Articles about Security

Apple has only just released macOS High Sierra, but before the update was even out of the door, a 0-day vulnerability had been discovered. A flaw in the Mac keychain makes it possible for malicious applications to steal the contents of the keychain, including plaintext passwords. It affects not only High Sierra, but also older version of macOS.

The way keychain works means that it should not be possible for the keychain to be accessed without providing the master password, but the vulnerability bypasses this requirement. The problem was discovered and demonstrated by security researcher Patrick Wardle from Synack, who is also a former NSA hacker.

Continue reading →

Five percent of all small and medium-sized companies in the entire world were victims of a ransomware attack in 2016 alone, with the money paid out to reclaim data reaching new highs, new research has revealed.

Datto's new State of the Channel Ransomware Report found that an estimated $301 million (£222 million) was paid to ransomware hackers from 2016-2017.

Continue reading →

Global accountancy firm Deloitte -- known as one of the "big four" -- has been hit by a sophisticated hack. With echoes of the Equifax data breach and CCleaner hack, the cyberattack went undetected for months and results in confidential emails being accessed, as well as company plans, and the private information of high-profile, blue-chip clients.

Deloitte says that only a small number of its clients have been affected, but the size and importance of those that it deals with -- including US government departments -- means that even a limited number could have great impact. The firm is said to have discovered the hack in March, but it is possible that attackers gained access as long ago as October 2016.

Continue reading →

Keeping Windows up to date with the latest fixes is a major challenge for enterprise IT teams and can leave endpoints vulnerable, according to a new report.

The study from systems management company Adaptiva reveals that 59 percent of companies take up to a month or longer to complete Windows OS updates.

Continue reading →

One of the UK’s leading security experts has called for a major shake-up in the way businesses train their employees in online safety.

Symantec CTO Darren Thomson said that workers can effectively be an extra layer of protection for companies looking to prevent themselves falling victim to cyber-attack.

Continue reading →

Russian hackers successfully compromised election systems in some states during the 2016 election. There have long been suggestions that Russia tried to influence the outcome of the Trump vs Clinton election, and now the Department of Homeland Security has informed 21 states that their systems were targeted.

This means that the DHS has concerns about almost half of the states of America, but so far only Illinois has been confirmed as having been successfully compromised.

Continue reading →

Every month, almost 1.5 million new phishing websites are created. This is according to a new report by Webroot, showing just how big of an industry phishing really is.

The Webroot Quarterly Threat Trends Report says that 1.385 million new phishing sites are created every month. May was the busiest of them all, with 2.3 million sites created.

Continue reading →

Hacking outranks other threats including climate change, nuclear power, hazardous waste, and government surveillance in Americans' perceptions according to a new survey.

The study by cyber security company ESET asked randomly selected adults to rate their risk perception of 15 different hazards. Six of the hazards were cyber-related while the rest were other forms of technology hazard.

Continue reading →

Almost two billion data records were either lost or stolen in the first half of this year, according to a new report by Gemalto.

The company found that 1.9 billion records were lost or stolen during the first half of 2017 -- more than in the whole of last year, and equivalent to 10,439,560 records per day -- or roughly 3,000 whilst you read these few sentences.

Continue reading →

Security researchers from Adguard have issued a warning that the popular GO Keyboard app is spying on users. Produced by Chinese developers GOMO Dev Team, GO Keyboard was found to be transmitting personal information about users back to remote servers, as well as "using a prohibited technique to download dangerous executable code."

Adguard made the discovery while conducting research into the traffic consumption and unwanted behavior of various Android keyboards. The AdGuard for Android app makes it possible to see exactly what traffic an app is generating, and it showed that GO Keyboard was making worrying connections, making use of trackers, and sharing personal information.

Continue reading →

The UK government has made no secret of its dislike of encrypted messaging tools, and it has made frequent reference to the problems WhatsApp causes it with regard to investigations into terrorism. Calls have been made by the government to force companies to allow access to encrypted content when asked.

In the wake of Theresa May's "more needs to be done about extremist content" speech, it has emerged that WhatsApp refused to add a backdoor that would allow the government and law enforcement agencies to access private conversations.

Continue reading →

The Librem 5 smartphone by Purism has a long and difficult road ahead of it. Competing against the likes of Apple and Google on the mobile market has proven to be a death sentence for many platforms -- including Microsoft with its failed Windows 10 Mobile. With that said, I am rooting for Purism and its Pure OS, as the world would benefit from a device that uses Linux and focuses on both privacy and security. Such an alternative to iPhone and Android would be a breath of fresh air.

Luckily, Purism has found itself a new partner on this project -- one of the most important organizations in the Linux community -- The GNOME Foundation. Yes, the maker of the absolute best desktop environment is offering to assist with the Librem 5 -- if it is successfully crowdfunded, that is. To date, it is only about 33-percent funded, although there is still more than a month to go.

Continue reading →

One of the hardest things for security teams to do is accurately evaluate the level of risk that their organization is facing.

Cyber security firm Nehemiah Security is launching the latest version of its AtomicEye RQ (Risk Quantifier) platform that can calculate a system's exploitability and generate comprehensive risk reports.

Continue reading →

Effective password management is essential in helping to control data breaches, but employees often use the same passwords for both work and personal use, leaving corporate data potentially exposed.

Password management company Dashlane is launching its new Dashlane Business 2.0 enterprise password solution.

Continue reading →

Despite training and other efforts to combat the problem, phishing is still proving a remarkably effective tactic for cyber criminals according to a new report.

The study by cloud business applications company Intermedia shows that while 70 percent of office workers say that their organization regularly communicates with employees about cyber threats as a means of prevention, there are significant gaps between confidence and effectiveness.

Continue reading →