Articles about Security

Microsoft this week introduced a new version of Windows 10 aimed primarily at users in education, and designed as an alternative to Google’s Chrome OS.

The main difference between Windows 10 S, and Windows 10 Home/Pro is it only runs apps from the Windows Store. You can’t install programs from elsewhere, and this includes Chrome. This mean users can only install Microsoft-verified software which, the software giant says, will result in better security and superior performance. You don’t need to buy or install Windows 10 S to get this feature though, you can simply lock down an existing version of Windows 10.

Continue reading →

Around a quarter of banks are struggling to identify their customers when delivering digital and online banking services, according to Kaspersky Lab.

The latest findings from its Financial Institutions Security Risks survey show that 38 percent of financial institutions surveyed confirm that balancing prevention techniques and customer convenience is one of their specific concerns.

Continue reading →

A new ransomware-as-a-service product named 'Fatboy' has been advertised on Russian language forums. What makes it different is the way it uses a sliding scale to charge its victims.

Threat intelligence company Recorded Future has revealed that Fatboy uses the Economist's Big Mac Index -- designed to explain exchange rates -- to ensure victims in areas with a higher cost of living will be charged more to decrypt their data.

Continue reading →

A new report from information services specialist Neustar looks at the frequency and cost of DDoS attacks and what is being done to counter the threat.

In terms of revenue loss, three percent of organizations report average revenue loss of at least $250,000 per hour, with 51 percent taking at least three hours to detect an attack and 40 percent taking at least three hours to respond, that means an attack could cost over $2.5 million.

Continue reading →

Gmail users will now be protected from phishing attacks on their Android phones thanks to a new update from Google. The company is rolling out a new security feature similar to that found in the web version of Gmail, warning people when an email contains a suspicious link.

For now, the update is only rolling out to Android users, and Google has not indicated whether it will make its way to iOS in due course or not. The update comes just shortly after a phishing scam emerged in which recipients were encouraged to click on a link to open files purporting to be stored on Google Docs.

Continue reading →

Almost everything has its own day these days and May 4th is -- along with all the Star Wars puns -- World Password Day.

Cyber security firm Kaspersky Lab is keen to help people avoid common password problems and is calling for a standardization of password criteria.

Continue reading →

Part of the art of making a phishing attack successful is having a domain name that looks sufficiently similar to a legitimate one not to arouse suspicion in the target.

Research by threat intelligence specialist DomainTools has uncovered over 300 registered domains using the names of five of the UK's top high street banks.

Continue reading →

Healthcare data breaches hit an all-time high in 2016 resulting in the records of almost 16.6 million Americans being exposed as a result of hacks, lost or stolen devices, and unauthorized disclosure.

But the latest Healthcare Breach Report from data protection company Bitglass shows a sharp decline in breaches over the first quarter of 2017.

Continue reading →

Industrial robots make many of the things that we use in our everyday lives, from cars to domestic appliances.

If the world isn't to descend into chaos therefore, it's imperative that robots follow their programming. But a new report from the TrendLabs research arm of cyber security company Trend Micro reveals just how easily industrial robots can be hacked.

Continue reading →

It’s time to replace the traditional VPN and regain trust of your endpoints with a more secure and easier approach to remote access. VPNs have typically been the go-to solution for access to internal applications, with one-third of access requests to corporate networks coming from outside the firewall.

However, VPNs come with security drawbacks, including the increased risk of unauthorized remote access to sensitive data. Typically, they grant access at the network level, meaning every user with VPN rights can access the same applications that any other user can, which is a risky practice.

Continue reading →

While security is still heavily reliant on passwords, they represent a target for hackers and weak or reused choices offer an easy way into systems.

Security awareness training company KnowBe4 is releasing a free Weak Password Test (WPT) tool for organizations that use Active Directory, allowing them to check for multiple types of threats related to weak passwords.

Continue reading →

Many enterprises still rely on logs and data from a range of different security products to get a picture of user behavior, particularly where legacy mainframe systems are involved.

A collaboration between data analytics company Syncsort and application audit specialist Compuware is aimed at improving an organization's ability to detect threats against critical mainframe data, correlate them with related information and events and satisfy compliance requirements.

Continue reading →

It was supposed to have died a long time ago, but, for a near-cadaver, the password has managed to hold onto its last breath for over two decades. Bill Gates declared passwords passé way back in 2004, but it was only late in April that the company he founded introduced a replacement for the outmoded authentication system.

For years, organizations have sought to educate employees about the importance of secure passwords and of resisting phishing attacks -- and both efforts have failed. A Verizon report indicates that 63 percent of confirmed data breaches involved leveraging weak/default/stolen passwords in 2016. Meanwhile, a new report from Proofpoint says that phishing and similar attacks using e-mail were up 45 percent in the last quarter of that year. Clearly, the constant haranguing by security teams of employees to change their passwords and make them more complicated, as well as their pleas not to click on suspicious links/attachments, are falling on deaf ears.

Continue reading →

Ransomware grew 50 percent in just a year, according to a new report by Verizon. The Verizon Data Breach Investigations Report (DBIR) is based on the analysis of 79,000 security incidents and 1,945 confirmed data breaches, across 79 countries.

According to the report, ransomware also grew in popularity, and by a large margin. In 2014, it was the 22nd most common malware variety. Fast-forward two years, and now it’s fifth most common.

Continue reading →

Cyber attacks are a big problem for businesses and since many of them are caused by human error training employees to spot the signs of an attack is vital.

Yet many companies lack the resources to carry out the level of education needed, which is why security software company ESET is launching a new, free cyber security awareness training program.

Continue reading →