Articles about Security

Data breaches can be extremely damaging for enterprises, leading to loss of consumer confidence, loss of revenue and even regulatory fines.

But despite the importance of data security a new study by Forrester Consulting on behalf of data protection specialist Varonis Systems, finds that organizations are often focused on threats rather than their data and don't have a good handle on understanding and controlling sensitive information.

Continue reading →

The Great Firewall of China is a famously totalitarian measure taken by the Chinese government to control what its citizens are able to see and do online. As with any such blockade, where there's a will there's a way, and people have long turned to VPNs to get around the firewall. But with a new 14-month crackdown on the use of such tools, the situation just got a little trickier.

While on the face of it the announcement from the Ministry of Industry and Information Technology in China seems like a new one, it is really just a drive to more strictly enforce existing legislation. The Chinese government is clamping down on the unauthorized use of VPNs in a move that will be seen by the outside world as a prime example of the country's dictatorial control and censorship of the Internet.

Continue reading →

A common recommendation that Android users get for avoiding malware is to stick with Google Play and not download any apps from other sources. Trouble is, as HummingBad proved early last year by penetrating the search giant's defenses, that advice is not exactly bullet-proof.

The malware generated $300,000 in revenue every month and infected over 85 million devices, which, at the time, ran popular versions of Android, like KitKat and Jelly Bean. It was also one of the most dangerous pieces of malware in 2016, representing 72 percent of attacks on mobile and ranking fourth in Check Point's list of "the most prevalent malware globally" in the first half of the year. But that is not the end of the saga, as a new variant, called HummingWhale, has been found on Google Play.

Continue reading →

You may have seen our story earlier today about the worrying permissions used by photo app Meitu -- and you have almost certainly seen the disturbing images created in the app and shared on Facebook. The company behind the app -- also called Meitu -- has jumped to defend itself, insisting there is nothing sinister going on.

The company insists that there is a very good reason for asking for so many permissions on iOS and Android. It insists there is a very good reason for gathering so much information about users. It insists this data is stored securely and is not shared with or sold to third parties. The defense is worth reading, but whether users are happy to accept what the company says about transmitting collected data back to a Chinese server remains to be seen.

Continue reading →

The key to defeating cyber attacks lies in being able to make the correct response in a timely manner, but frontline security staff may lack the skills or resources to spot problems early.

Endpoint security company Endgame is launching an intelligent assistant built to automate security operations analyst actions and guide users of any skill level to detect and respond to advanced attacks.

Continue reading →

The last year has seen fewer of the large scale breaches that made the headlines in 2014 and 2015, but that doesn’t mean the problem has gone away.

A new report from CyberScout and the Identity Theft Resource Center (ITRC) has found a 40 percent increase in the US with a total of 1,093 data breaches in 2016, up from 780 in 2015.

Continue reading →

Carbanak, a powerful cyber-crime group, is using certain Google services as command and control for its malware and other malicious elements. The news was released by cybersecurity firm Forcepoint this week.

Forcepoint uncovered a trojanized RTF document, which, once ran, will "send and receive commands to and from Google Apps Script, Google Sheets, and Google Forms services."

Continue reading →

There has been a sudden craze for freaky-looking photos created using the Chinese app Meitu. The images the app creates are either cutesy or horrific, depending on your point of view, but it's what's going on in the background that has people concerned.

While Meitu has been popular in China for several years --amassing a huge following -- it has only just caught on over here. What many users are unaware of is that while they are busy applying virtual makeup to their face in the app, data such as a phone's IMEI, Mac address, users' precise location and much more is being gathered and shared. The advice? Ditch the app if you're concerned about your privacy.

Continue reading →

If you are like most people, you are beginning to wonder if anyone has even a tenth of a clue about how to protect email. We all watched, for example, as reams of stolen political correspondence from a major email provider were posted each day leading up to the recent election, more than likely influencing the outcome.

And we all watched as another major email provider lost 500 million accounts to hackers who seemed to barely break a sweat in doing so. And, as if that’s not bad enough, the criminal underground put these swiped email goods up for sale at about a millionth of a cent per user account. Sadly, that’s just how trivial the bad guys think it has now become to break into our email. Criminal theft of email has officially become commoditized. The old Pony Express was safer.

Continue reading →

It is now normal for technology companies, media and telecom companies to be victims of either fraud or cyber-attacks, a new Kroll report says.

Almost four-fifths (79 percent) of companies were victims of fraud in the last year, with physical assets or stock being most sought after (35 percent). Cyber-attacks were no less dangerous, with 77 percent claiming to have been victims. These attacks are mostly virus or worm infections.

Continue reading →

According to a new report from security awareness training company Wombat Security, people are starting to get the message on phishing.

When asked, 'What is phishing?', 65 percent of those surveyed in the US answered correctly. Ransomware remains a bit of a mystery for many, however, 52 percent were not even able to hazard a guess in response to 'what is ransomware?'

Continue reading →

Gemalto has just issued a report which clearly shows how lenient we are when it comes to protecting our private data on the Internet. In short, we are very quick to give companies our personal data, we want them to safeguard it, but we’re pretty certain they’re doing a terrible job at it.

Gemalto has polled 9,000 consumers in the following countries: Australia, Benelux, France, Germany, Russia, UAE, Saudi Arabia, India, Japan, United Kingdom, and United States. Almost three quarters (70 percent) claim organizations are responsible for securing customer data. Just 30 percent believe the responsibility lies with them.

Continue reading →

Despite widespread concern about the security of mobile and IoT applications, organizations are ill-prepared for the risks they pose, according to new research.

The study from threat prevention company Arxan Technologies, IBM Security  and the Ponemon Institute reveals that 60 percent of respondents believe it’s either certain or likely their organization has experienced a material data breach or cyber attack over the past 12 months that was caused by an insecure mobile app.

Continue reading →

The Electronic Frontier Foundation has set out its plans for the first 100 days under Trump, during which time it says it will continue to fight for the rights of internet and technology users.

The digital rights group has already drawn up a wishlist for covering its privacy and security dreams for 2017, but the 100-day plan sees the EFF setting out its agenda for the first few months under Trump. Having claimed that "our civil liberties need an independent defense force" and that "free speech and the rights to privacy, transparency, and innovation won’t survive on their own", EFF is prepared to go to court -- again -- to hold the new administration to account when necessary.

Continue reading →

The UK's National Health Service is being targeted by ransomware according to a new study which shows that 30 percent of NHS Trusts have suffered an attack, potentially placing patient data and lives at risk.

The findings come from a Freedom of Information Act study conducted by endpoint security company SentinelOne. It submitted FOI requests to 129 NHS Trusts, of which 94 responded.

Continue reading →