Internet of Things cannot remain a security blind spot
The network is more exposed than ever before with the expanded attack surface IoT brings, leading to increasing support for securing interconnected devices. As the Industrialization of Hacking evolves, so does the number of vulnerable end points on the network including physical systems, mobile devices and wearable technologies.
The biggest challenge is a lack of visibility. The key to seeing an attacker’s every move, from control networks to the data center to the cloud, is contextual visibility by monitoring events and actions across the entire threat landscape before, during and after an attack. Only then will IT be able to continuously detect threats and address them in real time, decreasing the risk that the malicious activity will go undetected.
The challenges of protecting the hybrid cloud [Q&A]
With more and more companies storing apps in the cloud and others remaining in-house, security can become something of a headache. On-site security tools are ineffective against web attacks leaving organizations with multiple protection solutions in place.
The launch of hybrid cloud solutions such as Radware's WAF (Web Application Firewall) means it’s possible to protect all systems with just one application but what implications does this have for the enterprise? We spoke to Carl Herberger, VP of Security Solutions at application delivery and security specialist Radware to find out more about the benefits of hybrid WAF solutions and how they can be implemented.
Jamie Oliver is trying to steal your passwords
Celebrity chef Jamie Oliver’s website seems to serve three main purposes these days -- provide tasty recipes to try in the kitchen, keep visitors informed about his latest campaigns and, oh yes, infect your PC with password stealing malware.
Three months ago, Malwarebytes discovered a well hidden malicious injection on the official website of Jamie Oliver which redirected unsuspecting visitors to an exploit kit. This was apparently dealt with, but then a month later the issue resurfaced. So surely, after having been infected twice, the site is now clean? I think you can guess the answer to that.
Home and small office routers are being hijacked for DDoS attacks
The router security message really should have been driven home years ago, but it seems that a lack of basic security practices by ISPs, vendors and users has resulted in large numbers of hacker-controlled routers being used to launch DDoS attacks.
A New report from web security specialist Incapsula says it has uncovered a DDoS botnet comprising tens of thousands of hijacked routers. It's now sharing the attack details in an attempt to raise awareness about the dangers posed by under-secured, connected devices.
Safety is an essential concern for the future of wearables
Wearables, from smart wristbands to smart clothing, hold vast potential to enhance everyday life, from a person’s health to workplace productivity.
Their potential is vast as demonstrated by predictions of the market growth for wearables, anticipated to exceed more than $100 billion (£64 billion) in annual sales by 2018, according to Generator Research. The recently launched Apple Watch only adds momentum to this promising new technology category.
The ILoveYou legacy -- how malware has changed in the past 15 years
Where were you when the 'ILoveYou' bug started spreading on 4 May 2000? Was your computer one of the tens of millions of PCs the Love Letter attacked?
Fifteen years ago, email messages with the subject line 'ILoveYou' and the message 'Kindly check the attached LOVELETTER coming from me' started propagating to millions of inboxes. The malware-laced attachment was named LOVE-LETTER-FOR-YOU.txt.vbs. Since the vbs extension was hidden by default, it seemed to recipients that the attachment was a harmless txt file. Once the attachment was opened, a VBS script would overwrite image files and send the LoveLetter email to all contacts in the victim’s Outlook address book.
Cybersecurity firm accused of hacking potential clients, extorting them to buy its services
There have been numerous instances in the past where anti-virus companies have been accused -- and in many cases caught -- of creating malware their products combat. We’re learning of yet another similar case. A former employee of cybersecurity firm Tiversa is accusing the company of fraud.
Richard Wallace, one of the former investigators at the firm has testified against the firm in a Washington DC courtroom. Wallace says that Tiversa employees would hack their potential clients to force them to buy services from the firm.
Anonymous Tor Cloud project closes down
The Tor browser is used by many to stay anonymous online -- and it's something that has been embraced by the likes of WikiLeaks as a way to safely gather information whilst hopefully avoiding the surveillance of the NSA. One lesser known project from the same stables is the Tor Cloud service, and Tor has announced that it is closing down.
Based on the Amazon EC2 cloud computing platform, Tor Cloud provided a way to share computing resources and allow faster uncensored access to the internet. However, the project is plagued with "at least one major bug ... that makes it completely dysfunctional" and after failing to find anyone to undertake the work, the decision was taken to shutter Tor Cloud. This does not mean that Tor itself is dead -- far from it -- and developers are being encouraged to create their own forked versions of Tor Cloud.
Is it time for apps to protect themselves against threats? [Q&A]
Most security researchers now acknowledge that it is only a matter of time before a business suffers some form of compromise as the bad guys follow the money and conventional security tools struggle to keep pace. A recent report from Gartner stresses the need for apps to become self protecting rather than rely on security tools.
But how easy is it to produce a self-protecting app and how effective are they against malware? We spoke to Gordon Young, UK Sales Director of security specialist Promon to find out more.
Twistlock adds security to container-based applications
The move towards containerized technologies such as Docker for creating and scaling applications is great for development times but presents challenges for enterprises when it comes too keeping apps secure.
Unveiling a security suite designed to give enterprises the visibility and control they need over their container-based applications and data, Twistlock aims to maintain security and maximize efficiency and portability.
Another 'massive security risk' found in Lenovo computers, company issues a patch
Lenovo seems to be having a bad year. It hasn’t been long since the largest PC vendor was caught shipping its laptops with "Superfish" adware, and now we’re learning about some new vulnerabilities found in its computers. But before you slam your fist on your computer desk in dismay, the good news is that Lenovo has the patch ready, and you can download it right away.
Security firm IOActive reports vulnerabilities in Lenovo’s system update file. In a report titled "Lenovo’s System Update Uses a Predictable Security Token", the firm notes (PDF) that these vulnerabilities could allow hackers to bypass validation checks, and replace legitimate Lenovo applications with malicious programs and allow hackers to remotely run programs.
France gains sweeping NSA-style surveillance powers
The French government has voted in favor of greater powers of surveillance, giving it intelligence-gathering capabilities on a par with the NSA. The move came in the wake of the Charlie Hebdo attack which led to the deaths of 12 people and prompted the Je Suis Charlie support campaign.
The new laws allow for NSA-style mass collection of metadata online as well as setting up the National Commission for Control of Intelligence Techniques (CNCTR) to oversee data collection. It has been criticized by some as being the French equivalent of the Patriot Act and the ruling Socialist Party is accused of prying too far into the private lives of normal people in the name of counter-terrorism.
Rombertik strikes! In 10 seconds, this computer will self-destruct
Viruses can be a serious problem and they take myriad forms. Viruses have become increasingly sophisticated over the years, particularly in the methods used to try to evade detection. Now Cisco's Talos security researchers have discovered the Rombertik which goes to extraordinary lengths to avoid analysis.
Researchers managed to reverse-engineer the virus and found "multiple layers of obfuscation and anti-analysis functionality". One sample was found to include code that would destroy the MBR of the host computer if analysis or debugging is attempted.
ImmuniWeb takes a fresh approach to detecting website vulnerability
As apps and commerce increasingly move online they provide a tempting target for hackers. It's important that websites are properly tested for vulnerabilities but this can be a time consuming process and many smaller organizations lack the resources and expertise to do it themselves.
High-Tech Bridge's ImmuniWeb offers a fresh approach to website vulnerability assessment. It uses a hybrid approach combining automated testing with the skills of security professionals.
Microsoft slams Android's update policy, announces 24x7 update plans for Windows 10 devices
Microsoft values its customers’ security, and it wants them to know that. The company announces its plans to frequently update Windows 10-powered desktops, laptops, phones, and tablets. At Ignite 2015 event, the company says that it will be pushing security updates every day instead of delivering them once a month.
Home users will be getting updates more often than ever, Windows chief Terry Myerson notes. Businesses, however, will remain sited on their monthly cycle -- popularly known as Patch Tuesday -- as the company plans to first test the update with home users and ensure that those codes aren’t breaking anything. Sounds reasonable.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.