Articles about Security

Last year's highly publicized Yahoo and LinkedIn breaches exposed millions of users' passwords to the public and saw them for sale on the dark web.

Researchers at behavioral firewall company Preempt have analyzed the leaked LinkedIn passwords to find out how many were weak before the breach occurred.

Continue reading →

Despite being based on the very secure Linux kernel, Android isn't necessarily a very secure operating system. Unlike iOS which does a great job of shielding its users from installing apps from outside Apple's own App Store, it is far too easy to do so on Google's mobile OS. Also, there is nothing requiring manufacturers to issue device updates, meaning many users are forced to use outdated and vulnerable versions of the operating system.

For the most part, however, Android users can remain safe by acting intelligently, such as only installing apps from the Play Store. Well, that might not be so true anymore. You see, it has been discovered that many models of Android smartphones -- from manufacturers such as Samsung, LG, and even Google's own Nexus line -- are being sold with malware pre-installed. This is particularly bad malware, as it can steal user information. Some devices even came pre-loaded with ransomware!

Continue reading →

The Vault 7 leaks this week suggest that the CIA has been able to exploit vulnerabilities in a wide range of popular hardware and software, including Windows, macOS and Linux. One of the suggestions is that the agency produced EFI (Extensible Firmware Interface) rootkits for MacBooks called DarkMatter.

To help calm the fears of MacBook owners, Intel Security has pushed out a tool to check for such rootkits. Apple issued a statement earlier this week indicating that it had addressed "many of the issues" exposed by WikiLeaks, but Intel Security's further intervention will bring some peace of mind to concerned users.

Continue reading →

We’ve been losing the war on cybercrime for some time. Research firm Forrester reports over a billion accounts stolen in 2016 alone, and these data breaches are going up, not down. We are having to wade through more incident data, and people cannot keep up. Could machine learning help solve the problem?

For years, researchers hoped that artificial intelligence would produce human-like machines. Now, they focus on a subset of AI that can solve more realistic and useful challenges. Machine learning cannot do everything a human can, but it doesn’t have to. Instead, we can train it to be good at narrowly-defined tasks -- even better at them than humans, in some cases.

Continue reading →

More than a fifth (21 percent) of all websites are still using an insecure certificate, which is leaving them open to different types of cyberattacks. This is according to a new report from cyber security experts Venafi.

The report says many sites are still using the SHA-1 certificate, which means they’re vulnerable to man-in-the-middle attacks, brute force attacks and collision attacks, all of which can expose the site’s sensitive data.

Continue reading →

AgileBits, the company behind popular password manager 1Password, is raising the top bug bounty reward from $25,000 to $100,000, following the discovery of serious vulnerabilities in popular password managers, including its own service, that could have allowed attackers to gain access to user data.

To receive the highest reward in its bug bounty program, AgileBits says that a researcher would have to access an unencrypted "bad poetry" flag that is stored in a 1Password vault.

Continue reading →

When your job is writing about technology you get used to receiving the somewhat off the wall ways companies come up with to promote their products.

Kaspersky's latest endeavour though had us scrambling for the calendar to check whether it was April 1st, as the company is launching a fragrance. Described as 'threatening yet provocative' the rather disturbingly named Threat de Toilette comes, like all the best scents, in pour femme and pour homme versions.

Continue reading →

Last week 0patch produced what was described as the first 0-day patch for Windows in lieu of Microsoft's usual Patch Tuesday release. It came after Google revealed a pair of vulnerabilities affecting IE/Edge and Windows.

Having addressed the problem in Windows, 0patch is at it again, this time patching the "type confusion" bug (CVE-2017-0037) that plagues Internet Explorer and Edge. This patch is described as an attempt to "release a simple temporary patch that blocks an attacker than try to create a perfect patch", and it's available for anyone who is willing to place their trust in third-party patching.

Continue reading →

Technology companies will be given access to the CIA's hacking tools revealed earlier in the week, Julian Assange said today. The WikiLeaks founder said that full details of the exploits used by the CIA would be shared with a view to allowing companies to patch the security holes.

Apple has already said that it has fixed many of the iOS vulnerabilities mentioned in the document cache, and we know that the CIA exploited vulnerabilities in all major operating systems as well as weaponizing numerous popular programs. While WikiLeaks has made certain details of the CIA's hacking tools public, it intends to share them in their entirety privately so software developers can create patches.

Continue reading →

Businesses and consumers recognize the benefits of mobile payments, but worries over security are holding back adoption according to a new report.

The study by Oxford Economics interviewed 2,000 consumers and 300 business executives and finds that 62 percent of consumers say mobile money enhances their buying experience, and 72 percent of executives say mobile payments can boost their sales.

Continue reading →

The FBI and CIA are working together on a joint investigation into the Vault 7 document cache published by WikiLeaks that supposedly reveals the CIA's hacking tools. Many of the companies mentioned in the documents for having exploitable vulnerabilities -- including Apple, the Linux Foundation, and Microsoft -- have spoken out about the leaks, but it has taken some time for the CIA itself to respond.

Speaking to the BBC, a CIA spokesperson said: "The American public should be deeply troubled by any Wikileaks disclosure designed to damage the intelligence community's ability to protect America against terrorists and other adversaries." FBI director James Comey has also spoken about the lack of privacy that now exists in the US.

Continue reading →

If you’re not a data security professional, you may have missed the fact that January 28th was Data Privacy Day (also known as Data Protection Day, in Europe). Since 2007, Data Privacy Day has been designated as a day to raise awareness and promote privacy and data protection best practices.

As VP CSO for Zuora, I’m all for anything that raises awareness and promotes dialogue about data security -- but obviously I don’t just focus on data privacy once a year. For me, and my security colleagues, data privacy is an everyday concern. But the fact is that these days we’re seeing data privacy becoming an everyday concern for everyone. Whether it’s potentially hacked elections or IoT devices listening in on your family conversations, questions about data privacy -- and the implications of hacked data -- are becoming more pervasive and more concerning.

Continue reading →

The IoT (Internet of Things), is a network of devices connected to the Internet that gathers and transmits data. The ubiquitous adoption of smartphones, and the ability to connect to anyone, anywhere at any time, will have quite the impact on the data center industry in 2017. It is anticipated that more than 24 billion IoT devices will exist worldwide by 2020. These devices include everything from smartphones, to cars, to refrigerators. This increasing amount of data that is being produced by both consumers and providers will not only change our applications and devices, but also how data centers operate.

Below are three ways in which the IoT revolution will impact the data center industry in 2017:

Continue reading →

In the wake of WikiLeaks' Vault 7 CIA leaks, Apple has been quick to point out that vulnerabilities mentioned in the documents have already been addressed. Microsoft and Samsung have said they are "looking into" things, and now the Linux Foundation has spoken out.

Nicko van Someren, Chief Technology Officer at The Linux Foundation says that while it is "not surprising" that Linux would find itself a target, the open source project has a very fast release cycle, meaning that kernel updates are released every few days to address issues that are found.

Continue reading →

There is much to consider when buying a piece of technology, but price and suitability tend to be at the top of most people's lists. In recent years, however, there has been an increased interest in privacy and security, and this is something that renown reviewer Consumer Reports is going to start taking into consideration.

Consumer Reports most recently hit the headlines for deciding not to recommend the new MacBook Pro (although it later changed its mind), and now the non-profit has teamed up with a number of privacy, security, and consumer rights organizations with a view to creating a new digital standard for products to live up to. The aim is to put data security and privacy first, just as many consumers are starting to do.

Continue reading →