Articles about Security

Security professionals increasingly believe that usernames and passwords provide insufficient security, and 72 percent think they will be phased out within nine years.

This is among the findings from mobile identity company TeleSign which also shows that security professionals are increasingly turning to effective, easy to implement technologies such as behavioral biometrics and two-factor authentication to secure user accounts.

Continue reading →

People are aware of the risks that come with using Wi-Fi, but generally believe public hotspots, like those on airports, are secure. Those are the results published in Norton’s latest Wi-Fi Risk Report 2016, which said 64 percent of UK’s adults assume public Wi-Fi is safe enough to use.

However, Norton says this couldn’t be further from the truth.

Continue reading →

The use of encryption in global organizations is now at an all-time high, with 41 percent using it extensively today -- a seven percent rise over last year.

This is among the findings of a Global Encryption report from Thales e-Security and the Ponemon Institute which shows that businesses are taking action to guard their sensitive data.

Continue reading →

A group of hackers from a security company in Portugal managed to hack into Uber and get their hands on a bunch of data that should remain hidden.

The team of three experts, Vitor Oliveira, Fábio Pires and Filipe Reis from Integrity, found a total of six flaws: they managed to use promotion codes, found private emails using UUID, found users’ phone numbers, created driver accounts, validated them, found where you went, who your driver was, and who you are and, ultimately, date of the trip, driver name and picture, the ID and the cost of the trip. The route map was also disclosed.

Continue reading →

The golden rule of password security is never use the same credentials on multiple sites. The idea is if one site suffers a breach, hackers can try the now-stolen credentials on other sites. This makes sense, yet many people still do it. You know what? I don't blame them. It can be impossible to remember all of the unique passwords, and writing them down is frowned upon too. What can be done to fix this?

Enter biometrics. Rather than use a password, a user's face or fingerprint can be used. More and more smartphones, tablets, and laptops are offering biometics, but sadly, the web is lacking. Consumers are understandably frustrated, and according to a new survey, more than half of them would prefer biometrics to passwords for daily use.

Continue reading →

An analysis of 200 second-hand hard disks and solid state drives purchased from eBay and Craigslist in the first quarter of 2016 reveals that 67 percent of them contained personally identifiable information.

In addition 11 percent held sensitive corporate data, including company emails, CRM records and spreadsheets containing sales projections and product inventories. The study comes from mobile diagnostics and secure erasure specialist Blancco Technology Group.

Continue reading →

Just over 30 percent of IT professionals admit to sometimes ignoring security alerts because of high volumes of false positives.

This is among the findings of a new survey from Skyhigh Networks conducted along with the Cloud Security Alliance which also reveals that 20 percent of companies have more than ten security tools that generate alerts.

Continue reading →

The world of technology relies on encryption. Everything from private messages to online payments are secured in this way -- but how does it all work? Mozilla has come up with a way to teach people about encryption, combining gaming and emoji into a useful learning tool.

Codemoji is described as "a fun way to learn about ciphers", and while you might think that it's aimed solely at children, there's something here for all ages. The idea is very simple: letters and words are translated into emoji so they can only be read by those who understand the decryption technique.

Continue reading →

Intel is looking for a buyer for its Intel Security. Intel Security, previously called McAfee, was bought from the security firm McAfee back in 2011 for $7.7 billion (£5.75bn).

Intel rebranded the company as Intel Security, and aimed to implement its security features at chip level, giving cyber-security a whole new dimension. It seems, though, six years later, the plan had failed.

Continue reading →

We live in a surveillance state and we all know it. We sort of knew it before the Edward Snowden revelations, but afterwards had a real sense of just how far it went. Apparently it is still, to this day, trying to reach further, and in this case it affects people who simply travel to the nation, even for simple things like vacation or business.

If US Customs and Border Control has its way, people will have to hand over their Twitter handle right in the airport. While an argument can be made for such heavy-handed tactics -- looking for Jihadist tweets, etc -- it is largely unjustified.

Continue reading →

Researchers at endpoint protection specialist SentinelOne have uncovered a new variant of the CryptXXX ransomware family which is being spread via spam and possibly other means.

The latest version fixes previous flaws in its file encryption methods which prevents use of free decryption tools and makes it impossible to decrypt files without paying the ransom.

Continue reading →

A virtualized hybrid cloud infrastructure comes with the assurance of better business outcomes but the rapid transformation that accompanies cloud also leaves the infrastructure vulnerable to cyber attacks. This makes risk management critical for every enterprise. Since no two enterprises work exactly the same way, a standard risk tolerance profile cannot sustain the potential risks posed by technical hurdles.

Despite a cloud service provider’s best possible efforts, security issues are inevitable. With hybrid-cloud deployments you will also need to ensure that sensitive business data remains secure between private and public cloud. This is why hybrid cloud environment strategies need to take into account the possibility of regular movement of data between private and public clouds. Here are security issues to take into account when handling hybrid cloud security:

Continue reading →

A new zero-day malware has been discovered in Australia that affects all of Microsoft’s Office 365 products including Word, Excel, PowerPoint and Outlook.

The malware was discovered by the cyber security company Check Point and comes in the form of an invoice sent by email. The attack is designed to catch unsuspecting victims according to security analyst Raymond Schippers who said: "The email sent to Office 365 users via Outlook gives the appearance of an invoice in the form of an Office document. When they go to open it, a message will appear telling people the document was created with a previous version of the software, so they will need to click something to enable the content".

Continue reading →

Security researchers from Ben-Gurion University Cyber Security Research Center (CSRC) have unearthed a vulnerability in Google Chrome that can be exploited to make copies of DRM-protected video streams. The problem affects all Chromium-based browsers, and makes it possible to circumvent Widevine encryption technology Google uses to secure streams.

Widevine has been used in Chrome for a while, after Google acquired it back in 2010. It has been used to prevent piracy of premium YouTube channels, and is also used to protect Amazon Prime and Netflix streams. Google was informed about the problem back in May, but is yet to issue a patch.

Continue reading →

Each new version of iOS is eagerly awaited, and at its Worldwide Developer Conference (WWDC) Apple unveiled a preview of iOS 10. Much has been made of the new features, but developers probing the operating system are making a surprising discovery. The kernel of iOS 10 is unencrypted.

In the current climate of security-awareness, this might seem like something of an unusual decision. But Apple says that the change has been made to improve performance, and it could even help to increase security.

Continue reading →