Articles about Security

Fears are mounting that there could soon be a rise in large scale DDoS attacks after the source code used to launch the recent crippling attack on Krebs On Security was shared on a hacker forum.

Brian Krebs' website was hit by what has been described as the largest ever DDos attack recently, and the Mirai botnet source code has now been made available for anyone to make use of. The style of attack is particularly interesting as it involves using compromised Internet of Things devices such as webcams and other connected IoT hardware.

Continue reading →

This has been a controversy for quite some time. Companies don't like their flaws exposed, and for the most part researchers have honored this, at least to a reasonable degree. Generally, a period of time is given for the company in question to fix the problem, but if it fails then the issue is made public, somewhat akin to branding the company with a scarlet A.

Now, one researcher is working on a book that will point out common system flaws and how to either fix them or avoid them to begin with.

Continue reading →

Apple has historically been very guarded and secretive. While this is still true today, the company has definitely become more open after Steve Job's death. Quite frankly, the fact that there are now public betas for both iOS and macOS is mind-blowing for the Apple faithful. Last month, the company even launched its first bug bounty program! Why did Apple soften its guarded position? It had to. As the technology market advances, and security becomes a bigger focus, it is not possible to catch all bugs and vulnerabilities in house.

While the bug bounty and public betas were very wise moves, the company is apparently taking things a step further. According to Forbes, Apple is enlisting iPhone jailbreakers and other hackers (such as Luca Todesco, Nicholas Allegra and Patrick Wardle) to bolster the security of its products using the aforementioned bug bounty program. In fact, it is rumored to be happening at a secret meeting. If true, is the company smart to trust these people?

Continue reading →

A quarter of European companies are completely unprepared for the event of a cyberattack and would be extremely exposed if it happened, a new report by global law firm DLA Piper claims.

The paper also says that almost half of all companies (44 percent) view cyberattacks as a significant risk to their business, which means that a significant portion is aware of the problem yet does nothing. Among companies in Western Europe the number rises to almost a third (31 percent). The Benelux region is by far the worst, with 75 percent of companies being exposed.

Continue reading →

Back in August we learned of access to US voter registration databases in the states of Arizona and Illinois. After an extensive investigation it was widely believed the attempts had come from Russia, which has a history of attempting to influence votes in foreign nations.

Now Director Comey has once again appeared before congress to give some more bad news. "There have been a variety of scanning activities, which is a preamble for potential intrusion activities, as well as some attempted intrusions at voter registration databases beyond those we knew about in July and August", Comey states.

Continue reading →

The shift of systems to the cloud has made enterprise data visible beyond the perimeter of the organization, employees can access it from anywhere, and that has an effect on insider threats.

Data protection company Bitglass has released its report on insider threats in the enterprise, featuring insights from over 500 cyber security professionals on the state of insider data leaks and the tools used to mitigate these threats.

Continue reading →

There's a great deal of emphasis on securing data and email, but essential business communication via voice and video tends to get ignored. Yet these communications are vulnerable, partly because devices constantly release metadata, telling the network where and how to route communications.

To address this, Privacy-as-a-Service platform specialist Dispel is launching a secure voice and video conferencing service, a single application designed to provide enterprises and individuals with impenetrable private communications on their smartphones and mobile devices.

Continue reading →

Israeli security firm Cellebrite -- the company said to have helped the FBI access the San Bernadino iPhone -- says that it has the power to break into, and extract data from, just about any phone out there. Speaking with the BBC, the company demonstrated how it can crack the password on a smartphone to access its data.

It said that it was able to extract data from the very latest handsets including Android 7 devices and the iPhone 7. Cellebrite says it works with law enforcement agencies around the world too, and stopped short of saying it refused to work with oppressive regimes. The interview raises some interesting questions.

Continue reading →

LogMeIn the company behind the LastPass password manager has released the results of a survey looking at consumer psychology, behavior and attitudes when it comes to managing personal passwords.

Among the findings are that 61 percent of respondents use the same or similar passwords across accounts, and 55 percent of them do it even though they understand the risk. Also more than a third (39 percent) create more secure passwords for their personal accounts than their work accounts.

Continue reading →

Three out of five board members believe that they need to have cyber security experts on their boards, yet only one in six claim to have substantial expertise in understanding the implications of cyber security.

These are among the findings of a report from risk analytics specialist Bay Dynamics which looks at why boards of directors are making cyber security a top priority and the challenges they face in reducing risk.

Continue reading →

Many companies rely on legacy applications, but while they're keen to get maximum return on their investment and avoid the costs of moving to a new system, they may be opening themselves to security threats.

Information risk management consultancy AsTech Consulting is launching its Legacy Application Security Evaluation and Remediation (LASER) guided security improvement program to help companies uncover hidden security issues.

Continue reading →

If your business gets hacked, expect to lose a significant portion of your customers -- for good. This is according to a new report released by Alertsec, the cloud-based encryption company. Its Brand Perception Study, based on a poll of 1,200 Americans, says 17 percent of women and 11 percent of men would permanently lose trust in a hacked company.

Almost a third (29 percent) would need months to return while a further 22 percent would need only one. Men are also more likely (16 percent) to switch brands after a hack than women (6 percent). For more than a third (35 percent), a hack means the company was sloppy. Another third (32 percent) says it is the result of a lack of professionalism, while 26 percent say the company would become a great target for lawsuits.

Continue reading →

A few days ago, HP upset printer owners by issuing a software update to block the use of third-party cartridges. The beauty of third-party ink cartridges is, of course, that they cost a fraction of official ones, but HP didn’t like the idea of missing out on income and decided to implement DRM to block them.

The company has described the move as a way "to protect HP's innovations and intellectual property" but printer owners see it as little more than a money grab. Digital rights group EFF (Electronic Frontier Foundation) is similarly irked and has written to HP president and CEO Dion Weisler to express its alarm. There is particular concern that "HP abused its security update mechanism to trick its customers".

Continue reading →

When people think of online malware, they sometimes think infections only come from 'bad' websites, such as pornography and warez. Yeah, those types of sites can definitely house malware, but so can any site. In fact, bad guys will often target users through seemingly wholesome places, where a person may let their guard down.

Today, McAfee announces its annual 'Most Dangerous Celebrities' list. No, the celebrities themselves are not a danger to the public -- as far as I know, at least. Actually, these are people that, when their names are entered as search terms, can cause an increased chance of leading to malware. For 2016, McAfee lists Amy Schumer as the most dangerous in this regard.

Continue reading →

The first thing you should do after getting your home or apartment robbed is, obviously, change the lock. Yahoo doesn’t seem to think so, as the same practices that were in place when it got breached are still being used according to a new report by Venafi.

What’s more, its practices have for years been known as unsecure. Venafi puts it simply: if you’re a Yahoo user, you should be worried about this. Here’s what it did (or, didn’t do): most importantly, 27 percent of certificates on external Yahoo sites haven’t been changed since January 2015.

Continue reading →