Articles about Security

PCs can go wrong in all sorts of ways, and the problems can manifest themselves in the form of slowdowns, freezes, or worse. Occasionally, you might encounter a blue screen of death (BSOD), accompanied by a usually pretty cryptic message outlining the cause of the crash.

In the soon-to-be released Windows 10 Anniversary Update, Microsoft has given the blue screen a makeover, introducing QR codes to make it easier for anyone to troubleshoot the problems they encounter. It’s a helpful change, but Panda Security warns it could actually be a godsend to cybercriminals, and result in users having personal details stolen, and smartphones getting infected with drive-by malware.

Continue reading →

More than 400 businesses get targeted by CEO fraud scams every day, a new report by security researchers Symantec says. CEO fraud is a type of scam in which cyber-criminals target financial staff, often posing as CEOs or other executives, and request large money transfers.

Even though it sounds too simple to work, its success rate is actually quite high, and relies mostly on putting financial staff under a lot of pressure through a sense of urgency, not giving them enough time to think things through.

Continue reading →

Industrial control systems (ICS) are not supposed to be connected to the Internet, Kaspersky Lab says, as it opens a sea of opportunities for hackers. Such systems are run by energy, transportation, aerospace, oil and gas, chemicals, automotive and manufacturing, food and drink, governmental, financial and medical institutions, and should be, for the sake of security, run in a physically isolated environment.

However, Kaspersky Lab says that is not the case, and that it has found 13,698 ICS hosts exposed to the Internet, which very likely belong to large organizations. More than nine in ten (91.1 percent) host remotely-exploitable vulnerabilities, and 3.3 percent contain "critical and remotely executable vulnerabilities".

Continue reading →

Protecting against data breaches is always better than dealing with their aftermath. And since phishing is still one of the most popular attack methods businesses and employees need to be alert to the risks.

Authentication specialist Duo Security is launching a new, free tool to let IT teams run internal phishing simulations and assess their vulnerability to such attacks.

Continue reading →

The Labs team at malware protection company SentinelOne has discovered a sophisticated malware campaign that's specifically targeting at least one European energy company.

The malware, called SFG, is the mother ship of an earlier malware sample called Furtim, which targets the industrial automation control systems with sophisticated malware and acts as dropper to deliver a payload which could be used to extract data or potentially shut down the energy grid.

Continue reading →

It just became significantly harder to mine Bitcoins. The halving event rolled around yesterday, July 9, and means that the reward for mining just dropped by 50 percent. The cryptocurrency is generated by machines around the world 'mining' for new bitcoins.

Rewards of bitcoins are handed out for giving over computing power to process bitcoin transactions. It's a very, very slow way to make money -- and it just got a whole lot slower. While there were previously 25 bitcoins (around $16,000) available globally to miners every 10 minutes, the figure is now just 12.5 bitcoins. But what does this mean for the digital currency?

Continue reading →

Continuing in its relentless drive to take over the world of messaging, Facebook Messenger is gaining end-to-end encryption. To start with, the security feature is only rolling out on a 'limited test basis' but if feedback is positive, it will get a wider airing.

Facebook says that the move comes in response to requests for additional security options to protect discussions about sensitive matters, saying that security and privacy experts have been involved in the implementation of the feature.

Continue reading →

With so much focus now placed on privacy and security, you would have thought that the Blackphone from Silent Circle would have been a roaring success. But documents from a court case with former partner Geeksphone reveal that there have been just a handful of sales, and revenue is hundreds of millions of dollars lower than expected.

Silent Circle found itself in court after Geeksphone complained that it had not received a $5 million payment agreed as part of a buyout. Geeksphone had helped to build the original Blackphone, and Silent Circle went on to buy the Spanish company's share before launching the Blackphone 2. But sales were much, much lower than expected, leading the company to describe its hardware business to "be a significant financial drain".

Continue reading →

Federal government IT professionals are overconfident in their ability to detect insider threats, endpoint security firm Tripwire has found. Analyzing the confidence of IT experts regarding their efficiency in seven key security controls, it polled 763 professionals from various industries.

Almost a third say they would not be able to detect every time a non-privileged user attempted to access files. Almost three quarters (73 percent) assume their system would generate an alert or email within hours if a user inappropriately accessed file shares.

Continue reading →

As we reported last month app collusion, where apps work together to extract sensitive data, now represents a very real security risk to mobile devices.

To address this emerging threat, component technology firm Formaltech, today is releasing FUSE, a DARPA-funded tool that detects inter-application collusion and other vulnerabilities in Android apps.

Continue reading →

Bots account for 49 percent of all internet traffic, most of which is from malicious 'bad bots' according to website security company Incapsula.

Of course there are good bots too, such as the crawlers used by major search engines, but according to Incapsula’s figures 90 percent of all security events are caused by bots, and 66 percent of all bot activity is malicious.

Continue reading →

Although Avast and AVG both offer paid security tools, they are best known for their free antivirus software.

Some people confuse the two firms because of the similarity of what they do, and the fact their names begin with the same letters, they were founded at around the same time, and originated in the Czech Republic, but that confusion soon won’t be an issue as today Avast announces it is set to acquire AVG.

Continue reading →

A new malware was spotted by security researchers at Kaspersky Lab, targeting Facebook users. According to the researchers’ new report, there have been 10,000 victims in two days.

The malware has two stages: firstly, an unsuspecting victim gets a message from a Facebook friend, saying they had mentioned them in a comment. But when the victim clicks to see the comment, they instead download a bunch of malware, including a Chrome add-on which can take over the victim’s Facebook account, once they log back in.

Continue reading →

For security reasons, out of the box macOS is configured to only allow software from the App Store and identified developers to be installed. However, there are times when users may also want to run apps from other sources, in which case it is possible to enable a no holds barred setting. But, along with the extra freedom, it also exponentially increases the risk of running into malware.

You may be inclined to believe that you can stay safe by sticking to known download websites, but that is not always the case. Bitdefender has uncovered a new Mac malware, called Backdoor.Mac.Eleanor, that poses as a document converter on what the security company calls "reputable sites". When installed, it gives hackers complete access to your Mac.

Continue reading →

Digital device practices among US employees are exposing their employers to increased security risks according to a new study.

Identity management company OneLogin along with Arlington Research surveyed 1022 respondents in the US and found that 13 percent let their colleagues use a device that can access their employer's network. In addition nine percent allow their partners to access such a device, and one percent even permit their children to use it.

Continue reading →