Articles about Security

Critical PayPal XSS vulnerability left accounts open to attack

PayPal has patched a security vulnerability which could have been used by hackers to steal users' login details, as well as to access unencrypted credit card information. A cross site scripting bug was discovered by Egyptian 'vulnerabilities hunter' Ebrahim Hegazy -- ironically on PayPal's Secure Payments subdomain.

Hegazy found the Stored XSS Vulnerability on https://Securepayments.Paypal.com back in the middle of June, and was able to demonstrate how it could be exploited. More than two months later, PayPal has addressed the issue and plugged the security hole.

Continue reading

Easiest malware removal trick -- ever

Removing malware is often a complex and time-consuming task, even for security experts. But as Bitdefender has reported, sometimes, just occasionally, the most effective technique can be extremely simple.

Like, turn your PC off, and on again.

Continue reading

84 percent of people support eliminating passwords

Password tweezers

Spare a moment to consider the plight of the humble password. It has become an essential component of modern life, but it would be wrong to say we've grown to know and love it.

In fact a survey by mobile authentication specialist LaunchKey shows that 84 percent of respondents would like to do away with passwords altogether and 76 percent believe their information would be more secure with an alternative form of authentication.

Continue reading

Security education saves companies millions of dollars a year

Phishing hook

Successful phishing attacks can lead to costs from loss of employee productivity and credential compromise, among other factors, which together may cost an average sized company $3.77 million per year.

New research released by Wombat Security Technologies and the Ponemon Institute finds that the phishing email click rate improved an average of 64 percent following security training.

Continue reading

One percent of employees account for 75 percent of cloud risk

Cloud risk

Cloud security specialist CloudLock has released a new report looking at the risks of user behavior to businesses using cloud systems.

It reaches the startling conclusion that just one percent of users account for 75 percent of the security risk. The top one percent of users are responsible for 57 percent of file ownership, 81 percent of files shared, 73 percent of excessively exposed files and 62 percent of app installations.

Continue reading

AT&T accused of injecting ads through its free Wi-Fi hotspots

What price is free? In the case of Windows 10, many argue that it means giving up a little of your privacy, and it seems that AT&T's free Wi-Fi hotspots also come with a hidden payload. Whilst visiting Dulles Airport, computer scientist Jonathan Mayer noticed that "the web had sprouted ads. Lots of them, in places they didn’t belong".

With time to kill waiting for a flight, Mayer set about investigating where these extra ads were coming from. It didn’t take long for him to discover that the AT&T hotspot he was connected to was the problem. He found that the hotspot was injecting a stylesheet which in turn pulled in advertising. But it didn’t end there...

Continue reading

Millennials lose trust in the digital economy

Broken trust

Although millennials are the first fully connected generation, having lived their whole lives in the Internet era, new research suggests that they're beginning to recognize that their identity and personal data may not be properly protected.

Digital identity specialist Intercede surveyed around 2,000 16-35 year-olds in the US and UK to get their views on current security measures. The results suggest what the company calls a 'millennial malaise' towards existing safeguards, in particular the use of easily-hackable but widely used password-based authentication methods.

Continue reading

Samsung smart fridge might leak your Gmail credentials

Your smart fridge might be good for storing cold beer, but it definitely isn’t good for storing your Gmail credentials, as those can be easily stolen. During the recent DEF CON hacking conference, the vulnerability was unveiled at the IoT hacking challenge run by Samsung.

The fridge that got owned was the RF28HMELBSR smart fridge. It downloads Gmail Calendar information and displays it on an on-screen display. The device does implement SSL, but it fails to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections.

Continue reading

NSA wants to future-proof encryption standards against quantum computers

The NSA is concerned that current methods of cryptography, used to encrypt data and ensure that if it does fall into the wrong hands it’s not readable or usable, are going to be woefully inadequate and easily broken when quantum computers come into play.

Of course, this isn’t going to be something that happens in the near future, as quantum computers -- which instead of bits, use qubits that can hold three states instead of the usual binary 0 or 1 -- are still merely conceptual in nature, and won’t be fully realized for many decades yet.

Continue reading

Most Android lock patterns are easy to guess

Your Android lock screen patterns are so predictable, it almost makes no difference if you use one or not.

According to a study by a woman named Marte Løge, a graduate of Norwegian University of Science and Technology, a vast majority of Android users use lock patterns which are easy to guess.

Continue reading

Travel tips for mobile employees

Long days, warm weather, the lure of travel, if only to a nearby park or beach -- many employees, naturally, are thinking of escaping the office for time away.

For the past year, since the passage of home working legislation in the UK, employees who have been on the job at least 26 weeks have had the right to request flexible working hours.

Continue reading

Virtual infrastructure means higher recovery costs

Cloud money

Businesses may be paying a lot more to recover from security breaches if they're using virtual rather than conventional in-house infrastructures.

According to a study by Kaspersky Lab enterprises pay more than $800,000 on average to recover from a security breach involving virtual systems, which is twice as much compared to incidents involving only physical infrastructure.

Continue reading

The best enterprise firewalls based on user reviews [Infographic]

A good firewall will keep your company’s and customers’ private information secure in order to prevent issues such as identity theft, hackers and viruses by shutting off access to your network where necessary.

With recent data breaches like that of the U.S. Office of Personnel Management and at Harvard, firewalls are gaining increasing importance in business.

Continue reading

Paranoid torrent sites ban Windows 10 over privacy concerns

tinfoil hat

Since the launch of Windows 10, there have been all manner of privacy concerns -- some grounded in fact, others less so. Whatever your view of the latest version of Windows, it's impossible to deny that this has proved one of the more controversial releases to come from the Microsoft stable.

Getting in on the paranoia now are torrent sites, with some coming out and saying they have implemented a ban on the use of Windows 10 to connect to their trackers. Seemingly in response to the news that Windows 10 could disable counterfeit games, torrent sites including iTS have already put measures in place to block Windows 10 users from accessing them, while the likes of FSC and BB are considering taking similar action. Over-reaction?

Continue reading

Microsoft will only provide information about Windows 10 updates when it wants to

It's less than a month since the launch of Windows 10, and there have already been three cumulative updates released. There has been far greater interest in these updates than for previous versions of Windows, but there has been frustration about the lack of detail provided about the changes the third brought.

Users were told that the update includes "improvements to enhance the functionality of Windows 10", but no specific details were given. Microsoft has now made it clear that extra detail will only be provided for some updates depending on their significance. Considering Windows 10's forced installation of updates, this is something that is unlikely to go down well with users.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.