Articles about Security

With the launch of the iPhone X, Apple unleashed Face ID biometrics on the world. During a demonstration of the feature there was a SNAFU when Face ID failed to work as intended (due, Apple says, to staff playing around with the device beforehand), and there are many questions hanging over the idea of using one's face to unlock a phone -- Senator Al Franken has many questions, for example.

Among the questions posed by Franken and others are queries such as "what's to stop someone using a photo or mask to unlock my phone?", and "if a mugger steals my phone, could they not unlock it just be holding it in front of my face?" Good points, though Apple Senior VP Craig Federighi says there are built-in measures to prevent such instances of unauthorized unlocking.

Continue reading →

Chrome will stop trusting any security certificates issued by Symantec, Google has confirmed.

In a blog post, Chrome Security's Devon O’Brien, Ryan Sleevi and Andrew Whalley say that certificates from the security firm will be "distrusted," starting with version Chrome 66. This affects all certificates issued before June 1, 2016.

Continue reading →

From the moment Apple started to talk about Face ID, there were concerns voiced about privacy and security. It's not just security experts and potential users who have these worries; Senator Al Franken has written to Tim Cook asking for details about the safeguards Apple has put in place to protect users.

On top of this, Franken wants to know more about how Apple trained the Face ID algorithm, and seeks assurances that third parties will not be able to access or be granted access to Face ID data.

Continue reading →

Cyber criminals supplementing their income by mining cryptocurrencies like Bitcoin is nothing new. Usually this has been done by installing malware or PUPs on the machines of unsuspecting users.

But now researchers at ESET have discovered a new method of mining cryptocurrencies, which can be done directly within your web browser, using JavaScript. This gives attackers the potential to reach a greater number of victims, by infecting websites, rather than by targeting individual machines.

Continue reading →

Most app stores are still failing to adequately protect their users from malicious and fraudulent app downloads.

This is one of the findings of a new report by threat management company RiskIQ which analyzed 120 mobile app stores and more than 2 billion daily scanned resources.

Continue reading →

The Department of Homeland Security has told US government agencies to remove Kaspersky software from their systems. The directive was issued because of concerns about influence exerted over the company by the Russian government.

Government agencies have been given three months to identify and start to remove Kaspersky's security products. Kaspersky has constantly denied connections to the Russian government, but the US is simply not willing to take the risk.

Continue reading →

A recent report from Check Point Research suggested that the presence of Windows Subsystem for Linux (WSL) in Windows 10 poses a security risk to Microsoft's operating system. Researchers from Check Point highlighted the issue of Bashware attacks which use WSL to bypass security products.

Microsoft, predictably enough, disagrees with the findings -- and so do other researchers. The Windows-maker says it views the risk of Bashware as "low". But is the company being too dismissive?

Continue reading →

With internet threats showing no signs of slowing down, it's vital to keep all of your devices protected and this applies in the home as much as the workplace.

With the launch today of its latest consumer products, McAfee is aiming to protect against threats as well as offering online privacy and safety for the whole family.

Continue reading →

It's widely accepted that there is a shortage of people with cyber security skills, yet a new study shows that companies are failing to give IT professionals -- the people implementing and operating security strategies for most organizations -- the training and responsibility they need to take on a more proactive cyber security role.

The study, from security training company (ISC)2 also reveals that many IT professionals feel their security guidance is being ignored by business leadership.

Continue reading →

Armis Lab, the Internet of Things security firm, has revealed details of BlueBorne, a Bluetooth vulnerability that affects millions of iOS and Android smartphones, IoT devices, and Windows and Linux systems. In all, 5.3 billion devices are believed to be at risk.

The BlueBorne attack makes it possible for an attacker to spread malware or take control of nearby devices. What's particularly concerning is that for an attack to be successful, there is no need for device pairing, or even for a target device to be in discoverable mode. There's also no need for any sort of interaction by the victim -- everything can happen completely silently in the background.

Continue reading →

Every home should have a Wi-Fi security camera nowadays. They are convenient, easy to use, and very affordable. It used to be a rather expensive affair to have security cameras installed in a home. Now? Not so much. Not only do they let you monitor your home remotely for security reasons, but they can help you keep an eye on family members and pets too.

Today, popular network hardware manufacturer TP-Link releases an all-new Wi-Fi security camera, and it looks rather nice. Called "KC120 Kasa Cam," it is inexpensive, making it a product homeowners should consider. It even comes with free cloud storage. The camera has some nice features and specs, such as 1080p video, night vision, activity alerts, 2-way audio communication, and an adjustable magnetic base for easy placement.

Continue reading →

While many people welcomed the arrival of Windows Subsystem for Linux (WSL) in Windows 10, it has been found to be a potential security issue. A new technique known as a Bashware has been discovered by security researchers that makes it possible for malware to use the Linux shell to bypass security software.

While administrator access is needed to execute a Bashware attack, this is fairly easily obtained, and the technique can be used to disguise malicious operations from antivirus software and other security tools. Researchers from Check Point Research point out that the danger stems from the fact that "existing security solutions are still not adapted to monitor processes of Linux executables running on Windows."

Continue reading →

The second quarter of 2017 saw over 18 percent more adverts containing blacklisted content -- phishing, scams, exploit kits, and malware -- than Q1 according to a new report.

The study from threat management company RiskIQ shows some seasonal changes in the pattern of traffic, with a 24.2 percent drop in exploit kits, and a 42.7 percent drop in malware. However this was more than offset by a huge 131.3 percent rise in phishing-related ads.

Continue reading →

The ever-changing security landscape, which revolves around advanced and sophisticated threats aimed at data exfiltration and cyber espionage, has spawned a new breed of technologies. They are focused more on detection and response (EDR) rather than antimalware and anti-spyware capabilities, which are addressed by endpoint protection platforms (EPP). The combination of these technologies will set a new standard for security, providing an approach based on the most used and trusted solutions today.

Consequently, security companies have begun incorporating data protection and device management features into legacy EPP solutions, which in 2015 was an estimated $3.2 billion market. This change is an attempt to expand capabilities and tap into a new market that has typically been segregated from traditional security. Conversely, EDR vendors have begun integrating endpoint protection technologies to keep up with the new functionalities added by EPP vendors.

Continue reading →

Ransomware remains one of the most serious threats to organizations of all sizes, but traditional signature-based detection methods can struggle to identify the latest attacks.

Endpoint security company Carbon Black is launching its latest Cb Defense next-generation anit virus (NGAV) solution using 'Streaming Ransomware Protection' designed to detect and prevent attacks, even if the ransomware employs fileless techniques or unknown tactics.

Continue reading →