Articles about Security

Privacy alert: your laptop or phone battery could track you online

Is the battery in your smartphone being used to track your online activities? It might seem unlikely, but it's not quite as farfetched as you might first think. This is not a case of malware or hacking, but a built-in component of the HTML5 specification.

Originally designed to help reduce power consumption, the Battery Status API makes it possible for websites and apps to monitor the battery level of laptops, tablets, and phones. A paper published by a team of security researchers suggests that this represents a huge privacy risk. Using little more than the amount of power remaining in your battery, it is possible for people to be identified and tracked online.

Continue reading

New version of RIG exploit kit sees 34 percent attack success rate

At the beginning of this year the RIG exploit kit had its source code leaked online by an unhappy reseller. This led to a hit in its success rate as security company Trustwave published details of its workings.

Trustwave has revealed today at BlackHat that RIG's authors have been working on a new RIG 3.0 version. The company's researchers say there are now up to 1.25 million victims worldwide and more than 3.6 million attack attempts. A remarkable success rate of 34 percent.

Continue reading

Why killing Flash may be a huge mistake

Flash might be a buggy program with multiple holes in its system. Flash might also be extremely vulnerable and a potential risk to millions of users out there.

But Flash should not be discarded, believes Cisco security veteran John Stewart, saying it might in fact be the lesser of two evils.

Continue reading

The real price of Windows 10 is your privacy

Windows 10 is a free upgrade, right? Well, surely you know by now that there's no such thing as a free lunch. We're only 48 hours on from the launch of Windows 10 and already the complaining and criticism is underway. One thing that has been brought under the spotlight is privacy under the latest version of Microsoft's operating system.

Some people have been surprised to learn that Microsoft is utilizing the internet connections of Windows 10 users to deliver Windows Updates to others. But this is far from being the end of it. Cortana also gives cause for concern, and then there is the issue of Microsoft Edge, and ads in apps. Is this a price you're willing to pay?

Continue reading

Turning Splunk data into pre-emptive breach detection

Breach detection

In case you haven't heard of it Splunk is one of the most popular machine data analytics tools, used to provide early warning of network and system issues.

IT teams often rely on access to this data for security information and event management (SIEM), but as malware becomes more sophisticated it can be difficult to spot what's important in time to prevent major breaches.

Continue reading

Silent Circle's ultra-secure Blackphone 2 joins Google's Android for Work program

The security of mobile communications is of paramount importance to many people, but it is particularly high on the list of priorities for business and enterprise customers. Silent Circle is a company that caters to those concerned with privacy and security, billing its work as the 'world's first enterprise privacy platform'.

The company's original Blackphone generated some interest, and earlier in the year we learned about the follow-up -- the Blackphone 2. Kitted out with a customized version of Android, the security-focused handset is the latest addition to Android for Work, Google's own security-focused program.

Continue reading

How shadow IT threatens the enterprise and what to do about it

Shadow IT

Increasing adoption of BYOD and use of mobile devices means that employees have the ability to access business data from anywhere. However, this can come into conflict with company security policy.

Policies are often seen as too invasive, hard to understand and not always in tune with how employees work. This can lead to workers finding their own alternative solutions. Companies need to come up with strategies that safeguard data in use, in transit and at rest to let employees focus on their work.

Continue reading

Who is your IT outsourcing firm working for?

While the US Government has been remarkably opaque about the recently discovered security breach at the Office of Personnel Management (OPM), we know that personal information on at least 21.5 million present, former, and prospective federal employees was lost. The Feds claim Chinese hackers are at the bottom of it, which is disputed by the Chinese government. This, to me, raises a number of questions, especially about the possible role of IT outsourcing firms and implications for organizations beyond OPM. Does IT outsourcing make your data more vulnerable? Yes, I believe it does.

It’s easy to blame the Office of Personnel Management for its own troubles. Oversight was lax. The agency failed a security audit and didn’t seem to do much in response. When shit hit the fan and it became clear that the identity of almost every living person associated in any way with Federal employment had been compromised, the agency lamely offered 18 months of identity theft screening but then didn’t have the money to pay for it. Pathetic. Both the Obama Administration and Congress are to blame, the former for mismanagement and the latter for "starving the beast" by limiting the OPM budget, pushing the agency toward cost-saving decisions that at least to some extent led to the current crisis.

Continue reading

Facebook makes new security checkup tool available to everyone

A couple of months ago Facebook started to talk about a new security tool. It was initially only made available to a select group of users, but today it rolls out to all.

The aptly-named Security Checkup gives Facebook users the opportunity to double check the privacy and security settings they have in place, helping to ensure that private information is not shared with too large an audience. It can also be used to monitor logins and check for suspicious account activity, acting as a handy centralized hub for everything security-related.

Continue reading

59 percent of consumers reuse passwords

weak password

We all know that we shouldn't reuse passwords across multiples sites, but that doesn't stop a majority of us from doing it.

A new survey for password manager Password Boss shows that 59 percent of consumers reuse passwords because it's too hard to remember them. Yet memory is the most common means of managing passwords, used by 63 percent, with only eight percent using some form of password manager.

Continue reading

Employee negligence is major source of insider threats

Employee bored

Multitasking and working long hours, can result in employee negligence which leads to insider threats and costs companies millions of dollars each year.

A new survey of IT and security practitioners in the US and Germany carried out by the Ponemon Institute for cyber security company Raytheon|Websense reveals that employee negligence can cost a US company as much as $1.5 million and Germany companies €1.6 million in time wasted responding to security incidents caused by human error.

Continue reading

Microsoft Edge introduces new security risks in Windows 10

The Internet Explorer replacement Microsoft Edge is one of the headline features of Windows 10. With security at the heart of Microsoft's latest operating system, and the general concern about online safety, it makes sense to put the web browser under the microscope to see how it fares against the competition.

This is exactly what security analysts at Trend Labs have done. While the team concedes that Microsoft Edge beats Firefox's security and roughly draws level with Chrome's, the new web browser also introduces new security problems and threat vectors.

Continue reading

Hackers target PDF readers, yet a high percentage go unpatched

Software patch

Vulnerability intelligence firm Secunia has released its second quarter 2015 country report for US and 14 other countries around the world. This looks at what programs users have installed and which are most at risk.

The big news is that a high percentage of users have unpatched versions of Adobe Reader. Adobe has the highest market share in this segment and PDF readers are a common target for hackers.

Continue reading

How to cope with Stagefright

Stage spotlight

Earlier this week we reported on the Stagefright vulnerability that could affect 95 percent of Android devices. It has arisen as a result of code vulnerabilities which could have been detected and resolved earlier.

Application security company Checkmarx has been looking more deeply into Stagefright and what it means for users and developers.

Continue reading

Yet another Android vulnerability discovered -- bad guys can turn your device into a brick

Say what you want about the restricted nature of Apple's iOS, but I appreciate its security -- it makes me feels safe. Comparatively, Android can feel much less secure. Not only is it fragmented due to carrier and manufacturer reluctance to support long term updates, but we are constantly hearing about vulnerabilities such as the one with Stagefright.

Sadly, we see yet another vulnerability today, and it is quite the bombshell. Respected security company Trend Micro explains that bad guys can turn your device into a brick -- a totally non-functioning state. Not only is this inconvenient, but potentially dangerous (and deadly) too.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.