Articles about Security

Businesses often have security concerns surrounding moving their data to the cloud. For users of the popular Google Cloud Platform, Check Point is offering additional security with the launch of a new product.

The release of vSEC for Google Cloud Platform delivers advanced security that is built for agile and scalable cloud environments.

Continue reading →

Ransomware continues to be a major problem, a new report reveals that more than 60 percent of organizations suffered some form of ransomware attack in 2016.

The good news is that 54 percent successfully retrieved their data without resorting to paying the ransom. These are among the findings of the fourth-annual Cyberthreat Defense Report from security research firm CyberEdge Group.

Continue reading →

The Vault 7 document and code cache released yesterday by WikiLeaks revealed that many big software companies were being actively exploited by the CIA. Apple, Microsoft, Google, Samsung, and even Linux were all named as having vulnerabilities that could be used for surveillance.

Apple was one of the first of the companies mentioned in the documents to speak out and address concerns and security. But while the iPhone manufacturer has quickly indicated that it has fixed "many" of the vulnerabilities, Microsoft and Samsung have merely said they are looking into the issues raised. Other companies and groups mentioned have made no comment at all.

Continue reading →

Security researchers from Kaspersky Lab have found a very powerful malware, one which is capable of completely wiping the contents of a disk. Announcing the finding, the security company says the malware, which it dubbed StoneDrill, was found on just two machines so far, one in the Middle East, and one in Europe.

The researchers claim StoneDrill is both similar and "very different and more sophisticated" than another wiper malware -- Shamoon 2.0. They actually stumbled upon StoneDrill while investigating Shamoon 2.0.

Continue reading →

Yesterday WikiLeaks unleashed Vault 7 online, revealing a wealth of information about the CIA's hacking tools and techniques. Included in the data dump was the suggestion that the CIA was actively exploiting vulnerabilities in iOS and other software to listen in on people. Apple has responded by saying that "many" of these security holes have been fixed.

Importantly, the company is unable to say that all of the vulnerabilities being used -- or that have been historically used -- by the CIA have been addressed, but it does insist that it "will continue work to rapidly address" problems that are found. A number of iOS security flaws have been exploited by the CIA to surveil individuals, or even take remote control of devices.

Continue reading →

It's no secret that Facebook can be a real hog, both in terms of data and battery usage. To combat the problem, Facebook released a cut-down version of its mobile app in certain markets called Facebook Lite; it also followed that up more recently with Facebook Messenger Lite.

The problem with Facebook Lite is that it's not available everywhere through Google Play. For people keen to get their hands on the app, there are plenty of app repositories online offering it for download. But not all repositories are equal, and some are serving up a tainted version of Facebook Lite that's laden down with spyware -- specifically Android/Trojan.Spy.FakePlay.

Continue reading →

WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive.

The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe.

Continue reading →

Keen as ever to squash any security issues and bugs that might arise in their software, both Microsoft and Google have announced increases in their bug bounty program payouts. Microsoft has doubled some awards, while Google has used others to make knowing jokes.

Two increased rewards from Google include "leet" references. Find a Remote Code Execution bug and you could bag yourself $31,337 (up from $20,000); execute "Unrestricted file system or database access" and you could earn $13,337 (up from $10,000). While Google's increases are permanent, however, Microsoft's are just temporary.

Continue reading →

To everyone who continues to own a legacy email archive -- beware! You are sitting on a ticking time bomb.

By legacy email archives, I am referring to an email archive that was designed in the early 2000’s and is likely deployed on premises; but in some cases is a hosted email archive solution. A legacy email archive presents three major risks to your IT infrastructure and organization as a whole.

Continue reading →

A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security."

Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected."

Continue reading →

More than half of businesses in the UK were victims of cybercrime last year, according to a new report by Beaming. The report says that 2.9 million UK firms, or 52 percent, experienced some form of cyber-security incidents, costing them £29.1 billion.

Most common incidents included virus infections and phishing attacks. Both of them have an equal share of attacks -- 23 percent. Less than a fifth (18 percent) went on hacks and data breaches.

Continue reading →

Password managers are often pitched as a convenient way to secure online accounts. Their main appeal is that they can generate and store very complex, distinct passwords -- that would normally be virtually impossible for the average person to memorize (or for someone to crack) -- and the user only has to remember a master password -- that encrypts them -- to access those credentials.

But, for password managers to be truly effective, they have to be secure in the first place. And that may be a problem, according to a new report by TeamSIK, which found serious vulnerabilities in many of the popular options available on Android, including LastPass, Dashlane, and 1Password.

Continue reading →

Following the revelation of vulnerabilities in Windows, Internet Explorer and Edge by Google, and the delaying of the traditional Patch Tuesday, Microsoft security update practices have been in the spotlight. Google's Project Zero has exposed security issues that Microsoft is yet to fix, so a third party has decided to step in to help out.

A new project going by the name of 0patch has created a "0patch" for a zero-day, addressing the Windows gdi32.dll memory disclosure (CVE-2017-0038) yet to be fixed by Microsoft. As the issue is unlikely to receive an official patch until at least the middle of March, this third-party option is all that's available for now.

Continue reading →

A new report suggests that Mike Pence not only used a personal email account to handle state business, but also that the email address was hacked. The US Vice President was one of many who were very vocal in denigrating Hillary Clinton for her use of a private email server in the run-up to the election.

The Indy Star says that Pence used an AOL email address to conduct public business during his time as governor of Indiana. The report also says that his email account was hacked, with a perpetrator gaining access to it in the middle of last year and sending out a fake email to his contacts.

Continue reading →

Researchers at Trustwave have uncovered a backdoor in IoT devices from a Chinese manufacturer that could leave them open to exploitation.

The backdoor is present in almost all devices produced by VoIP specialist DBLTek, and appears to have been purposely built in for use by the vendor.

Continue reading →