Articles about Security

Just about every app and online service offer two-factor authentication (2FA) as a security measure these days, and Instagram is the latest to join the party.

After numerous instances of hacking for other services, it's little surprise that Instagram wants to offer its users an extra level of protection. Once enabled, users are required to enter a six-digit code that is sent to their mobile via SMS, greatly eliminating the risk of unauthorized access.

Continue reading →

Yesterday WikiLeaks published the second batch of its Vault 7 documents, Dark Matter, revealing information about Apple-related hacks used by the CIA. This time around, the documents focus on hacks for MacBooks and iPhones, and comes two weeks after the initial batch of documents came to light.

Apple previously said that it had addressed "many of the issues" from the first Vault 7 leaks, and now the company has said much the same regarding the second batch. Despite promises from Julian Assange, it seems that WikiLeaks has not been in contact with Apple to provide further details about the exposed vulnerabilities.

Continue reading →

It's only a couple of weeks since WikiLeaks unleashed the first batch of its Vault 7 CIA documents, revealing the agency's spying and hacking capabilities. Now the organization has released a second cache of files dubbed Dark Matter, and they show that the CIA has developed tools for hacking Apple products.

Bold and exciting names like Sonic Screwdriver, DerStarke, Triton and DarkSeaSkies are the monikers given to attack the firmware of MacBooks and iPhones. What's particularly interesting about the documents is that they appear to show that the CIA had the ability to exploit Apple hardware and software a full decade ago.

Continue reading →

Two factor authentication strikes the right balance between convenience and security, which is why so many services offer it nowadays. But its implementation differs. Many companies have SMS or app-based systems, others prefer tokens, and some offer both as an option.

eBay falls in the third category, allowing users to receive the security code for the second authentication stage via SMS or a token. However, the company is now recommending users switch to the former method, touting its convenience as the main reason to abandon the token. But, should you take the advice?

Continue reading →

Robbing the mail has a long and dishonorable history dating back to the days of the stagecoach. But UK-based online parcel broker ParcelHero is warning that automated delivery drones and droids could see the rise of a new breed of high-tech highwaymen.

The development of devices that alter the drone or droid's instructions, or simply stop them dead, is seen as inevitable. With UK online retail sales now worth more than £130 billion a year, if deliveries are to become largely automated and just one percent of items are waylaid using new technology, that's over £1bn of goods stolen a year.

Continue reading →

A group of hackers that goes by the name Turkish Crime Family, claims to have access to hundreds of millions of iCloud accounts, and it wants Apple to pay $75,000 in Bitcoin or Ethereum or $100,000 in iTunes gift cards to delete the compromised credentials.

This may lead one to believe that the collective has managed to hack iCloud, but according to Apple there "have not been any breaches" in any of its systems. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."

Continue reading →

Internet of Things devices are the latest threat vector that businesses have to deal with, introducing a potential extra weakness into corporate networks and leading experts to warn of increased risk.

To help guard against the threat, Mocana Corporation is introducing a new security platform designed to protect IoT devices and associated device-to-cloud communications.

Continue reading →

Slow patching of security flaws is leaving many US mobile users at risk of falling victim to data breaches according to the findings of a new report.

The study from mobile defense specialist Skycure analyzed patch updates among the five leading wireless carriers in the US and finds that 71 percent of mobile devices still run on security patches more than two months old.

Continue reading →

Old, unpatched vulnerabilities allow hackers to take over systems using the User-Agent string -- an elementary part of virtually every HTTP request.

It is a known fact that while the majority of vulnerabilities discovered or reported are fixed by the vendor and a patch is issued, many systems end up not being patched in a timely manner or even at all, for that matter. There are many possible reasons for that, the most common being:

Continue reading →

Security researchers at Cybellum have revealed details of a zero-day exploit that makes it possible for an attacker to take full control of antivirus software. The technique can be used to take control of just about any application, but by focusing on antivirus tools, the illusion of safety offered to victims means they are likely to be completely unaware of what is happening.

The attack works by exploiting the Microsoft Application Verifier that's built into Windows. It is possible to replace the tool with a custom verifier which can then be used to inject malicious code into any chosen application. A number of well-known antivirus tools -- including Avast, BitDefender, ESET, Kaspersky, and F-Secure -- are vulnerable, while patches have been released for others.

Continue reading →

It should come as no surprise that hackers have been busy lately. According to my go-to resource on hacking stats, the Identify Theft Resource Center, breaches jumped from 780 in 2015 to 1,093 in 2016. Is there a way to take a proactive approach to data security that doesn’t involved investing in more firewalls or virus protection software and ultimately get to the real-source of vulnerabilities?

Yes and yes. The answer is penetration testing, or pen testing for short. It’s a white-hat approach that challenges organizations to expose the vulnerabilities inside their own systems by understanding how a cybercriminal could exploit their internal information.

Continue reading →

A couple of bizarre incidents happened to Three users in the UK recently, and the media are suspecting the company might be facing a new data breach.

According to a report by The Guardian, some customers, logging into their accounts, were "presented with the names, addresses, phone numbers and call histories of strangers."

Continue reading →

Mature development organizations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype.

The report, entitled 2017 DevSecOps Community Survey, is based on a poll of 2,292 IT professionals, and also says IT organisations continue to struggle with data breaches.

Continue reading →

Today Google published its third annual Android Security Year in Review, the day after the launch of the developer preview of Android O. Looking back at 2016, the report details the steps the company has taken to keep Android users and their data safe. Google cites a crackdown on Potentially Harmful Apps as a particular success, and points to the fact that security updates have been issued to 735 million devices.

But it’s not all good news. Many of the security improvements are to be found in Android 7 Nougat which is only available on a limited number of devices. Additionally, a large number of handsets are not eligible for the monthly security updates the company pushes out.

Continue reading →

A modified version of a threat that first appeared in 2014 is successfully targeting users in Latin America according to the SPEAR research team at threat prevention specialist Cylance.

Attackers using the El Machete malware -- first identified by Kaspersky -- have moved to new C2 (command and control) infrastructure, based largely around dynamic DNS domains, in addition to making some minimal changes to the malware in order to evade signature-based detection.

Continue reading →