by Malwarebytes. Nearly 40 percent (39.18percent) of all malware attacks cleaned on endpoints with an AV installed occurred on endpoints that had two or more traditional AV solutions registered.

Continue reading →

As the adoption of Internet of Things (IoT) and other connected devices increases and is projected to reach over 50 billion by 2020, Arm has unveiled a new systems architecture aimed at securing and protecting these devices from being exploited by cyber attackers.

The British semiconductor firm unveiled its new Platform Security Architecture (PSA) which is designed to serve as a common industry framework for developers and hardware manufacturers to increase the security of devices built on its system-on-a-chip (SoC) Cortex processors.

Continue reading →

Earlier in the month, news emerged that Kaspersky software had been used by Russian hackers to identify and steal sensitive NSA files from a US computer. Following the revelation, Kaspersky Lab started an investigation, and now the company has published its findings.

Kaspersky concedes that its software had indeed identified classified NSA data -- specifically a hacking tool -- but says that it was unintentional. The unearthed source code was attributed to the Equation Group, and company head Eugene Kaspersky ordered the code be destroyed when the matter was reported to him.

Continue reading →

Yesterday, Bloomberg ran a story suggesting that Apple had faced problems getting the iPhone X to market on time. In an attempt to speed up production, Bloomberg said Apple gave suppliers permission to reduce the accuracy of its Face ID face recognition feature.

But Apple refutes this claim, dismissing it as "completely false" -- but Bloomberg is standing by its story.

Continue reading →

The ongoing debate between law enforcement agencies and device manufacturers over customers' digital privacy was a major point of discussion during the San Bernardino terrorist attack in 2016 and now the FBI has revealed that it was unable to access almost 7,000 devices because of encryption in this year alone.

At the International Association of Chiefs of Police conference in Philadelphia, FBI Director Christopher Wray brought up the issue in a speech to highlight how law enforcement agencies are still at a loss as to how to access the data on mobile phones protected with encryption.

Continue reading →

News broke earlier about the spread of a new form of ransomware going by the name of Bad Rabbit. It name drops Game of Thrones and bears more than a passing resemblance to WannaCry and Petya.

While the main impact of Bad Rabbit has been felt in Eastern Europe, some instances of the ransomware have also been detected in the US. Thankfully, it's relatively easy -- and free -- to protect your computer. By simply tweaking a couple of files, you can stop the ransomware in its tracks.

Continue reading →

The cyber security industry continues to face a skills crisis, but a new study from security vendor ProtectWise and analyst ESG suggests that the adoption of new technologies could be instrumental in attracting new talent.

The survey of over 500 16 to 24 year-olds finds that 74 percent say that the use of gaming and VR technology in the fight against cyber crime would increase the likelihood of them pursuing a cyber security career.

Continue reading →

The recent crackdown on popular dark web markets AlphaBay and Hansa is driving cyber criminals to migrate to messaging apps like Discord, ICQ, Skype, Telegram and Whatsapp, according to a new report.

The study from threat management company IntSights analyzed thousands of black markets, text storage/paste sites, hacking forums, IRC channels, apps and social media pages, and uncovers a steady increase in threat actors inviting cyber crime forum users to join their chat groups.

Continue reading →

A new strain of ransomware -- dubbed Bad Rabbit -- has struck in Russia, Ukraine and other parts of Eastern Europe. It is thought to be a variation on Petya due to a number of similarities, and it is wreaking havoc with media outlets and transport systems, including an airport in Ukraine, and the underground in Kiev.

Like many other forms of malware, Bad Rabbit was initially spread through a fake Flash installer, but it was then able to spread via networks to hit a larger number of machines. The spread of the ransomware is further facilitated by using the open source Mimikatz for extracting credentials, and DiskCryptor for encrypting data.

Continue reading →

Recent breaches like that at Equifax have highlighted the importance of supporting victims with identity management services in the aftermath of an attack.

Identity and data defense firm CyberScout is launching a comprehensive marketplace for identity management, privacy, and cyber security education products and services, aimed at providing individuals with a one-stop-shop solution for all services relating to cyber protection.

Continue reading →

Operational technology networks are used with specialized Industrial Control Systems (ICS) to monitor and control physical processes such as assembly lines, mixing tanks, and blast furnaces. These networks are ripe targets for adversaries according to a new study from industrial cyber security company CyberX.

Many of these networks are exposed to the public internet and easy to crack using simple vulnerabilities like plain-text passwords. Lack of even basic protections like antivirus can enable attackers to quietly perform reconnaissance before sabotaging physical processes.

Continue reading →

Maintaining security in the cloud and container environments is an increasing problem according to a new survey.

The study by intrusion detection platform Threat Stack finds that 31 percent of those interviewed say they are unable to maintain security as their cloud and container environments grow. As a result, 62 percent say that they’re seeking greater visibility into their public cloud workloads.

Continue reading →