Articles about Security

A vulnerability discovered in the Linux kernel has been present for nine years, and users are being advised to seek out and install a patch as soon as they possibly can. Dubbed Dirty COW, the bug is a privilege escalation vulnerability which can be found in just about every Linux distro out there.

Discovered by security expert Phil Oester, Dirty COW is described as one of the most serious bugs of its type ever found in Linux. Assigned the code CVE-2016-5195, there is evidence that the vulnerability has been exploited and a website set up to alert people to the problem advises that the "security community should deploy honeypots that entrap attackers and to alert about exploitation attempts".

Continue reading →

Despite a desire to be more connected than ever before, people are simultaneously more concerned than ever about their security and privacy. This is certainly true when it comes to messaging tools, and the privacy features offered by a particular app or service can be what sways your decision to use it one way or the other.

Justice group Amnesty International has spent some time analyzing the privacy and encryption found in a number of popular messaging tools and compiled results in a ranked list. The findings make for interesting reading, not least because Facebook is ranked the most highly.

Continue reading →

Cyber attackers know that the weakest point of an organization's security is usually the endpoint and they'll increasingly try to hide malware's presence from security tools by running it only in memory.

Endpoint security specialist Endgame is releasing an update to its platform which expands coverage of the attacker lifecycle to anticipate innovations.

Continue reading →

Threats like ransomware means it’s more important than ever to keep your computers safe both online and off.

Emsisoft has just released Anti Malware 12, the latest version of its respected anti-malware software, and Christian Mairoll, the company’s CEO, took time to speak to me about the ever evolving threat landscape, the best ways to keep your system safe, and the benefits of paid versus free solutions.

Continue reading →

The UK economy lost £10.9 billion as a result of online fraud and cyber crime last year, according to new research, which works out at about £210 for every person aged over 16 in the country.

The figures come from a survey by Get Safe Online and the National Fraud Intelligence Bureau and reveal that 68 percent of people in the UK have been targeted in some way by cyber crime.

Continue reading →

Increasingly people are suffering from password fatigue, so when signing up to websites it's very tempting to use existing social media accounts.

However, according to a survey from customer identity and access management specialist Janrain, 93 percent of people are concerned about how their account data and activity are being shared and used.

Continue reading →

Yahoo users have started to lose faith in the company following the theft of millions of account details and the revelation of collusion with the NSA and FBI. But it is not just users who are becoming disillusioned and looking to move elsewhere -- Yahoo's partners are also concerned.

One such company is StartPage, described as "the world's most private search engine". Concerned by privacy violations, it is ditching Yahoo search results from its metasearch tool Ixquick.eu. The parting of ways will take place by the end of the month, and StartPage CEO Robert Beens believes more companies will follow suit.

Continue reading →

Mobile games are increasing in popularity, boosted by augmented reality apps like Pokémon GO. But if individuals are using their devices for BYOD too then these games could present a major security risk.

According to a new study from licensing specialist Flexera Software which tested 60 of the most popular iOS games, 73 percent support location services and tracking. 68 percent support social networking, 58 have calendar access and 54 percent support SMS.

Continue reading →

Network security operations are evolving and becoming more difficult to implement according to a new survey by Enterprise Strategy Group (ESG), sponsored by network visibility specialist Gigamon.

The complexity of network security operations is as difficult, or more difficult, as it was two years ago according to 85 percent of surveyed respondents. This is primarily due to increased traffic, more connected devices on the network and diversity of network and security technologies used to address emerging and known security threats.

Continue reading →

British banks are afraid that if they disclose the full picture of the cyberattacks they're under, they might suffer public backlash resulting in reputational damage and loss of customers. That's why they never fully report when they're under cyberattack. And the attacks are getting more frequent.

This is all according to Reuters, which cites Israeli-based cyber security firm Illusive Networks, Barclays, and others.

Continue reading →

It seems as no one wants to buy NSA’s exploit tools. Or maybe ShadowBrokers, the group selling the tools, overpriced the deal.

The group, allegedly formed by Russian, state-sponsored hackers, decided to pull the auction on the tools. Instead, it turned it into a crowdfunded sale, aiming for 10,000 bitcoin, or slightly over $6 million.

Continue reading →

There's an expectation that public Wi-Fi will be available pretty much everywhere we go these days. We access it almost without thinking about it, yet public networks rarely encrypt data leaving users vulnerable.

A new survey of more than 2,000 business users by networking company Xirrus finds that while 91 percent of respondents don't believe public Wi-Fi is secure, but 89 percent use it anyway.

Continue reading →

The economics of cyber security are completely lopsided. There are a seemingly infinite number of cyber security risks out there, with more and more popping up every day. Hackers appear to have unlimited resources, and cybercriminals are literally reinvesting their lucrative profits into new and innovative ways to exploit, extort, and steal from your organization.

But... in order to foil, frustrate, and impede the nefarious schemes of these very well-equipped and well-funded adversaries, we as cyber security professionals are grudgingly allocated a hopelessly limited budget. The meagerness of which we are then asked to stretch ever so thinly across every conceivable threat vector out there in order to assure the business (management, executives, and the board) that, "We’re doing everything possible".

Continue reading →

Ransomware is increasingly big business and more than 43 percent of malware types are used to deliver it. It can also be unwittingly spread via the use of cloud services.

To protect against the threat, cloud security company Netskope is adding ransomware detection and recovery capabilities to its Netskope Threat Protection product.

Continue reading →

San Diego, Calif. The cop convention is in town this weekend, and I have never seen so many men in blue-grey suits or uniformed officers strutting sidearms. Quite possibly the safest-feeling place in San Diego through October 18th is the Convention Center and the areas around it—that is unless you're a lawbreaker or someone as afraid of men and women in uniform as clowns. What the hell is this clown craze anyway? Yeah, that's off-topic.

The International Association of Chiefs of Police holds its 123rd annual conference, which I blasted through (poor choice of words, I know) yesterday for a specific, and interesting product launch: Patriot One's NForce CMR1000; self-described as a "covert primary screening device for the detection of on-body concealed weapons at access points including hallways and doorways of weapons-restricted buildings and facilities". I met with CEO Martin Cronin and Chief Science Advisor Natalia Nikolova.

Continue reading →