Exploit acquisition program aims to patch mobile vulnerabilities faster
Even after new mobile threats have been identified the number of devices in use means it can take time for patches to be rolled out to all users.
Mobile threat defense company Zimperium is hoping to tackle this problem with the launch of a $1.5 million bounty program to purchase N-day exploits which have been identified but are still usable on unpatched devices.
Survey reveals the true cost of data breaches
More than a third of organizations that experienced a data breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent.
This is a key finding of the latest Cisco Annual Cybersecurity Report which also shows that after attacks, 90 percent of these organizations are improving threat defense technologies and processes.
2016's top malware threats show a shift in attack patterns
The methodology of malware and cyber attacks has shown a significant shift in 2016, according to the State of Malware report from Malwarebytes.
Although ransomware is the favorite attack method used against business, ad fraud malware is growing fast and poses a substantial threat to both consumers and businesses.
New intelligence platform aims to cut credential-based risks
Many cyber attacks are made using stolen or abused credentials. One of the ways to combat this is to collect activity data and use it to spot anomalous behavior patterns.
Leader in this field Exabeam is launching its new Security Intelligence Platform, designed to decrease the risk of cyber threats for organizations of any size. It addresses the need to collect more data than ever before, to make better connections across that data to detect threats, and to augment human analysts during incident response.
Comodo extends endpoint protection to Mac and Linux
Businesses are increasingly aware of the need to protect their endpoint systems. However, they tend to concentrate most of their efforts on Windows which can leave other platforms vulnerable.
Cyber security specialist and digital certificate provider Comodo is launching a new version of its Advanced Endpoint Protection (AEP) product that extends availability of its default-deny endpoint security to Mac and Linux platforms, in addition to Windows.
Tenable launches cloud-based vulnerability management
Increased adoption of virtualization, the cloud, and the accelerating use of web applications and short-lived assets like containers has led to changes in how and when companies need to assess vulnerabilities.
Cyber security firm Tenable Network Security is launching a new cloud-based vulnerability management platform to enable enterprises to secure the full range of assets in modern elastic IT environments.
Facebook launches new open source account recovery tool: Delegated Recovery
At the USENIX Enigma conference, Facebook unveiled a new way to overcome the problem of forgotten passwords. Known as Delegated Recovery, the mechanism essentially allows two online services a user has accounts with to be used as a form of two-factor authentication.
Delegated Recovery is something of a new take on 2FA, building on Facebook's previously announced support for U2F Security Keys. The problem with password recovery via email or SMS, is that it's easy for the recovery medium to be compromised, and security questions are easily guessed. Delegated Recovery takes a new approach, and it's being trialed on GitHub.
Samsung Galaxy smartphones can be crashed with a single SMS
Security researchers from Context IS have uncovered serious vulnerabilities in a number of premium Samsung Galaxy phones which allow attackers to crash devices using a single SMS message and initiate ransomware attacks.
The report is part of a series which aims to show "how, even in 2017, SMS-based attacks on Android phones are still viable". As longtime readers might recall, iOS too was vulnerable to such attacks -- but that was nearly two years ago. While the report focuses on Samsung's Android handsets, the researchers suggest that the vulnerabilities could be found in other vendors' smartphones as well.
datAshur PRO -- The ultimate secure USB flash drive [Review]
USB flash drives are great for storing personal files on, so you can have easy access to them wherever you go. But what happens if you lose a drive or it gets stolen? All of your personal data could be at risk.
While there are ways to secure the contents of a flash drive using software, you need to remember to do so every time. The datAshur PRO, from iStorage, offers a hardware solution that’s simple to use and will protect your data with military grade XTS-AES 256-bit encryption.
Kaspersky and ESET top the security charts
The way people access the internet is changing, with a shift towards portable devices, and that in turn has led to a shift in the software they use.
Independent testing company AV-Comparatives has conducted its annual survey focusing on which security products (free and paid) are employed by users, along with their OS and browser usage.
The effect of cybercrime on businesses and consumers
Here we are, at the end of the first month of a new year and where are we? Well, I guess that very much depends on who you are. If you're a hacker, then things are looking good for you. If you're a consumer, the evidence suggests you won't be fooled twice, but is that good enough? And if you're a business, you've got the same security problems as last year but with enhanced threats from hackers and careless employees as well as enhanced expectations from consumers.
So, exactly what is happening in today's security world and what does it mean for you?
Vulnerabilities could leave thousands of NETGEAR routers exposed
New vulnerabilities discovered in 31 models of NETGEAR router are reckoned to leave at least 10,000 devices at risk and could affect many more.
Cyber security company Trustwave has released details of the vulnerabilities which allow an attacker to discover or completely bypass any password on a NETGEAR router, giving them complete control of the router, including the ability to change configuration, turn infected routers into botnets or even upload entirely new firmware.
New platform offers holistic risk assessment for enterprises
The proliferation of cloud services and diverse platforms in modern enterprises makes guarding against risk and protecting data a major challenge.
Cyber risk assurance company TechDemocracy is addressing this problem with the launch of a new platform to analyze the effectiveness of existing cyber risk and compliance solutions and offers a consolidated view of enterprise risk posture.
Really, Google? Chrome 57 kills the ability to control and disable plugins
With web browsers being among the most frequently used pieces of software out there, it's little wonder that there is so much concern about security surrounding them. Browser plugins can be a major security worry, and with Chrome 57 Google has taken the strange decision to block users from disabling them or changing their settings.
While this is not the same as preventing users from changing the settings for extensions, or removing them, it still has important implications -- particularly if a security problem should be discovered in a plugin Google bundles with Chrome.
Warning: most Android VPN apps are insecure
VPN software can be used to not only circumvent geoblocking, censorship and ISP blocks, but also to remain anonymous online. At least that's the idea. If you're an Android user who has a VPN app installed on your phone or tablet, the chances are that it is not safe.
Research shows that the majority of VPN apps to be found in Google Play contain spyware or malware, leak data, or include tracking components. This is in stark contrast to what most people would expect from such apps, and users are warned to double-check the choice they have made.