Articles about Security

E-signature and security firm DocuSign has confirmed a data breach in which attackers gained access to a database containing customer email addresses. The company says that no other data was revealed in the security breach, but it led to a large phishing campaign.

Attackers used the stolen email addresses to spam people with emails containing an infected Microsoft Word document. The company insists that its core service remains secure, but coming in the wake of the WannaCry ransomware attack, people around the world are on high alert.

Continue reading →

As last Friday's WannaCry (WannaCrypt) ransomware attack continues to cause ripples around the globe, links have emerged between the malware code and the infamous Lazarus Group.

Lazarus is the group responsible for attacks on the Bangladesh Central Bank last year, Sony Pictures Entertainment in 2014, and more financial attacks in at least 18 countries.

Continue reading →

As cyber attacks and security breaches continue to make the headlines, a new study suggests that three out of five companies expect to suffer a breach this year.

The latest Market Pulse survey from identity management company SailPoint also reveals that 33 percent believe they may not even know they’ve been breached.

Continue reading →

The Trump administration is considering a further expansion of the ban on using laptops on commercial flights to cover European travel.

According to Reuters , the US government is reviewing how to make sure lithium batteries that get stored in the luggage don’t explode during flights.

Continue reading →

If the WannaCrypt ransomware attack of the last few days has taught us anything it should be the importance of patching systems to guard against attack.

Yet a study released today suggests the message isn't getting through. The latest US country report from Flexera Software reveals the percentage of US PC users with unpatched Windows operating systems was 9.8 percent in Q1, 2017, up from 7.5 percent last quarter and 6.5 percent in Q1, 2016.

Continue reading →

What seemed to have begun as just another ransomware attack hit the headlines last Friday (May 12th) when it began to attack hospitals and healthcare services in the UK.  It became clear pretty quickly that this was in fact something much bigger however, with problems reported at businesses and government bodies around the world.

Infections by the malware known as WannaCrypt or WannaCry, began in Spain with the Telefonica telecommunications giant one of the first to be hit. It then quickly spread to the United Kingdom, Russia, Japan, Taiwan, the United States, and many others. In total, over 150 countries have been affected by the ransomware since Friday, according to Europol.

Continue reading →

I’ve certainly been highly critical of Microsoft in the past, particularly last year when the company began forcing Windows 10 on to users.

But in the past couple of days I have to admit that I’ve been impressed by the software giant’s response to the global WannaCrypt/WannaCry crisis, and not just in patching Windows XP.

Continue reading →

Microsoft stopped supporting Windows XP back in 2014, but today it releases one more security update for the ancient OS.

The software giant is taking this "highly unusual" step to fight back against the WannaCrypt ransomware cyber attacks that have so far hit nearly 100 countries around the world. And XP is not the only unsupported system receiving this patch.

Continue reading →

In some ways, the new research claiming that people are still the biggest threat to cyber security is hardly surprising; this has been the case for years now. What is surprising is that even with the GDPR only one year away, this hasn't moved on. It seems that organizations are aware of the problem, which of course is a good thing, but isn't it time we began to see research saying that people aren't a threat anymore because organizations have secured their systems against these types of threats and educated their workforces in the process. That kind of research would be much more heartening. Especially so when other research suggests that there's an IT skills shortage coming soon that could make it even more difficult for organizations to secure themselves against cyber threats.

The Institute of Information Security Professionals (IISP) is behind the new research claiming that people are still the biggest threat to cyber security. The research suggests that people are still not cautious enough about phishing scams such as links or attachments in emails or about visiting websites that might not be safe. The IISP also suggests that there is a lack of technical skill that causes problems and interestingly, it also claims that another problem is with organizations making poor critical decisions around strategy and budgets, suggesting that organizations are not focused on the right ways to prevent cyber attacks.

Continue reading →

Hospitals and doctors' surgeries across the UK have been hit by what is being described as a large scale ransomware attack.

The attack is believedto have begun at around 1:30 pm today. Areas affected include East and North Hertfordshire, North Cumbria, Blackpool, and Barts Health in London.

Continue reading →

Mention the US and Russia in the same sentence and the mind naturally wanders to three things. Firstly, the alleged links between the Trump administration and Russia, secondly whether or not the FBI investigation of these alleged links led to the dismissal of Comey, and thirdly whether or not Russia interfered with the US election.

But now the US government is reviewing whether or not to continue to use Russian-made security software from Kasperksy. Defense Intelligence Agency director Vincent Stewart says "we are tracking Kaspersky and their software." He does not elaborate or give reasons, but there have been -- as yet unsubstantiated -- claims that Russia has been using Kaspersky software to spy on America. The director of the NSA is "personally involved" in monitoring the company.

Continue reading →

ModZero security researchers have uncovered an unexpected behavior in an HP audio driver. The package, which is offered by the electronics maker through its website, secretly registers "all keyboard input," effectively working as a keylogger. Question is, is this a bug or a feature?

It is not abnormal for an audio driver to look for when certain keys are pressed, as, for instance, if you press the volume down button on the keyboard the driver needs to intercept that keystroke so it does what you asked it to, but it is uncommon for one to cast such a wide net, and, as a result, put users' private information, like usernames, passwords, personal communication and so on, at risk.

Continue reading →

Come on, people. We’re almost halfway through 2017, and you’re still opening shady email attachments? Glasswall Solutions seems to think so. As a matter of fact, its new report says UK workers are "too trusting" of email attachments.

More than half, 58 percent, "blindly" open email attachments from unknown sources. Three quarters, 75 percent, recognize how often they get shady emails. Just 16 percent thinks they should be worried about a cyber-attack.

Continue reading →

So called 'newsletter bombs' are increasingly being sent to the publicly known email addresses of journalists, companies, and also dot-gov email addresses. These attacks send thousands of fake newsletter sign-up emails to targeted email addresses rendering the attacked mailbox useless.

According to German secure email service Tutanota, which had its own main contact address targeted, these attacks are easy to execute because most newsletter sign-up forms have no protection against malicious bot sign-ups.

Continue reading →

A new report from Panda Security's PandaLabs research arm reveals that real time attacks that involve direct interaction with the victim are on the rise.

It also shows the increasing professionalism of cyber criminals. Highly specialized groups are forming in fields like the creation and distribution of malware and exploits. An example covered by PandaLabs is the RDPatcher attack, the purpose of which is to put the victim’s computer up for sale on the black market for use in a bot network.

Continue reading →