Articles about Security

Identifying and prioritizing cyber threats is a problem for large organizations and it's easy to become overwhelmed with information. This is why, increasingly, they're turning to solutions to automate the process.

Risk analysis specialist Bay Dynamics is launching a new version of its analytics platform, Risk Fabric, that helps companies measure, communicate and reduce cyber risk. It automatically delivers prioritized threat and vulnerability information, based on the value of assets at risk, to the business leaders who are responsible for those assets.

Continue reading →

Opera Software is advising all users of the sync feature of its Opera browser to change their passwords following a security breach. Details are a little scant at the moment, but the company says that servers were breached earlier in the week and user data may have been compromised.

Opera Sync is used to synchronize user data between different computers but it is apparently used by under "0.5% of the total Opera user base". However, with a user base of 350 million this means that upwards of 1.7 million people could be affected.

Continue reading →

Phishing attacks continue to get cleverer as the people behind them refine their social engineering techniques. The latest attack uncovered by Comodo Labs targets users of the popular GoDaddy web hosting service.

The scam sends out email from what appears to be support@godaddy.com. Within the body of the phishing email, the user is notified that their email account storage has been maxed out and that incoming emails are being rejected.

Continue reading →

Security researchers have unearthed three serious security flaws in iOS that made it possible to install spyware and other malware on iPhones. Software exploiting the vulnerabilities (described as "one of the most sophisticated pieces of cyberespionage software we've ever seen") can be installed with a single click, opening up victims' devices to full-scale surveillance.

The security holes have already been abused by NSO Group -- linked with selling hacking and surveillance software to governments -- but Apple has now issued a fix in the form of iOS 9.3.5. The update fixed two kernel vulnerabilities and one in WebKit, all discovered by Citizen Lab and Lookout.

Continue reading →

Dropbox users around the world are being told to change their account passwords. Anyone who has been using the cloud storage service since before the middle of 2012 and has not changed their password may have had some of their account details 'obtained' in an incident in 2012.

Dropbox says that email addresses plus hashed and salted passwords were grabbed four years ago. The company stresses that there are no indications that accounts have been improperly accessed and the security measures are being taken on a preventative basis.

Continue reading →

Not so many years ago corporate IT security involved installing a firewall and antivirus solution. But the threat landscape has now become much more complicated and is changing faster than ever.

Companies need to be aware of these changes and make sure their security arrangements can keep up. We spoke to Shai Gabay, the chief innovation officer of security operations and advanced threat detection specialist CYBERBIT, to find out more about the risks and solutions.

Continue reading →

The ever-popular messaging tool WhatsApp is to start sharing more user data with its parent company Facebook. The updated privacy policy means that WhatsApp will now share users' phone numbers with Facebook to "offer better friend suggestions and show you more relevant ads".

The updated policy also communicates the fact that end-to-end encryption has rolled out, but it is the privacy side of things that will be of greater interest to many people.

Continue reading →

Cyber criminals are frequently turning to insiders to gain access to telecommunications networks and subscriber data, according to a new report from Kaspersky Lab.

According to the report, 28 percent of all cyber-attacks and 38 percent of targeted attacks now involve malicious activity by insiders.

Continue reading →

New research from data protection company Bitglass into breaches in the financial services industry reveals that leaks nearly doubled between 2014 and 2015, and that lost and stolen devices are the most common cause.

While hacking remains a major fear, only one in five leaks were caused by it. Other breaches were the result of unintended disclosures (14 percent), malicious insiders (13 percent), and lost paper records (8.1 percent).

Continue reading →

SaaS application adoption is growing fast and with it comes increasing expectations to be able to access any application from anywhere on any device.

Consequently organizations want login solutions that can help them reduce risks in their environment, deliver a better experience for their end-users, and adapt to the complexities of existing infrastructure and new applications.

Continue reading →

As we reported yesterday, privileged users can represent a significant risk to enterprise security. A new report from cyber security company BeyondTrust underlines this with findings that show organizations adhering to best practices for privileged access management are much better at mitigating the risks of a data breach.

The survey of more than 500 IT, IS, legal and compliance experts split its overall scores into top- and bottom-tier groups and finds that top-tier companies were much more likely to have a centralized password management policy -- 92 percent in contrast with just 25 percent of bottom-tier organizations.

Continue reading →

Many technology pundits talk about biometrics as the ultimate authentication solution -- the technology that will make the 'imperfect' password obsolete. Despite the hype, most companies are approaching with caution. In fact, CEB found that there are varied degrees of biometrics adoption globally, as around 20 percent of firms have actually deployed the technology.

A big reason for low adoption could be that they are less secure. And while many are touting the security of biometrics, there are four issues to consider when evaluating the technology.

Continue reading →

All businesses are aware of the danger posed by insider threats, but those threats are multiplied when they involve privileged user accounts.

Damage caused by privileged users is the most extensive, the hardest to mitigate and the hardest to detect as it involves authorized users doing things they are authorized to do. A new report from access management specialist Forcepoint in conjunction with the Ponemon Institute looks at the gap between organizations' awareness of the problem and their ability to solve it.

Continue reading →

Reusing a password on multiple sites is a recipe for disaster. Why? Well, the password is now only as safe as the weakest site. For example, if you use the same user credentials for a shopping site that you do for a banking site, and the shopping site is hacked, your banking password is now exposed. Bad guys will try stolen credentials on various sites looking for where they might work.

Today, Epic Games, maker of  popular games like Unreal and Infinity Blade, announces that its forums have been hacked. Now, if you don't reuse passwords, that isn't a huge deal, right? Sort of. True, your discussions about games might not be particularly sensitive, but you may still feel pain.

Continue reading →

Virtual Machines have been mainstream for some time, and many IT managers think they have good management processes in place; they know where their machines are, their status, and the function they are performing. But is that enough? Whilst virtual machines (VMs) allow an IT infrastructure to be extremely agile in Private, Public and/or Hybrid Cloud environments, they also create opportunities for weak points, where data can be compromised.

Encryption is one of those major weak points, where VMs can be deployed without an encryption policy being followed, subverting compliance, and leading to machines in a live environment that lack the required protection. More often than not, those VMs will contain sensitive data.

Continue reading →