Articles about Security

The majority of IT security experts actually struggle to measure the return on investment in security measures, Tenable Network Security says.

Based on a survey of 250 IT security professionals, conducted during the Infosecurity Europe 2016 summit, it says that the majority can only measure the return on less than 25 percent of their security spend.

Continue reading →

There has been a huge increase in the number of DDoS (distributed denial of service) attacks in the second quarter of this year, a new research report by security experts Nexusguard says.

According to Nexusguard’s Q2 2016 Threat Report, there has been more than 182,900 attacks in Q2 this year, with the majority falling onto Russia.

Continue reading →

Who doesn't love a good AI-driven keyboard, eh? Well, people who have discovered that the keyboard is sending their email address and phone number to strangers, for starters. And that seems to be precisely what's happening with SwiftKey.

The Microsoft-owned company has disabled the syncing of data between devices after users complained not only about the appearance of unknown email addresses and phone numbers in suggestions, but also suggestions in unknown foreign languages. The problem became apparent when users who saw the random email address suggestions contacted the owner of the address.

Continue reading →

Increased reliance on mobile devices opens enterprises up to a new range of threats. While mobile management solutions can do a good job of protecting the device, it's harder to guard against attacks on individual apps.

Mobile security company Appmobi is launching a new solution that detects and resolves attacks at the app level.

Continue reading →

A security researcher is warning WhatsApp users that their chats can be retrieved even after they have been deleted, cleared, or archived. Jonathan Zdziarski says that even using the 'Clear All Chats' option leaves behind a 'forensic trace'.

He warns that the only way to be certain that your chat history is deleted, is to get rid of the app entirely. The problem appears to stem from WhatsApp's use of SQLite which fails to overwrite deleted data by default, rendering it recoverable.

Continue reading →

At a time when computer security has been front and center in the Election news, given the Clinton private server scandal and the DNC hack, not to mention one candidate calling on a foreign nation to hack our systems -- something he later walked back on, saying it was sarcasm -- this is a bad time to put additional questionable practices on display.

Now that things are wrapped up and we have two official nominees, we also have a report of the major failures that were on display (not just politically).

Continue reading →

Financial services need to rethink crime protection and prevention because the current measures are simply not cutting it, according to PwC. In the company’s new paper, it examines the industry to find out to what extent it is complying with the latest rules and regulations, whether it is investing heavily in protection and prevention, and what are the results.

Basically, financial institutions have always been, and it seems as they will continue to be, cyber-criminals’ most wanted target. They are under intense scrutiny by regulators, and they are investing heavily in both protection and prevention.

Continue reading →

Historically hackers have pursued and targeted individuals more frequently than they have targeted businesses as they are typically the path of least resistance. However, the number of organizations worldwide falling victim to major cyber attacks is dramatically rising. More and more, hackers are infiltrating businesses of all sizes -- and not just through traditional system hacks, but now increasingly through social engineering.

Tricking people to access money or sensitive information on the Internet is by no means a new concept -- these cleverly disguised emails were behind the infamous ‘Celebgate’ hacking case, which exposed nude photos of celebrities. Except now, fraudsters are doing their homework to perfect their technique.

Continue reading →

Slack is the largest enterprise chat platform in the world with more than 2.7 million daily active users who spend an average of 140 minutes per day using it.

Not surprising then that alert attackers see it as an opportunity to expand their social engineering campaigns. The fact than many people use Slack without the IT team's knowledge creates a further security issue.

Continue reading →

As more and more devices get connected to the Internet of Things, so their susceptibility to hacking increases too.

New research from enterprise data protection company Vormetric in conjunction with Wakefield Research shows that this is a concern for many people.

Continue reading →

Security expert Jérémie Boutoille from Quarkslab says that he has found a critical bug in the Xen hypervisor. The open-source hypervisor, which has the likes of Amazon, and IBM on its cloud clients list, has had a bug which could lead to potential privilege escalation.

The bug, identified as CVE-2016-6258, affects all versions of Xen. However, only PV guests on x86 hardware should be worried. Hardware virtual machine (HVM) and ARM guests are deemed invulnerable.

Continue reading →

Today -- the day before the free upgrade to Windows 10 expires, and just a few more days before the release of Windows 10 Anniversary Update -- Microsoft is tweaking the minimum system requirements for the operating system.

Specifically, hardware manufacturers will have to include TPM 2.0 in PCs, smartphones and tablets if they are to be considered Windows 10 compatible. TPM 2.0 (Trusted Platform Module) is an added hardware-based security layer that helps to protect user data,

Continue reading →

O2 customer data has been found available for sale on the dark web, most likely as a result of a hack that occurred several years ago.

The gaming website XSplit was hacked three years ago and those responsible for the hack were able to obtain usernames and passwords from the site. Through the process of credential stuffing, in which account credentials acquired through a hack are tested on multiple websites, the hackers were able to gain access and log into O2 accounts.

Continue reading →

You might think that becoming a cyber criminal required some hard work and dedication to your task, maybe even some form of apprenticeship where you learn the craft at the side of a more experienced hacker.

But new research has identified a one-stop, outsourced online shop, providing hosting, design and payment solutions for cyber criminals looking for a low-cost of entry method to sell their ill-gotten assets.

Continue reading →

In the second quarter of this year DDoS attacks increased by 83 percent to more than 182,900, according to the latest threat report from security solutions company Nexusguard.

The report shows that Russia has become the number one victim country. Starlink -- a Russian ISP supporting small, medium and large enterprises -- received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, as measured in the previous quarter.

Continue reading →