Articles about Security

Microsoft could be on the verge of making greater headway in China after completing a modified version of Windows 10 for the Chinese government.  The operating system has been banned for governmental use for some time despite the fact it is already available to consumers in the country.

A joint venture with state-owned China Electronics Technology Group, Microsoft's modifications are now awaiting government approval. While details of the included changes are not being released, China's concerns about other nations implementing surveillance through the software will almost certainly have been a key factor.

Continue reading →

New research from software supply chain automation company Sonatype reveals that the adoption of DevOps is leading businesses to adopt a different approach to security.

The survey shows that mature development organizations are ensuring automated security is woven into their DevOps practice, early. But the results reveal that IT organizations continue to struggle with breaches as a nearly 50 percent increase was recorded between Sonatype's 2014 and 2017 surveys.

Continue reading →

Not content with its second crack of the whip with a travel ban, the Trump administration has now issued a ban on larger electronic devices being taken on flights from certain countries. Devices larger than a cell phone will not be permitted in cabin baggage but must instead be checked in.

The ban is set to run indefinitely, and means that laptops, tablets, portable DVD players, ebook readers, portable games consoles and other larger electronic devices will be banished to the holds of aircraft. While the ban focuses on individual airports rather than countries, it has been noted that they are located in Muslim-majority parts of the world

Continue reading →

It was a big day for IBM today, as it unveiled its first Blockchain-as-a-service. Unveiled at the Interconnect conference, this commercial blockchain service is based on the open-source Hyperledger Fabric 1.0, built by The Linux Foundation.

In a nutshell, IBM Blockchain allows customers to build their own secure blockchain networks. It took the company a year to bring it from the initial announcement to a finished product.

Continue reading →

An old vulnerability was just discovered in the Linux kernel, potentially allowing hackers to gain privilege escalation, or cause a denial of service. The vulnerability was quickly fixed and there have been no signs of it in the wild, although that does not necessarily mean it went unnoticed.

According to Positive Technologies expert Alexander Popov, the CVE-2017-2636 vulnerability is seven years old and has affected the majority of popular Linux distributions, including RHEL 6/7, Fedora, SuSE, Debian, and Ubuntu.

Continue reading →

Almost a third of companies have suffered either data loss or a security breach because their employees use mobile technologies to work. This is according to a new report by Apricorn. The company polled 100 IT decision makers in the UK for the report.

Almost half (44 percent) expect mobile workers to expose their company’s data to risks of breaches and theft. Nearly half of respondents also agree that employees are the biggest security threat to their company.

Continue reading →

Gaining access to accounts is often done the old-fashioned way, using brute force guesses, but a new report reveals that many devices and accounts still have default usernames and passwords.

The study from visibility and testing company Ixia shows the top five username guesses as root, admin, ubnt, support, and user -- ubnt being the default username for AWS and other cloud services based on Ubuntu.

Continue reading →

Once again, an urban myth turns out to be true. People know mobile apps can be targeted by hackers, they fear the scenario, yet they’re doing very little to protect themselves from such potential attacks.

The confirmation was released by F5 Networks, in a study into the UK’s app-centric society and consumer behaviors.

Continue reading →

M-Kavach is a versatile Android security app from the Center for Development of Advanced Computing, a research and development arm of the Indian government.

The app offers several modules and security layers to protect you from a range of threats. M-Kavach can restricts app access to key resources, including Wi-Fi, Bluetooth, camera and mobile data.

Continue reading →

The CIA's hacking tools leaked in the WikiLeaks Vault 7 disclosure revealed vulnerabilities in a range of popular software titles. Julian Assange has said that his organization will share details of the zero days revealed in the documents with the respective technology companies, but it now transpires that there are certain conditions to meet first. It’s a situation that has more than a slight air of "ransom" to it.

Microsoft has initially complained that after the initial leak there had been no contact from either WikiLeaks or the CIA, but it seems that contact has now been made with the Windows-maker and other companies. Mozilla is among those to have been contacted and to have responded, and sources suggest that Assange has attached conditions to disclosing details of vulnerabilities.

Continue reading →

This year, the cyber-security focus is shifting from prevention only, into detection and response territory. This is according to a new Gartner report, which also says cyber-security spending will hit the $90 billion mark this year.

That’s actually a 7.6 percent increase year-on-year. Spending will keep on growing, Gartner says, up to $113 billion in 2020.

Continue reading →

European and US businesses see cyber espionage as the biggest threat to their security, according to a new report by Trend Micro. The report says that organizations in the West are under "increasing pressure" from groups looking to get their hands on some sensitive data.

In relations to the accusations that the Russians have been interfering with US elections, there’s an interesting stat: a large percentage of countries with recent, or upcoming polls, say they had been subjected to cyber espionage attacks in the last 12 months.

Continue reading →

Security researchers can make a lot of money by reporting bugs to software and hardware vendors. Microsoft, for instance, pays up to $15,000 for vulnerabilities in Office Insider, while Intel, through its first bug bounty program, takes things up a notch with a top reward of $30,000.

Intel's first bug bounty program was announced on HackerOne, and targets firmware, software and hardware products. Hardware vulnerabilities have the highest top reward, followed by firmware and then software.

Continue reading →

The cyber security landscape is a constantly evolving one. The organizations best able to cope with it are the ones that can look beyond today's threats to those they'll face in future.

London-based Independent security body the Information Security Forum has released its Threat Horizon 2019 report which is developed for business leaders who need to rapidly grasp emerging information security threats and assess the potential business impacts.

Continue reading →

Microsoft wants to make Office more secure, so it has announced a bug bounty program for Office Insiders to catch vulnerabilities before shipping a public release.

The bug bounty program targets the Windows version of Office on the Slow ring and features rewards of up to $15,000, but for "certain submissions" -- presumably highly-critical security holes -- the software giant says that researchers can expected to be paid more.

Continue reading →