Articles about Security

Advertising agencies, search engines and cybersecurity specialists should work collectively to tackle the security threat from rising malvertising.

According to Ben Williams, head of operations and communications at Adblock Plus unless this happens more users will be exposed to potential security compromises such as malware and phishing, and this will drive further adoption of adblockers as a solution to these threats.

Continue reading →

Yahoo CEO Marissa Mayer is not going to receive her annual bonus this year as the company punishes her for failing to react quickly enough to a security breach in 2014. Her bonus is to be shared between staff instead.

The security breach, followed by another in 2016 involving the use of forged cookies, meant Yahoo's sale to Verizon had to be renegotiated, slashing millions of dollars from the price. The company has revealed that around 32 million user accounts were accessed using forged cookies, and while this is nothing like the 500 million accounts affected by the 2014 breach, it rocked faith in Yahoo and Mayer felt it best to also pass on her stock award.

Continue reading →

Windows 10 Creators Update is expected to launch in April, and will deliver a wealth of new features and improvements. While a lot of the focus is on 3D creation, gaming enhancements, and security, Microsoft has also made a lot of welcome changes to the user experience.

Michael Fortin, CVP of Windows and Devices Group Core Quality, reveals today that the Creators Update will give users much greater control over privacy, security, and updates.

Continue reading →

We've heard the phrase, "users are the weakest link," more than we can count. Building a more resilient cyber security strategy means flipping the model on its head and making people part of the solution. Instead of starting with a technology-based strategy, Absolute discusses how and why organizations can take a people-first security strategy.

Paul Proctor, chief of research for risk and security at Gartner was quoted as saying: "we are facing a cultural disconnect [...] executives believe that IT risk and security is a technical problem." Of course, that’s wrong. Deep down, we know it’s wrong. Security, is, and always will be, a people problem. At least until the robots fully take over. Until then, though, we have to come to grips with the simple fact that with the way security is typically deployed in enterprises today, users will continue to click on things they shouldn’t, visit sites they shouldn’t, or make other uninformed or careless choices leading to breaches, incidents, or loss in availability of systems and data.

Continue reading →

Data breaches caused by account take overs (ATOs) are a growing problem, partly due to people reusing passwords so that when a high profile breach -- such as the recent one at Yahoo -- occurs other accounts are put at risk.

User behavior specialist Sift Science is taking on this threat and expanding into the cyber security market with a new tool to detect ATOs.

Continue reading →

With increasing amounts of sensitive data stored in the cloud and accessed on mobile devices, protecting that information presents a major challenge.

Data management specialist Informatica is adding to its Secure@Source platform with behavioral analytics to detect high risk data and ensure it's properly protected.

Continue reading →

While storing data in the cloud is undoubtedly convenient it also introduces risks and encryption is increasingly seen as a way of helping combat them.

Database-as-a-service company mLab is introducing encryption-at-rest as an opt-in data security measure for customers of its most popular plans, at no additional cost.

Continue reading →

With more and more organizations moving their operations to the cloud, old approaches to security are put under strain and struggle to cope with the new way of working.

Network security specialist Observable Networks has put together an infographic looking at the current state of cybersecurity and how old approaches don’t adapt to the cloud.

Continue reading →

Mobile malware detection almost tripled in 2016 and advertising Trojans exploiting super-user rights became the top threat.

These are among the findings of Kaspersky Lab's 2016 Mobile Threat report released today, which looks at reports generated by the company's mobile products.

Continue reading →

The Internet of Things will have been adopted by 85 percent of businesses by 2019 according to a new global study.

The report from Aruba Networks shows that there are clear business benefits from IoT investments despite the fact that they can lead to additional risk.

Continue reading →

Eighteen percent of UK businesses have been the target of a cyber-attack in the last 12 months, according to a new report by Altodigital. These attacks cost the economy £1.9 billion.

Back in 2013 33 percent of companies were hacked, so Altodigital sees the current figure of 18 percent as a "welcome improvement." Each individual attack cost more than £2,000 last year.

Continue reading →

People like getting friend requests on social media, and hackers are using that to launch successful phishing campaigns. This is according to a new report released by phishd by MMR InfoSecurity.

After reviewing simulated attack campaigns targeting almost a million users, phishd by MMR InfoSecurity says that social media is the most effective lure to have victims clicking email links.

Continue reading →

If you want to keep your computer secure and clutter-free, it's important to keep an eye on what gets installed. This is fairly easy if you're the only person to use your computer, but less so if you share it with kids or other members of your household. To make it easier to lock down Windows 10 Creators Update, you can block the installation of all software that doesn't come from the Windows Store.

Why would you want to do this? Well, blocking non-Windows Store software means blocking traditional programs, and these are the ones that are more liable to be malicious or pose a security threat. Apps that have made it into the Windows Store have -- in theory -- been vetted to some degree, and are less able to wreak havoc. Here's what you need to do.

Continue reading →

Not content with publishing details of an unpatched Windows bug, Google has now gone public with a security vulnerability in both Microsoft Edge and Internet Explorer. Going under the description of "Type confusion in HandleColumnBreakOnColumnSpanningElement", the bug has the potential to allow an attacker to execute malicious code.

The vulnerability has been assigned the code CVE-2017-0037, and details of the flaw have been published under the terms of Google's Project Zero. Microsoft was notified about the problem 90 days ago, and as the company failed to patch it Google has made the problem public.

Continue reading →

Security researchers from Google's Project Zero have uncovered a critical bug in Cloudflare which allowed sensitive data -- like passwords, cookies and encryption keys -- from many hosted websites to leak online.

Patreon, Y Combinator, Medium, 4chan, Yelp, OKCupid, Zendesk, Uber and 23and Me are among the most-important affected websites. This security issue is so important that it is now being referred to as cloudbleed.

Continue reading →