Articles about Security

Cyber attacks on industrial Internet of Things are on the rise

The United States government has revealed that it has detected a rise in cyber criminal attacks on industrial control systems.

The concern is that with leading manufactures and grid power producers’ early adoption of the industrial internet of things -- and Industry 4.0 which are commercial and industry versions of the Internet of Things -- sufficient safeguards have not been put in place to protect them from the internet.

Continue reading

LastPass has serious flaw called 'LostPass' -- your passwords and more are at risk

Hacker

Remembering passwords is difficult nowadays. Between all of the crazy site-mandated requirements and the directive of never reusing the same password on multiple sites, the human brain is outmatched. It is for this reason that I, and many others, swear by password managers. Not only do they securely store login credentials, but can generate ultra-secure passwords too.

While there are many companies that offer such solutions, I stick with LastPass. Why? Linux. Yes, LastPass is one of the only solutions that works with all major operating systems, including Linux distributions. By default, many users of Ubuntu, Fedora, Chrome OS, and more, choose LastPass because there aren't many other options. Sadly, today, it is revealed that this password manager is at risk of a nasty phishing vulnerability. The author, Sean Cassidy, has published details about what he has dubbed 'LostPass'.

Continue reading

New York is trying to force backdoors into phones with legislation

Mobile data spy

Cryptography has become popular in the post-Edward Snowden era. Everyone seems to be worried about being spied upon and is looking for ways to avoid it. While the majority of users likely have nothing to hide, it's still a creepy feeling to know that someone can, and possibly is, checking what you say and do.

There has been a lot of talk about adding backdoors, mostly from those who want to spy and those who simply don't understand the technology. The latest of this is currently taking place in New York.

Continue reading

ISIS has its own secure messaging system -- this illustrates the futility of communication surveillance

Moves by governments to monitor web-based communication with a view to thwarting terrorism is utterly, utterly futile. Just like the NSA's dragnet-style dredging for intelligence, mass communication surveillance does little to home in on target -- the ones that government should be concerned about are the very ones who know who to evade detection.

This is something that was perfectly demonstrated this week when it became apparent that ISIS has developed its own secure messaging system. No longer reliant on the likes of WhatsApp, ISIS is using a custom-built, Android-based encrypted messaging tool that is incredibly difficult -- if not impossible -- for the FBI and NSA to monitor.

Continue reading

Error 404: Security insights found

This year has been another brutal one for breaches and data loss, with 400 new threats emerging every minute by some reports. Most security administrators and architects have been shoring up defenses inside networks in order to better detect places of compromise and attacker movement. Many organizations recognize that one of the fastest ways to beef up detection capabilities is to add context-based network analytics like those provided by Security Information and Event Management (SIEM) systems and NetFlow security analyzers.

Adoption has been brisk, the SIEM market is one of the strongest with a forecasted growth of 12 percent annually reaching $4.54 billion by 2019. And recently, Cisco further highlighted the importance of network telemetry to security with the acquisition of NetFlow analysis veteran Lancope for $453 million.

Continue reading

Security vulnerabilities, exploits are on the rise

It’s been a busy year for security firms everywhere -- cyber-attacks, malware, ransomware and other malicious online behavior reached new heights in 2015.

Those are the results of a report by Bromium, a company which deals in threat isolation in service of data breach prevention. Its report, entitled Endpoint Exploitation Trends 2015 analyzed the security risks of popular websites and software.

Continue reading

Your smart doorbell may let in unwanted visitors

It seems everything can be put online these days -- lights, window shades, door locks, refrigerators, crock pots, you name it. One popular item being advertised vigorously in the US is the smart doorbell. It's a nice idea as it allows the user to see who's at the door without opening it. You can even talk to visitors and all of this is done from an app on the smartphone, even if you aren't actually home.

But, as we've seen with other IoT devices, this isn't always safe. These days even your daughter's Barbie doll has security concerns.

Continue reading

Microsoft will let you unlock your Windows 10 PC with an app

Microsoft plans to give Windows 10 users another option to speed up the process of unlocking their PCs. The software giant has introduced an app that enables remote authentication using a Windows 10 Mobile device.

Called Microsoft Authenticator, the app is currently undergoing internal testing and it seems to be designed with enterprise users in mind. Microsoft likely wants to make it easier to deal with complex passwords, which are recommended for meeting certain security guidelines.

Continue reading

EFF goes after Cisco for human rights violations in China

China flag keyboard

China can be a difficult place to do business and it's sometimes a question of conscience or pocketbook. It's a huge market and companies stand to make a lot of money there, but the government isn't shy about wanting data in return. Is it worth it? To many corporations the answer seems to be yes, but for those who suffer there because of it the answer is a resounding no.

Now the Electronic Frontier Foundation is pursuing Cisco in court. This isn't a particularly new accusation or case, but the organization isn't ready to let it die.

Continue reading

Sharing ransomware code for educational purposes is asking for trouble

Trend Micro may still be smarting from the revelation that there was a serious vulnerability in its Password Manager tool, but today the security company warns of the dangers of sharing ransomware source code.

The company says that those who discover vulnerabilities need to think carefully about sharing details of their findings with the wider public as there is great potential for this information to be misused, even if it is released for educational purposes. It says that "even with the best intentions, improper disclosure of sensitive information can lead to complicated, and sometimes even troublesome scenarios".

Continue reading

Almost a quarter of companies are willing to pay $1m ransom to hackers

We all know that cyber attacks can be enormously disruptive, but how far would companies go to prevent an attack?

A new survey by the Cloud Security Alliance and Skyhigh Networks reveals that 24.6 percent of companies would be willing to pay a ransom to hackers to prevent a cyber attack and 14 percent would pay more than $1 million.

Continue reading

Updated Android.Bankosy malware steals passwords sent through voice calls

mobile banking

Around a year and a half ago, Symantec warned about the personal data stealing malware Android.Bankosy. Now the Trojan has been updated so it can steal passwords delivered via voice call-based two-factor authorization systems.

Such 2FA systems are often used by banks to communicate one-time passcodes to people. While these have usually been delivered via SMS, voice call delivery is becoming increasingly common. Malware makers are keen not to miss out on data stealing opportunities, and the Android.Bankosy introduces a call-forwarding feature that sends 2FA calls to a C&C server so the code can be intercepted and exploited.

Continue reading

Fortinet firewalls feature hard-coded password that acts as a backdoor

Just weeks after Juniper was found to be using insecure code in its products, a security issue has been found in Fortinet's FortiOS. It's a problem that affects the software in older NetScreen firewalls from Fortinet and could allow for remote access of unpatched system.

Buried in the firewall software is a hardcoded password (FGTAbc11*xy+Qqz27) that could be easily used to exploit servers running FortiOS. Ralf-Philipp Weinmann is one of the security researchers who unearthed the problem with Juniper hardware, and he has confirmed the problem which is being referred to as the FortiOS SSH Undocumented Interactive Login Vulnerability.

Continue reading

Trend Micro Password Manager could have exposed all of your passwords to hackers

Hacker

People turn to security tools to, obviously, improve security. Antivirus tools take care of malware, firewalls manage network and internet traffic, encryption keep files private, and password managers keep passwords safe. At least that's the idea.

Google security engineer Tavis Ormandy discovered a vulnerability in Trend Micro Password Manager (part of Trend Micro Antivirus) which allowed for the remote execution of code and, opened up the possibility for passwords to be stolen. Ormandy posted details of the security problem to the Google Security Research newsgroup, and the clock started ticking on a 90-day full disclosure deadline.

Continue reading

BBC was hit with the biggest-ever DDoS attack

There’s a good chance that the recent DDoS attack against the BBC was the biggest one, yet. That depends on whether the hackers behind the attack are exaggerating or not.

According to a CSO Online report, the hackers claimed the attack on the BBC website, which occurred on New Year’s Eve, reached 602Gbps. If that turns out to be true, that will be almost twice the size of the current biggest attack which sits at 334Gbps.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.