Articles about Security

What to expect on August's Patch Tuesday

Patch download

As all Windows users will know, the second Tuesday in each month means it's patch time. So that system admins don’t get caught out Microsoft has published its advanced notification ahead of August's Patch Tuesday.

So what can we expect to see in this round of updates? There are nine bulletins in total for software including Internet Explorer, Windows and Office. Two are rated "critical" as they allow for remote code execution.

Continue reading

EFF releases 'behind the scenes' footage of NSA flyover

At dawn on June 27th Greenpeace and the Tenth Amendment Center launched an airship to fly above the NSA data center in Utah. The message on the sides was not subtle -- "Illegal spying below", with an arrow pointing down. It was meant as an alert to action for citizens, and the stunt did have an effect.

Now the Electronic Frontier Foundation (EFF) has released behind the scenes footage of the event, filmed by documentary director Brian Knappenberger, who recently released "The Internet's Own Boy", a story of Aaron Swartz.

Continue reading

Only 39 percent of companies have a BYOD policy

It seems that allowing employees to use their own devices is an inevitable trend for most businesses. Yet a new survey by Software Advice finds that only 39 percent of workplaces have policies in place to cope with BYOD.

Businesses need to deal with the risks that BYOD brings. This includes the loss of visibility once company data is transferred to a personal device, privacy and legal concerns and the threat that devices could be compromised.

Continue reading

Edward Snowden can stay in Russia for at least three more years

Edward Snowden can stay in Russia for three more years

The enfant terrible of the tech world, and the thorn in the side of the NSA, Edward Snowden has been granted permission to stay in Russia for a further three years. The former NSA analyst turned whistle-blower sought exile in the country a year ago and on August 1st he was granted an extension. The three-year residency permit was approved a week ago, but has only just been made public by Snowden's lawyer. Anatoly Kucherena explained that Snowden himself would hold a press conference as soon as possible, reported Russia Today.

The US has tried to force Russia to hand over Snowden so he can face charges in his home country, but for the time being, he will be able to stay where he is. If he feels inclined, the permits allows for him to travel abroad for up to three months, and he is free to travel wherever he wants within Russia. Although he has not expressed an interest in doing so, Snowden would be eligible to apply for permanent residence in Russia in five years' time.

Continue reading

Advanced threat detection is more than a single moment in time

The changing nature of the threat landscape, and the ever-growing sophistication of hackers, means that the way organizations protect themselves against advanced cyber-attacks must change too. Hackers are no longer focused on what was traditionally deemed to be their destination -- the perimeter of the enterprise. They're now focused on the journey itself, leveraging an array of attack vectors, taking endless form-factors, launching attacks over time, and cleverly hiding the leakage of data.

The reason that many of them are successful, is that most security tools today focus on prevention only -- controlling access, detecting, and blocking, all at the point of entry. Typically, incoming files will be scanned only once, at an initial point in time, to determine if they're malicious.

Continue reading

Content Raven adds control and security to Google Drive

cloud security

Storing data in the cloud is convenient and makes for easy sharing and collaboration but it inevitably raises security concerns, especially when using public services.

Content Raven produces a cloud-based file distribution toolkit which adds an extra layer to provide content control, security and deep analytics to files stored in the cloud. It already integrates with Box and Dropbox but from today adds support for Google Drive too.

Continue reading

Get out of jail free card for Cryptolocker victims

cell keys

The Cryptolocker ransomware has had something of a checkered history, from the news that its GameOver Zeus botnet had been taken down by the authorities to a new strain of the malware appearing in June, it's seldom been out of the news this year.

Now though the story has taken a new twist and victims of the malware -- estimated at around 500,000 people -- can recover their encrypted files without the need to pay a ransom.

Continue reading

The hidden security risks of popular apps

Mobile apps

As we rely more and more on mobile devices and an increasing number of businesses adopt BYOD strategies, security and privacy risks become a greater concern.

A new report by risk management specialist Appthority looks at the hidden risks presented by the 400 most popular iOS and Android apps. It identifies the ten most risky behaviors that threaten enterprise security, at least one of which is found in 99 percent of popular free apps.

Continue reading

PayPal 2-Factor Authentication hack found by security researcher

PayPal, the online payment service once owned by Elon Musk and now in the hands of eBay, has become a bit of a staple of daily life on the internet. After all, we can use it for all sorts of payments, money transfers, invoicing and receiving money. But is it as secure as we hope?

An Australian security researcher has uncovered a way to hack past PayPal's Two-Factor Authentication (2FA). Joshua Rogers used the vulnerability he discovered with an eBay account:

Continue reading

Second generation ransomware now in the wild

Ransomware is a particularly nasty form of malware that locks your computer, encrypts your files, and then demands a ransom to free your data. Payment is usually made using untraceable currencies like Bitcoin. In a lot of cases it’s easy enough to remove the malware without paying anything, but doing so won’t get your files back.

A new wave of even more dangerous ransomware is now beginning to appear in the wild. Kaspersky recently highlighted a worrying new threat called CTB-Locker (aka Critroni), nicknaming it "Onion", because it uses the anonymous TOR network. Trend Micro reported another wave of ransomware called Crytoblocker, described as the potential successor to CryptoLocker, and Synology customers are now experiencing a targeted customized ransomware attack.

Continue reading

Multi-vector DDoS traffic soars as attackers return to trusted methods

DDoS attacks

As the security industry has got wise to the use of the Network Time Protocol vulnerability to create DrDoS (Distributed reflected Denial of Service) attacks their traffic levels have dropped by 86 percent.

However, traditional multi-vector attacks against servers and websites have seen their traffic increase by 140 percent. Attacks using the TCP SYN and HTTP GET protocols are now the most frequent and severe threats to enterprises and service providers. This is according to a threat report for the second quarter of 2014 from attack protection specialist Black Lotus.

Continue reading

Google email scanning technology catches pedophile sharing abuse photos

Google email scanning technology catches paedophile sharing abuse photos

The scanning of personal emails is almost universally regarded as a terrible thing. Just like the activities of the NSA, when email providers start rifling through private information, it has a tendency to upset people. The justification for governmental mass surveillance has always been that it helps to combat crime -- and of course we never have to wait for long before the words "terrorists", "extremists", and "attack" are used. Google has just demonstrated how email scanning can be used to catch criminals. In this case, Google's image recognition software was used to identify images of child abuse sent via email by a Texan man.

A 41 year old man was arrested after the system detected suspicious material. The police were alerted and requested the user's details from Google after child protection services were automatically notified of the findings. The convicted sex offender's account triggered an alert after automatic, pro-active scans detected illegal pictures and Google then reported it to the National Center for Missing and Exploited Children. Google is understandably tight-lipped about how its technology works, but as the Telegraph points out, we do already know a little about the methods used.

Continue reading

Mozilla Developer Network site leaks 76,000 user email addresses

data leak tap

The latest organization to suffer an embarrassing security failure is open source developer Mozilla. The company whose mission is "to promote openness, innovation and opportunity on the web" has, it seems, been a bit more open than usual.

It has admitted to leaking the email addresses of 76,000 developers. This began happening on June 23rd when what Mozilla calls a "data sanitization process" on the Mozilla Developer Network site began failing and carried on for a month unnoticed.

Continue reading

Researcher claims passenger planes are vulnerable to cyber attack

A cyber security researcher has worked out ways to hack into passenger jets through the plane's Wi-Fi and inflight entertainment systems.

If confirmed, the claim could prompt a comprehensive restructure of aircraft security, and cast new scrutiny on the way aircraft electronic security has been managed in the past.

Continue reading

China bans Kaspersky and Symantec antivirus

China has come down hard on US-based security company Symantec and its Russian counterpart Kaspersky, removing it from the list of approved antivirus providers in Chinese government computer systems.

The news comes amid a move from the Beijing government to limit Chinese dependency on foreign technology firms.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.