Articles about Security

A security vulnerability discovered in numerous Linux distros potentially puts millions of users at risk. CVE-2016-4484 (Cryptsetup Initrd root Shell) affects the Cryptsetup script that is used to unlock partitions encrypted with LUKS (Linux Unified Key Setup).

The flaw means that it is possible for a hacker to access, change or delete data on the hard drive, and it is not even necessary to have physical access to exploit the vulnerability in every circumstance. But the worrying thing is just how easy the problem is to exploit.

Continue reading →

DDoS attacks have been at the forefront of the media for weeks. The unprecedented scale of the attacks on Brian Krebs website lit the powder keg, and it hasn’t stopped, with the most recent example being the attack on Dyn’s servers that led to a major outage on the east coast of the US.

As The Register reported, the Krebs attack was the largest known single DDoS attack ever, with more than 152K devices involved, generating more than 620Gbps in the attack. The Dyn attack received even more coverage, as it affected many popular consumer sites, including media-friendly Twitter.

Continue reading →

In a white paper and blog post, Microsoft makes the claim that changes introduced in Windows 10 Anniversary Update make it the most secure version of Windows ever. The company is particularly proud of its ability to fight ransomware, but also points to security features such as Credential Guard and Windows Hello.

Microsoft says that Windows Defender -- recently complained about by Eugene Kapsersky -- is to thank for this. Cloud-based protection and faster updates mean protection is more effective than ever.

Continue reading →

Data breaches can be hard to detect and are often missed by traditional cyber security approaches, allowing attackers to spend a long time inside a network.

One way of combating this is to catch attackers out by deploying decoys that mimic desktops, servers, printers and other technology present in a network. But until recently this approach was only available to large organizations.

Continue reading →

Philips Hue light bulbs could be vulnerable to a cyber attack, according to researchers who have developed a proof-of-concept worm capable of spreading from bulb to bulb with the power to turn the lights on and off.

The researchers efforts at gaining access to the connected light bulbs was detailed in their paper titled IoT Goes Nuclear a ZigBee Chain Reaction. The worm they created was able to gain access to the Philips Hue devices by exploiting hard-coded symmetric encryption keys that are used to control devices over Zigbee wireless networks.

Continue reading →

Claims of anti-competitive behavior are incredibly common in the world of tech; Google finds itself on the defensive on just about a weekly basis. Microsoft is certainly no stranger to accusations of anti-competitiveness, most notably for bundling Internet Explorer in older versions of Windows. But now it's Microsoft's approach to security that's in the firing line.

Eugene Kaspersky (yes, that one: the Russian security expert and CEO of Kaspersky Lab) has fired a vitriolic tirade at Microsoft in which he complains about how Windows Defender works in Windows 10. Windows 10 has been lambasted for many reasons since it launched, and things are not really improving as we near the launch of Windows 10 Creators Update. Kaspersky is so furious about the way in which Defender operates that he has written a lengthy and bitter blog post entitled: "That's It. I've Had Enough!"

Continue reading →

Google has decided to rework the way it classifies dangerous and harmful sites in an effort to better protect users from being infected by malware.

The search engine has tried to protect its users for a number of years by displaying a warning when a link appears that could lead them to an unsafe site trying to infect their systems with malware or trying to obtain their personal information through phishing.

Continue reading →

Organizations waste millions of dollars trying to keep hackers away from sensitive information using outdated perimeter-based security technologies. The result is obvious: it isn’t working.

Percipient Networks’ CTO Todd O’Boyle has counterintuitive advice for businesses when discussing what to do about hackers: let them in your corporate network. I spoke to Todd, and he explained why that advice is more sound that you might think.

Continue reading →

Today, the majority of enterprises rely on employee authorization by means of keycards or passcodes. While this form of security is convenient, these methods don’t truly authenticate nor verify the identity of the person at the time and place of an access request. We’ve all seen how usernames and passwords can be easily stolen. When this inevitably occurs within an organization, that factor becomes useless and will allow an attacker to gain access to everything the employee was authorized for.

Employee authorization based on a single paradigm is highly flawed because it could easily be lost, stolen or duplicated. If you are relying on only one vector for authentication, then there will only need to be one point of failure. Outside of the increased risk of becoming victimized by a data breach, enterprises that rely on these single paradigm authorizations are opening themselves up to the potential of fraud, lawsuits and damaged reputation and relationships with both internal and external stakeholders.

Continue reading →

However much technology you throw at protecting your organization's systems the weakest link is still the person sitting in front of the endpoint.

No surprise then that social engineering is increasingly the attacker's weapon of choice for gaining access to sensitive systems. Security rating and risk monitoring company SecurityScorecard has put together an infographic showing the five most common attacks and their impact on enterprises.

Continue reading →

The bring your own access (BYOA) movement has presented a number of challenges and opportunities to IT leaders in recent years. Since the dawn of the smartphone, the consumerization of IT has left CIOs fighting to keep up with the latest trends in productivity, communication and creativity apps.

Driven by simple user interfaces and the promise of fast synchronization across devices, business users have flocked away from the typical corporate IT stacks and begun to pick and choose their own tools, often without the consent of IT.

Continue reading →

Microsoft has a long tradition of publishing Security Bulletins to share information about patches and security fixes that it releases. But starting next year this is going to change.

As of February 2017, Microsoft will make use of the newly launched Security Updates Guide database. This, on the face of it, sounds like a great idea -- a searchable database of information -- but it changes the way information is presented and is unlikely to be well-received by users.

Continue reading →

It’s fair to say, yesterday’s US election result sent shockwaves around the world. Donald Trump was seen as an outside bet by many people, but now he’s won the race for the White House, the big question, is what will his victory mean for the people, both at home and abroad?

Former NSA contractor turned whistleblower Edward Snowden has a lot to say on government matters, and today in a live Q&A he’ll be opining on how the US election results could affect your privacy, as well as any potential pardon for himself, and answering questions submitted via social media.

Continue reading →

A new report from Kaspersky Lab reveals that its products blocked 73,066,751 attempts to attack users with malicious attachments during the third quarter of this year.

This represents the largest amount of malicious spam since the beginning of 2014 and is a 37 percent increase compared to the previous quarter. The majority of the blocked attachments were ransomware trojan downloaders.

Continue reading →

Microsoft has kept its promise and delivered a vulnerability patch for its Windows operating system, for a flaw, revealed by Google, which allowed attackers to gain full control of a targeted system.

Releasing the details in a security bulletin, Microsoft says the flaw in the Windows kernel "could allow elevation of privilege if an attack logs onto an affected system and runs a specially crafted application that could exploit the vulnerabilities".

Continue reading →