Almost 70 percent of IT professionals suffer weekly phishing attacks
A new survey sponsored by HP's TippingPoint network security arm looks at the main information security concerns of modern enterprises.
It reveals that 69 percent of IT professionals have to deal with phishing attacks at least once a week, with customer and financial data the main targets. The survey also finds that seven out of 10 attacks originating from inside the network come from a malware infected machine.
Lizard Squad goes after Xbox Live, Twitch
As you're almost certainly aware if you're a PlayStation owner, this weekend saw an attack mounted on the PlayStation Network which took it down for a large chunk of time.
But PSN wasn't the only gaming service to get bombarded by DDoS (distributed denial of service) attacks this weekend, and indeed, other attacks are continuing right now -- courtesy of the so-called Lizard Squad, a "hacktivist" group which is enjoying its time in the media limelight. (Though note that another hacker from Anonymous claimed responsibility for the PSN attack, so it's unclear exactly what went on in that case.)
Paranoid much? Americans are now self-censoring online after Snowden's NSA revelations
The effects of Edward Snowden's revelations about the activities of the NSA continue to be felt. Internet users are now familiar with the idea that what they do online is possibly (probably?) being monitored in one way or another. Some users have taken to the likes of Tor in a bid to increase security and anonymity, but there has also been a more interesting side-effect. Figures released by "nonpartisan fact tank" the Pew Research Center suggests that a "spiral of silence" has developed as Americans start to censor themselves online.
The research group conducted a survey of more than 1,800 people in the middle of last year and found that while most people (86 percent) were quite happy to talk about state surveillance in person, less than half (41 percent) were willing to do so on Twitter (itself involved in censorship). This self-censorship is an interesting repercussion of the NSA's activities, and it seems that social network users have been hardest hit:
California brings in smartphone kill switch legislation to protect handset owners
In California, a bill has been passed that will require smartphone manufacturers to include a kill switch in their handsets. The bill states that "any smartphone, as defined, that is manufactured on or after July 1, 2015, and sold in California after that date, include a technological solution at the time of sale, which may consist of software, hardware, or both software and hardware, that, once initiated and successfully communicated to the smartphone, can render inoperable the essential features, as defined, of the smartphone to an unauthorized user when the smartphone is not in the possession of an authorized user". It's a lengthy description, but it means the kill switch that many people have been asking for for so long is becoming a reality in another state.
This is not the first time a kill switch bill has been passed -- Minnesota did something similar back in May. The SB 926, Leno Smartphones bill in California is rather more far-reaching and comes partly in response to the statistic that between 30 and 40 percent of robberies in major US cities are smartphone robberies. Once activated, the kill switch will prevent a phone from being registered on a wireless network, and cannot be bypassed even with a hard reset. In the event of theft, a user will also be able to remotely wipe their device to protect any private information they may have stored on it.
How businesses can reduce security risks
Embracing the digital revolution is unavoidable for businesses. It has brought great advantages with it too, such as anytime, anywhere communications and the storage of vital and personal information for use in our work and personal lives. It has also provided greater flexibility in where and how we work and communicate, making things much easier for us.
However, it is important to acknowledge security aspects when evaluating mobility policies in particular. Cyber attacks are on the increase and will continue in their complexity and frequency. We hear about serious breaches on a daily basis. This can range from password leaks or mobile phone hacks to international scale bugs. I often find that in the corporate world, many recognize the threats but fail to implement any strategy, let alone take tangible action. The good news is that there are steps that can be taken by businesses to drastically improve mobile security.
Software vulnerability patching is far too slow and leaves users at risk
Security holes and vulnerabilities are to be expected, but not enough is being done to patch holes quickly enough. This is the conclusion of Heimdal Security who conducted analysis of software vulnerabilities. The security firm found that while security problems are on the increase, companies are failing to keep pace and issues remain unaddressed for too long. It's something that hackers are taking advantage of, and user data is being left at great risk. Heimdal Security found that between 60 and 90 percent of attacks from hackers take advantage of this fact.
A number of key culprits are singled out for particular attention -- names that will be familiar to most: Oracle Java Runtime environment, Adobe Acrobat Reader, Adobe Flash Player, and Apple QuickTime. The biggest offender, by quite some margin, is Java Runtime environment, blighted by 48 vulnerabilities in 2012, a staggering 180 in 2013, and 90 so far in 2014. According to CVE Details, the average severity rating for all of the vulnerabilities found in each of the four products. Using the CVSS (Computer vulnerability severity system), which rates issue severity on a 1 to 10 scale, the average rating is 7.8 for Java -- and that's the best of the bunch. Adobe's two products were rated 9.2.
BitTorrent Sync gets an upgrade, includes large file sharing
BitTorrent Sync has gone from alpha to beta to full release. Along the way it has become one of the best and most secure sync apps, with security largely because of its decentralized nature. Now the service is getting a major update that adds even more features to the platform.
BitTorrent is introducing large file sharing, allowing something like an entire folder full of photos to be shared with a group of friends and family. With the new work-flow that has been built for version 1.4, customers don't need to set up an account. "There's two ways to send a link, via email or copying it to your clipboard (so you can send using any communications tool of your choice)", Erik Pounds, vice president of product management, explains.
Which is the safest home for your data, LAN or cloud? [Q&A]
Following on from Edward Snowden's revelations about the NSA's activity there have been increasing concerns about just how secure our data is, particularly if it's stored in the cloud. Indeed it's reckoned that the cloud industry faces losing billions of dollars in revenue to privacy concerns.
Yet some experts believe that storing data in the cloud is still safer than keeping it in-house. We spoke to Orlando Scott-Cowley, evangelist, strategist and technologist of email management specialist Mimecast to find out why.
Malicious email barrage hits European car rental companies
Automobile companies are being targeted by a new malware threat that is spreading like wildfire across Europe and stealing a wealth of sensitive information.
Symantec reports that the spam campaign, known as Infostealer.Retgate or Carbon Grabber, is aggressively targeting automobile companies with malware that steals encrypted information such as user names and passwords.
Rebel NSA and GCHQ agents are actually helping make Tor more secure
For anyone looking to stay anonymous online, Tor seems like an obvious option. At the same time, it could lull users into a false sense of security -- after all, this is a network that was, at least in the past, funded by the military and US government -- and conspiracy theories abound that Tor is nothing more than a honey trap to catch the kind of people who have a need for anonymity because of their nefarious activities. The network has evolved over the years and now agencies such as the NSA in the US and GCHQ in the UK are actively seeking out vulnerabilities so they can crack the network. But the relationships are actually far more complex than that.
According to Andrew Lewman, chief of operations at Tor, the same agencies that are trying to break Tor are also posting tips anonymously about the vulnerabilities that have been found -- giving a chance for them to be patched. Talking to the BBC Lewman said:
SSL vulnerabilities leave Android apps open to attack
If you're an Android user you may already have been tempted to don your tin hat and descend to your bunker following today's earlier story about app hacking. Prepare to settle in for a long seige then as new research reveals that many of the most popular Android apps have SSL vulnerabilities that leave them open to man in the middle (MITM) attacks aimed at stealing personal information.
According to threat protection specialist FireEye a significant proportion of apps allow an attacker to intercept data exchanged between the Android device and a remote server.
Sophos looking for beta testers for new Android security software, prizes offered
While the claims of Android malware may be a bit overblown, it does exist and has to be a consideration for customers. That fact has brought about an abundance of software designed to combat the perceived problem.
Now Sophos is jumping into the market with an updated version of its offering, but for the moment this latest version is in a testing phase. The company is calling on Android users to begin beta testing the new offering, and the security firm is adding an incentive in the form of prizes for people willing to step up.
5 tips to make your browsing safe and secure
The internet has become as ubiquitous as air. You’re connected at home via Wi-Fi, then you go out and stop by a cafe to grab a quick morning coffee and check your Facebook, then you come to the office, get all serious and send business mail to your colleagues. The internet gives us great freedom. But with that freedom comes great dangers and great responsibility -- you are responsible for protecting yourself on the web.
Every time you indulge into any sort of online activity, your data can be easily monitored and checked. The websites you visit receive your IP address, location, browser and operating system, screen resolution, ISP and more. You can check on what information you give away at stayinvisible.com. I have nothing against sharing this data when I do simple browsing. I am like Dutch windows without curtains -- doing nothing wrong, peep in whenever you want, I have nothing to hide.
Information security spending to grow 8 percent in 2014
Worldwide spending on information security is set to top $71.1 billion this year, up almost 8 percent over 2013, according to forecasts by Gartner. It's also forecast to grow by a similar percentage next year to reach $76.9 billion.
Gartner says increased use of mobile, cloud and social services will drive new security technology through 2016. There's been a democratization of security threats too, driven by the easy availability of malware and infrastructure, via the underground economy, that can be used to launch targeted attacks.
Gmail app hacked with 92 percent success rate
Researchers from the University of California Riverside's Bourns College of Engineering have identified a weakness in Android which allows personal data to be obtained from apps.
Tested against seven popular apps the method was between 82 and 92 percent successful on six of them, only Amazon with a 48 percent success rate proved more difficult to crack. Most vulnerable were Gmail and H&R Block at 92 percent, followed by Newegg (86 percent), WebMD (85 percent), CHASE Bank (83 percent) and Hotels.com (83 percent).
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.