Articles about Security

Password management service OneLogin has fallen victim to a serious attack. The company says that it "detected unauthorized access to OneLogin data in our US data region" -- this was blocked, but not before the attacker gained access to AWS keys and the ability to decrypt data.

The company warns that "all customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data." OneLogin has provided a guide for securing data, but it's possible that it may be too late for some people.

Continue reading →

Intel revealed in early-May that there is a critical security vulnerability in its Active Management Technology, which can be exploited to gain remote access to PCs. The feature is designed to help system administrators manage devices, so, due to its nature, it is more likely to affect enterprise users than consumers.

However, since the Surface line is popular with businesses, Microsoft wants to let its enterprise users know that no Surface devices are affected by the AMT vulnerability, despite it being offered in some of the processors available with its tablets and laptops.

Continue reading →

Realizing that its security settings were off-putting to many people due to being a shambolic mess, Facebook has rolled out a redesign which it says helps to improve clarity.

As well as giving greater prominence to the most important security settings, some options have been renamed. This comes after Facebook conducted some research into why users were clicking certain options but not changing them -- it turns out they had no idea what the settings actually did.

Continue reading →

Data security services company Egress has released data from the UK's Information Commissioner's Office (ICO) which shows that the health sector accounts for nearly half (43 percent) of all data breaches.

It also shows that human error, rather than external threats, is the main cause of incidents across every sector. Staff mistakes accounted for 49 percent of all breach incidents in the last quarter of 2016.

Continue reading →

A report published by the British American Security Information Council (BASIC) cautions that the UK's fleet of Trident submarines faces "growing potential for cyber-attack." The authors issue a stark warning that "a successful attack could neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads."

Government officials have long dismissed the risk of hacking the nuclear subs because they are not connected to the internet. But the report, entitled Hacking UK Trident: A Growing Threat, suggests that risk of malware infection during manufacturing or software updating are just two possible attack vectors that could lead to the compromise of nuclear weapons.

Continue reading →

Cyber attacks will cost businesses across the world $8 trillion in the next five years, according to a new Juniper Research report. Just to put things in perspective, India's entire GDP crossed $8 trillion two years ago.

The report says that we'll hit that threshold very soon due to higher levels of Internet connectivity, and inadequate enterprise-wide security.

Continue reading →

New research from the Ponemon Institute and risk assurance body Shared Assesments reveals a high level of concern among organizations about the security of IoT, yet a gap in understanding of how to mitigate and communicate the risks, especially as it relates to third parties.

The study of 553 individuals in industries such as financial services and healthcare reveals that 76 percent say a DDoS attack involving an unsecured IoT device is likely to occur within the next two years.

Continue reading →

TheShadowBrokers, the hacking group behind the leak of NSA malware, has announced further details of the "Data Dump of the Month" subscription service it has previously talked about. Now known as "TheShadowBrokers Monthly Dump Service," the launch sees the group switching from Bitcoin to Zcash as its currency of choice.

Signing up for the service will set interested parties back 100 ZEC (Zcash). As this equates to over $20,000, it's not a subscription that many people are likely to be taking out, particularly as there is no evidence that the group has more exploits to offer. The hacking group has previously said that it has Windows 10 vulnerabilities to expose.

Continue reading →

Google-owned Nest has unveiled the latest addition to its range of smart products -- the Nest Cam IQ. The new security camera not only boasts a 4K video sensor, but builds upon the motion detection feature offered by other similar cameras by adding facial recognition.

What this means is that the Nest Cam IQ is able to send out personalized alerts when it detects the presence of a particular person -- such as when your kids arrive home from school -- but it can also send out warnings when an unrecognized person is spotted. There's even Night Vision so it functions as a nighttime security camera.

Continue reading →

Millions of Android devices could have been affected by a new auto-clicking adware program found in apps developed by a Korean company.

Uncovered last week by security company Check Point malicious apps included a series of casual cooking and fashion games under the 'Judy' brand.

Continue reading →

Need a new business idea? How about you start offering DDoS protection as a service? What, you think it wouldn't work? Think again. A new report by Corero Network Security says it could work out nicely.

Out of its respondents, 82 percent see a "clear business opportunity" in providing DDoS protection as a service to its customers. Also, 93 percent see providing DDoS mitigation in relation to other types of security services as "high priority." This is up 10 percent compared to last year.

Continue reading →

The US is considering extending its laptop ban to all international flights to and from the country. Speaking on Fox News Sunday this weekend, Homeland Security Secretary John Kelly said there was a "sophisticated" terrorist threat which could see and expansion of the ban on devices larger than smartphones.

Back in March, citing a threat from terrorists "smuggling explosive devices in various consumer items," the Trump administration introduced an electronics ban on flights from a number of countries. If the ban was to be expanded, there would likely be a backlash from the increased number of people no longer able to take their laptops on flights as carry-on items.

Continue reading →

A letter signed by more than 30 major technology companies has been sent to the House Judiciary Committee calling for a number of key changes to be made to NSA surveillance. The letter, signed by the likes of Facebook, Twitter, Google and Mozilla, asks lawmakers to make a number of considerations when reforming Section 702 of the FISA Amendments Act.

The signatories refer to themselves as "U.S.-based companies that provide consumer and business technology, products, and services around the world through the use of electronic data." Their letter is timed to coincide with debate about the reform of Section 702 which is used to justify NSA surveillance programs, and is due to expire at the end of the year. There are calls for increased transparency and controls, as well as the suggestion that surveillance should be reined in.

Continue reading →

Although ransomware in some form has been around since 2005, a new survey of 5,000 US consumers reveals that for 57 percent the recent WannaCry attack was their first exposure to how it works.

The study by endpoint security company Carbon Black also shows that seven out of 10 consumers would consider leaving a business if it were hit by ransomware.

Continue reading →

Whitelists have traditionally been used as a way of limiting what users can do, but they're time consuming to maintain and keep up to date.

Florida-based Terra Privacy is addressing this with a system where destinations are continually inserted and removed from the whitelist in real-time, in concert with the user's activities.

Continue reading →