Articles about Security

News of software vulnerabilities often centers on products from well-known companies that potentially put large numbers of end users at risk.

But a new report from software solutions company Flexera Software reveals that the niche products used by specialist industries can be just as much of a problem.

Continue reading →

About four years ago, before I had children, I was quite surprised when friends of mine had a baby monitor with a video display -- not because I didn't think something like that was possible, but the fact that it was normal and available in a nice wireless package was striking for someone inexperienced in the baby world.

Several years later, my wife now checks on our younger child every night with one. The sense of security and convenience that come with a device to instantly check on someone or something that you care about can be extremely valuable.

Continue reading →

With Chrome, Google is on a mission. A mission to make the internet a safer place. Its ultimate goal is to display a warning that HTTP sites (rather than HTTPS) are insecure, but this is a long-term plan and there are many stages to go.

Starting at the beginning of next year in Chrome 56, the plan moves to its next stage. As of January 2017, any HTTP sites that transmit passwords or credit card details will be flagged up as being insecure.

Continue reading →

Passwords are old technology and were never really designed to protect public access to sensitive information like bank and healthcare details. Yet despite the introduction of new technologies like two-factor authentication, biometric recognition and others, the password continues to cling on.

Identity and authentication platform Trusona wants to hasten the death of the password with the introduction of its Cloud Identity Suite, offering three tiers of identity-proofing and authentication, and making the basic level available for free.

Continue reading →

The latest report on enterprise cloud usage and trends from cloud security specialist Netskope reveals that 55.9 percent of malware-infected files found in cloud apps are shared publicly.

It also finds that ransomware is now one of the most common threats, with 43.7 percent of malware infections found in enterprise cloud apps having delivered ransomware. These include Javascript exploits and droppers, Microsoft Office macros and PDF exploits.

Continue reading →

One of the biggest problems companies have in keeping their system secure is a lack of integration and coordination between security and operations. This can lead to security blind spots and processes that are isolated from protection solutions.

IT solutions provider BMC is announcing extensions to its BladeLogic Threat Director product that allow for the rapid identification of unsecured assets, and provide visibility into application dependencies. This means operations teams will be better able to anticipate the impact of actions on end users.

Continue reading →

Google has released a new Android security fix that deals with the final two flaws in the Quadrooter set of vulnerabilities that was discovered last month.

Quadrooter refers to four undiscovered security vulnerabilities found in Android phones and tablets containing Qualcomm chips. These vulnerabilities are particularly troubling as they were found on every version of Android and affected at least 900 million devices.

Continue reading →

A security researcher has revealed a way to determine the password needed to access a protected Windows or OS X account. Using Rob Fuller's technique, it doesn't matter if the computer in question is locked, and it uses a USB SoC-based device to crack user credentials.

By modifying the firmware of a USB dongle, Fuller was able to make the device appear as an Ethernet adaptor. By spoofing a network connection, it is then possible to trick a target computer into giving up an account password.

Continue reading →

I've been at CloudSec 2016 in London, listening to various security professionals from the likes of Trend Micro and Microsoft talk about the challenges businesses face in securing their data in the cloud.

As you could probably have guessed, talks have centered around the ever-expanding threat landscape, the continued industrialization of cybercrime through various underground marketplaces around the world and general cyber security trends.

Continue reading →

Increased reliance on the Internet means businesses face a number of different security threats aimed at bringing down websites, impacting performance or stealing information.

Many of these attacks are aimed at the application layer. Content delivery specialist Limelight Networks is adding to its Cloud Security services with the launch of a new Web Application Firewall (WAF).

Continue reading →

One of the biggest problems organizations have in staying secure is a lack of visibility across the whole enterprise, giving hackers the opportunity to exploit gaps between security solutions.

Access control specialist SecureAuth is taking the lead in the creation of a Connected Security Alliance with the aim of building a reference architecture that will help organizations address every stage of the attack lifecycle from initial penetration, to lateral movement, to escalating privileges.

Continue reading →

It is often the illusive H Factor -- the human element -- that ends up being the weakest link that makes cyber-attacks and data breaches possible, sometimes even more so than hackers exploiting zero-day system vulnerabilities or employing new malware.

According to the 2016 Verizon DBIR, human errors are a major factor in most data breaches. This human touch is especially true with the growing mobility of employees and BYOD (Bring Your Own Device) policies that are becoming more widespread. Therefore, while technological cybersecurity solutions take center stage in many businesses' cybersecurity plans, addressing the human element is as important as the technological one.

Continue reading →

Contracts are among the most sensitive documents that many enterprises handle. When storing them in the cloud therefore firms need to be sure that they’re secure and properly managed.

Contract lifecycle specialist Icertis is partnering with cloud storage supplier Box to integrate with the latter's enterprise content management platform, empowering users to collaborate with internal stakeholders and seamlessly share documents and contract drafts during negotiation.

Continue reading →

Computer vision -- meaning quite literally, machines seeing things -- is poised to explode over the next several years. This technology is very important to things such as security cameras, artificial intelligence and robotics. On an immediate consumer level, Intel's RealSense technology is already being used for Windows Hello -- a secure camera-based method of logging into Microsoft's operating system with biometrics.

Intel is looking to further bolster its RealSense technology, plus other such initiatives, with the acquisition of Movidius. This soon-to-be-acquired company's main focus is computer vision and artificial intelligence, making it a seemingly smart fit for achieving Intel's goals.

Continue reading →

Banks around the world are embracing biometrics as a way of securing customers' accounts. HSBC is taking things in a slightly different direction, however, giving business customers the ability to open a new account using a selfie.

While the selfie alone is not enough to open a bank account, it is used as part of the identity verification process. It uses facial recognition software to analyse a selfie taken on a smartphone.

Continue reading →