Articles about Security

Hajime, a mysterious IoT botnet, now controls almost 300,000 devices, according to a new report by Kaspersky Lab. The report also states that the botnet's true purpose is still unknown.

Kaspersky says the malware, whose name means "beginning" in Japanese, first appeared in October 2016. Since then it has evolved into a decentralized group of compromised machines that discretely perform either spam or DDoS attacks.

Continue reading →

Anyone would think zero-day attacks are unpreventable following a recent claim from one leading cyber-security vendor. FireEye this year claimed to have discovered "29 of the last 53 zero-day attacks." 24 exploits remained undetected, yet this was still presented as some kind of monumental achievement. Such a statement leaves little comfort for the businesses who found themselves victims, so is it time to just give up completely and let the cyber criminals take over?

It certainly feels that way, even while threats intensify and Locky ransomware rears its ugly head in new forms with renewed malevolence.

Continue reading →

Securing systems is essential, but many businesses continue to take a reactive approach to protection using dated tools and techniques.

A new report by technology trade association CompTIA highlights the need for companies to adopt proactive measures to identify weak links before they are exploited, broaden the security skills of their technology professionals, and implement top to bottom security training throughout the organization.

Continue reading →

According to a new report from systems security specialist Thales e-Security and 451 Research, US federal agencies are facing threats caused by legacy systems, spending and staffing issues.

65 percent have experienced a data breach at some stage in the past with 34 percent having one in the last year. Almost all agencies (96 percent) consider themselves 'vulnerable', with half (48 percent) stating they are 'very' or 'extremely' vulnerable. This number is higher than any other US sector polled for the 2017 Data Threat Report.

Continue reading →

Up to now the security model for protecting IoT devices has been similar to that used for PCs, relying on patches which need to be installed by the user.

Now though internet security and performance company Cloudflare is launching a new service called Orbit which streamlines patching and adds an additional layer of security thanks to the use of a secure global network.

Continue reading →

Cyber attack methods are becoming more sophisticated in order to bypass traditional file-scanning protection systems according to a new study.

Endpoint protection specialist SentinelOne has used filtered data from more than one million SentinelOne Enterprise Platform agents deployed worldwide to carry out behavioral analysis of malware programs that bypassed firewalls and network controls to infect devices.

Continue reading →

Correct handling of corporate data is important not just to guard against security threats and data breaches, but to avoid the risk of regulatory fines and lawsuits too.

But a new report from secure erasing specialist Blancco Technology Group shows the two weakest links in a company's data governance program are uncontrolled user access to data (53 percent) and managing where data is stored (43 percent).

Continue reading →

In 2016, approximately 185 million new Internet users went online, with the vast majority of these coming from nations like India. This represents a huge increase in the market. However, while the Internet population continues to grow, there has also been an increase in bots as well. The word "bot" covers a wide variety of automated programs: while some source data for search engines and help people match their queries with the most appropriate websites, others are not so helpful.

In the past year, bad bots accounted for 19.9 percent of all website traffic -- a 6.98 percent increase over the same time in 2015. Bad bots interact with applications in the same way a legitimate user would, making them harder to prevent. However, the results are harmful: for example, bad bots can take data from sites without permission while others undertake criminal activities such as ad fraud and account theft.

Continue reading →

The rapid growth in numbers of IoT devices has seen them become a favored attack route for cyber criminals. This has left companies looking for a way to integrate strong security into millions of devices.

To address this problem, security platform Mocana is launching a new developer kit that provides businesses, who may not have deep cybersecurity or cryptography expertise, with a way to simplify the integration of hardware-based security features into IoT devices.

Continue reading →

With the right training and knowledge, many cyber attacks can be avoided. Addressing this human aspect of security is the idea behind a new platform from British start-up CybSafe.

Human error is a major cause of data breaches and security training needs to be able to positively change user behavior.

Continue reading →

Businesses of all sizes are under increasing pressure to protect corporate email records and make them easily accessible for audits and legal discovery.

Data protection and recovery specialist Arcserve has acquired email archiving technology FastArchiver and is making it available through its Arcserve UDP solution portfolio. UDP Archiving efficiently stores archived on-premise, public or private cloud email in a location independent of the primary mail system.

Continue reading →

This week South Korea takes the first steps towards becoming a coinless society as shoppers will be handed pre-paid cards instead of change in a country-wide trial. If the trial is successful, bank officials will allow change to be transferred straight into the shoppers' bank accounts by next year.

But a new report from global law firm Paul Hastings shows that security fears are preventing many British consumers embracing new payment technologies. The study of over 2,000 consumers finds 77 percent are worried about using new payment methods.

Continue reading →

Malware is something of a recurring problem for Android users, and it seems as though Google is fighting a never-ending battle to keep the blight out of the Play Store. The latest large-scale batch to be discovered takes the form of adware known as FalseGuide.

As you may have guessed from the name -- and your own experience of Google Play -- this malware spreads by fooling people into installing apps purporting to be guides to popular games. The apps themselves are fairly innocuous -- and often are guides as they claim to be -- but they then download additional modules which can be used to bombard users with ads.

Continue reading →

Cyber attacks are constantly evolving and consequently businesses are always seeking new ways of defending themselves. This is as much about understanding the nature of attacks as about preventing them.

One of the latest developments is the use of deception, employing camouflaged traps and tokens to throw the attackers off balance by detecting and understanding the nature of the attack and their plans.

Continue reading →

Apps that come with open-source code are putting organizations at risk, according to a new report by Black Duck. As you might imagine, many companies are using apps with open-source code.

Black Duck’s Center for Open Source Research & Innovation analyzed 1,071 apps audited during 2016 and found that 96 percent of them had open source. Of those, more than 60 percent had open source security vulnerabilities.

Continue reading →