Articles about Security

The dust hasn’t even settled around WannaCry, another ransomware appears. This one was detected by ESET and identified as Win32/Filecoder.AESNI.C.

Security researchers dubbed it XData ransomware. It appears mostly in Ukraine (96 percent of cases). The outbreak seems to have started on May 17, reaching its peak on May 19.

Continue reading →

According to Thales' new report almost two thirds (63 percent) of businesses in the UK increased their cyber security spending this year, which is a jump from last year's 54 percent.

However, despite this, 43 percent were breached last year (Thales fails to mention the percentage difference compared to a year earlier, though). More than four fifths (84 percent) still feel vulnerable to threats, with 20 percent feeling "very" or "extremely" vulnerable.

Continue reading →

Microsoft is rumored to have acquired Israeli cybersecurity startup Hexadite in a deal worth around $100 million.

The startup was founded in 2014 and its primary focus is identifying cyberattacks through the use of artificial intelligence (AI). By connecting a number of cybersecurity detection systems that are already in place, Hexadite then uses AI to analyze threats automatically as they present themselves.

Continue reading →

A new survey of security professionals reveals that 83 percent say colleagues in other departments turn to them to fix personal computer problems.

The study by security management company FireMon shows a further 80 percent say this is taking up more than an hour of their working week, which in a year could equate to more than $88,000.

Continue reading →

Biometric authentication may be more convenient than a PIN or password, but it is not as secure as you might be lead to believe. The iris scanner on the Galaxy S8 can be defeated with a photo and contact lens, despite Samsung's claims that it offers "airtight security" and provides "one of the safest ways to keep your phone locked and the contents private."

If this has you worried, Samsung says that it is "difficult for the whole scenario to happen in reality," even though the hack "appears simple." The company believes that having the right tools in the first place can prove to be problematic for anyone attempting to defeat the iris scanner.

Continue reading →

A security vulnerability in the popular Samba networking utility could leave unpatched machines open to an attack similar to WannaCry. A single line of code is all that’s needed to exploit the vulnerability, but it is reliant on a number of prerequisites.

The vulnerability has been assigned the ID CVE-2017-7494 and is described as "remote code execution from a writable share" which could allow "malicious clients [to] upload and cause the smbd server to execute a shared library from a writable share." Security researchers say that the flaw is very easy to exploit, and tens of thousands of machines have been found to be running versions of Samba for which a patch does not exist.

Continue reading →

Four in ten organizations in the US and Western Europe believe C-level executives are the most at risk of cyber attacks when working outside the office.

That's according to research by iPass, whose Mobile Security Report 2017 says that coffee shops and cafes are the riskiest venues (42 percent), followed by airports (30 percent), hotels (16 percent) exhibition centers (seven percent) and airplanes (four percent).

Continue reading →

Security researchers from Check Point have discovered a major vulnerability in popular media players, like VLC, Kodi and Popcorn Time, which leaves users vulnerable to hacker attacks via malicious subtitles. The security firm estimates that the number of potential victims is around 200 million.

Media players give users the option to load subtitles from repositories, which can be tricked by attackers to rank their altered subtitles higher. This leads to those malicious subtitles being recommended to the user. If they are loaded, attackers can gain control over "any device running them." Check Point notes that the "potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more."

Continue reading →

Companies have to deal with an increasing number of cyber threats. To allow them to stay in touch with this ever evolving landscape they need up to date intelligence.

With the launch of its Threat Intelligence Portal, Kaspersky Lab is enabling security operation center operators to be able to work more efficiently while facing hundreds and thousands of threat alerts.

Continue reading →

If you want to secure your Samsung Galaxy S8, relying on the iris scanner to keep it locked is not the best idea. That's because it can be easily fooled using just a printed photo and a contact lens.

This reinforces the belief that biometric authentication is -- at least for now -- less secure than traditional options, like PINs and passwords, which have the advantage of not being tied to a physical trait that can be easily exploited by hackers, thieves or the authorities.

Continue reading →

With thousands of stolen account details available for sale on the web, cyber criminals are turning to new methods using them efficiently to try to break into accounts.

According to a new report by risk analysis specialist Digital Shadows, 'credential stuffing' tools are the latest technique being used to automate attempts at account takeover.

Continue reading →

There have been numerous cases recently of travelers being forced to unlock their phones by security staff at airports. If you have all of your passwords for apps and online accounts stored in a password manager, this could mean that vast amounts of personal data become accessible -- but 1Password has a solution.

A new feature called Travel Mode enables users of the app to mark certain passwords and other data as "safe for travel." When the mode is activated, everything else which has not been flagged in this way is temporarily deleted from the device so it cannot be accessed.

Continue reading →

Now might be a good time to consider that job as a chief information security officer you always wanted, because salaries are skyrocketing.

Thanks to an ever-increasing number in breaches, and the damage these breaches are causing, businesses in Europe have begun offering much better salaries to their CISOs.

Continue reading →

According to a survey conducted by Lepide, a leading security auditing solutions provider, 60 percent of companies are still not able to determine who has access to their critical data. The survey was conducted during a variety of trade shows including Infosec Europe, RSA Singapore, and DataConnectors Pittsburgh, and involved 250 face-face interviews.

A common misconception amongst organizations is that all cyber threats originate from outside their organization, yet according to a report published by mcafee.com, 43 percent of data breaches were the result of malicious or incompetent insiders. This problem is emphasized by the continuous surge in healthcare related breaches. For example, according to a report published by Protenus, of the 31 health data breaches disclosed in January 2016 "59.2 percent of breached patient records were the result of insiders."

Continue reading →

There have already been suggestions that the now infamous WannaCry ransomware was the work of the North Korean hacking group Lazarus. Security firm Symantec now says it is "highly likely" that Lazarus is to blame, having unearthed further evidence of the re-use of code from other attacks by the group.

But while the links to Lazarus are strong, North Korea denies that it was involved in any sort of state-sponsored attack, dismissing such claims as "a dirty and despicable smear campaign." It is thought that the group -- also responsible for attacking Sony Pictures and stealing $81 million from the Bangladesh Central Bank -- operated independently for personal gain.

Continue reading →