Articles about Security

Heartbleed bug not exploited before disclosure

The Heartbleed bug has gone down in history as one of the most serious flaws to affect the internet. But new research reveals that prior to its disclosure in April there's no evidence of Heartbleed having being exploited.

The disclosure of Heartbleed sent websites scrambling to apply patches. However, a study by academics at a number of US universities allays fears that the flaw may have been exploited for surveillance by government agencies before it became public.

Continue reading

Google Chrome is to blame for a massive increase in online ad blocking

Google Chrome is to blame for a massive increase in online ad blocking

A shocking new report looking at online advertising shows that there has been a huge increase in the number of internet users making use of ad blocking tools. The report describes ad blocking as having gone mainstream, but it also suggests that the loss of ad revenue threatens the life of many websites.

Pagefair worked with Adobe putting together the report and found that 4.9 percent of internet users make use of ad blockers, including more than a quarter (27.6 percent) of those in the US.

Continue reading

Dyreza trojan may pose a risk for Salesforce users

A warning has gone out to customers of Salesforce.com that the Dyreza trojan, previously targeted at banking sites, may be a risk to users of the CRM solution.

The malware uses social engineering techniques to get the victim to infect the system via email. Once installed it uses "browser hooking" to allow Dyreza to intercept content entered by the user into the web browser before that content is transmitted over the network to a web site. Critically this allows the interception to occur before the data is encrypted.

Continue reading

HP offers UK SMEs a way to prove security credentials more affordably

HP has strengthened its public sector supply chain by enabling over 600 small/medium enterprises (SMEs) to prove their security credentials with the new Information Assurance for SMEs (IASME) security standard.

The IASME should allow SMEs to compete for public sector contracts by offering a more affordable route to compliance with ISO/IEC 27001:2013, the information security standard which was published last year.

Continue reading

The Home Depot acknowledges payment systems breach

The Home Depot is the latest US retailer to fall victim to a major payment systems hack, which may have exposed its customers' credit card data since April of this year. The security breach is linked to its US and Canadian retail locations, but not its online store or Mexican chain.

The breach is publicly acknowledged by The Home Depot, with the company's CEO apologizing for what is yet another security disaster. "We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue", says Frank Blake. "We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasize that no customers will be responsible for fraudulent charges to their accounts".

Continue reading

Major malvertising network targets Windows and Mac users

A new malicious advertising network is affecting sites including Amazon, Yahoo and YouTube. Dubbed "Kyle and Stan" by the Cisco Talos Security Research group that uncovered it, the malware is able to mutate to attack both Windows and Mac systems.

Online advertising has relatively few major distribution networks, by getting ads onto one of these an attacker has the potential to get malicious content in front of large numbers of users.

Continue reading

Twitter tests 'Buy' button to allow purchasing via tweets

Twitter tests "Buy" button to allow purchasing via tweet

It has been the subject of speculation for some time now, but today Twitter finally announces that the rumored "Buy" button will soon be making an appearance in timelines. The feature has been made public through a blog post that explains that the button will initially be pushed to "a small percentage of US users", but reassuring everyone else that coverage "will grow over time".

What does this mean? Well, that you will be able to buy things via tweets, essentially.

Continue reading

One in three financial services firms inadequately protected against cyberattack

Piggy bank theft

We trust financial services organizations with some of our most precious data, but are these companies doing enough to protect the information?

According to a new survey by Kaspersky Lab and market research company B2B International, 93 percent of financial services organizations have experienced some form of cyberthreat in the past 12 months.

Continue reading

Watch out! More iPhones stolen than any other smartphone

Watch out! More iPhones stolen than any other smartphone

New figures released by the Home Office and published by the BBC show that if you own an iPhone 5, 5C, 5S and 4S in England or Wales, you are most at risk of having your smartphone stolen. If the trend continues, it is likely that the upcoming iPhone 6 will also prove similarly attractive to thieves. Figures show that there were a total of 742,000 phone thefts between 2012 and 2013, and that the largest numbers of theft involved Apple's handsets. Interestingly, despite massively dwindling sales, the next most popular phone to be pocketed by thieves was the Blackberry 9790.

While the iPhone is the most appealing to the light-fingered, the figures show that Apple's claim to be "leading the industry in protecting" seems to be true. New security features introduced in iOS 7 led to a noticeable drop in iPhone thefts, but it still remains the most commonly stolen handset. Apple told the BBC:

Continue reading

Google Chrome to effectively kill SHA-1 -- will make web more secure

Even if all people are created equal, power is not distributed equally; big players direct the world. In other words, if a company or person has enough power, they can influence policy and change, while the little guys tend to follow their lead. Sure, it may be a cynical point of view, and not an absolute, but as a little guy, it seems to be rather constant.

Today, one of those big companies, Google, is influencing the internet yet again, by effectively killing SHA-1. How is it doing this? Well, the search giant is declaring SHA-1 to no longer be safe, so starting with Chrome 39, sites that use it will no longer be considered totally secure. Since the company's browser has such a large install-base, this should cause webmasters to abandon SHA-1 at a faster rate. Is Google correct to do this?

Continue reading

Facebook rolls out Privacy Checkup feature to users around the world

Facebook rolls out Privacy Checkup feature to users around the world

We now live in an age where privacy is a key concern. Facebook has long been criticized for its somewhat lackadaisical attitude to the privacy of user data, and over the years various steps have been taken to afford Facebookers greater control over who is able to see their status updates and other data. First announced back in May, the social network is now rolling out its Privacy Checkup feature around the world, giving users the chance to check exactly who they are sharing information with.

The new tool does not really introduce any new features, but it does bring existing security controls to the fore. Privacy Checkup should make itself known over the next few days by popping up when you use Facebook, but it can be accessed whenever you want by clicking the privacy lock icon to the upper right of the page. For some reason, the face of Privacy Checkup is a friendly blue dinosaur, sort of like a prehistoric version of Clippy.

Continue reading

Trustwave ethical hacking lab looks to counter hidden threats

Hacker detection

Security exploits aren't always aimed at computers or mobile devices. Often they target the infrastructure devices like ATMs and point of sale terminals that we take for granted in our everyday lives.

In order to protect against these threats, enterprise security specialist Trustwave has announced that it's enhancing its capabilities with the opening of an ethical hacking lab at the company’s Chicago HQ.

Continue reading

Privacy and financial threats top mobile malware trends

Mobile malware

With mobile malware showing a 68 percent increase over the first half of last year it seems that, as with the PC malware field, profit is the main driving force behind it.

New data released by security specialist NQ Mobile shows that infections were detected in 37.5 million Android devices in NQ Mobile's database of 136 million active user accounts worldwide, an increase of 78.6 percent over last year.

Continue reading

91 percent of Americans concerned about online privacy -- 7 percent would change their name as protection

There are lots of reasons to be concerned about privacy online -- not least the spying carried out by the NSA and other governmental agencies. While some companies are trying to stick up for the rights of their customer, many web users have now taken to censoring themselves. New research by WP Engine shows that the level of paranoia is higher than many people may have thought -- a staggering 91 percent of Americans are concerned about their online privacy. This is interesting in itself, but the steps that web users are willing to take if they feel their privacy is threatened makes for particularly interesting reading.

Of course there are some people who would take things to the extreme, going as far as changing their name in a bid to protect their privacy, but others would take slightly less drastic action. In fact only five percent of those surveyed say they would take no action to protect their privacy. The most common reaction to feeling threatened is to change passwords (79 percent of people), but some would go further, admitting they would consider changing their email address (48 percent) or change their credit cards (48 percent). Well over a third of those surveyed (42 percent) said they would be willing to delete all of their social media accounts. Three percent of people indicated that they would even move house as a result of having their privacy threatened online.

Continue reading

DecryptCryptoLocker helps almost 3,000 victims

A few weeks back we reported on the launch of a free tool to help out CryptoLocker victims allowing them to retrieve locked files.

One of the companies behind the DecryptCryptoLocker tool, Fox-IT, has released some details of how well it's working. It has so far dealt with 2,900 requests for decryption keys and dozens more are being received on a daily basis.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.