Information security news

RSS
Intentional Leak of Business Data Because of UK Employees` Misbehavior

The investigation of Egress Software Technologies has discovered that 24 % of UK workers have purposefully distributed the company sensitive information among rivals and new or former workers.

The company interviewed 2000 employees whose jobs consist in often use of emails to cover all the points of email misuse in the firm.

 » Read more about: Intentional Leak of Business Data Because of UK Employees` Misbehavior  »

Employee Snooping: Digging for Unnecessary Confidential Information

To the detriment of the effective security measures, many employees are looking for information that doesn`t have anything to do with their referral tasks.

A global survey involved more than 900 IT security experts from One Identity and demonstrated that 92 % of employers have found their workers trying to get access to information that has no relevance to their everyday work. Practically one in four, which is 23 % emphasized that this is a rather frequent behavior.

 » Read more about: Employee Snooping: Digging for Unnecessary Confidential Information  »

Security Gaps
This Year: Top 10 Cloud Storage Security Gaps

Accenture

The Cyber Risk Team at UpGuard revealed that Accenture didn`t properly protect no fewer than 4 AWS S3 storage buckets, as a result, they are open for a public access. This gap undermines security of authentication credentials, secret API data, digital certificates, decryption keys, information about the user, and other types of information. UpGuard stressed that this problem could cause a vast financial loss, because now hackers have opportunity to exploit the keys in order to disguise themselves as Accenture employees and to steal different sensitive data they need.

 » Read more about: This Year: Top 10 Cloud Storage Security Gaps  »

poor password
Poor Password Security Across Most Organizations

Weak passwords become the highest priority danger for organizations to be attacked, but nevertheless, majority continues to pay more attention to policy based technology, and not to the user.

The investigation from LastPass and Ovum shows that most IT executives` respondents completely entrust password behavior to employees` control. Nearly 61 % of IT executives consider employee education to be the essential component for ensuring the password security, so workers are able to improve password only by themselves,

 » Read more about: Poor Password Security Across Most Organizations  »

High-Security of Crypto Keys was damaged by ROCA, more dangerous Exploit Than KRACK

Don`t you consider well-known KRACK to be the most dangerous attack? Meet even worse security hole. A destroying vulnerability has endangered the security of the most encryption keys, including those being used in identification documents, software signing and platform modules preventing government and enterprise computers from different attacks. One more wild morning brought the terrible news: security specialists discovered an inevitable deficiency in a commonly used cryptography code library, to be more precise,

 » Read more about: High-Security of Crypto Keys was damaged by ROCA, more dangerous Exploit Than KRACK  »

KRACK attacks hit Wi-Fi networks – the way out

The KRACK Attack is coming! The recent development – a Bug with a telling name

To be more precise, these are the KRACK Attacks, because there are several similar attacks that were introduced in the paper by KRACK.
So-called KRACK attacks are yet more proofs that many encrypted Wi-Fi networks are not as secure as you may think.
Using WPA and WPA2 encryption, KRACK affects many networks. It`s worth mentioning that nowadays the majority of wireless access points are covered exactly with this kind of encryption.

 » Read more about: KRACK attacks hit Wi-Fi networks – the way out  »

Gap in US Employees` Knowledge of Security and Privacy at Work

According to the results of a new investigation, workers have a big gap in knowledge of security measures and these unaware employees represent a great risk for their company to be hit by the criminals.

The 2017 State of Privacy and Security Awareness Report involved 1,012 US workers in the survey and revealed that 70% of employees lack a knowledge of security and privacy spheres. It`s better result in comparison with the last year,

 » Read more about: Gap in US Employees` Knowledge of Security and Privacy at Work  »

The Reasons to Worry about Business Privacy

Nowadays, to be proactive when it goes about privacy, is no longer about making efforts to hide from authorities. Privacy is of a critical importance now, because it is closely connected with security and protection of you as well as your close people or a working staff from being hit by the skilled and inventive cybercriminals.

 » Read more about: The Reasons to Worry about Business Privacy  »

Bosses must adhere to staff privacy at work

European companies must adhere to staff privacy at work, as the European Court of Human Rights has decreed.

The lower chamber of the court reconsiders the case of 2016, when it found no interference in privacy of the workplace communication surveillance. It was the first time for considering issue connecting with the electronic communication surveillance at a private company.

In August 2007, the employer fired Bogdan Mihai Bărbulescu from Bucharest, Romania,

 » Read more about: Bosses must adhere to staff privacy at work  »

The Bashware Attack Technique

Microsoft has been using Linux for practically three years, and it costs the system a pretty sum, actually.
Last year, Microsoft informed about the development of Windows Subsystem for Linux (WSL) in Windows 10, which provides users with the Linux command-line shell in order to use native Linux applications on Windows system. So, there is no need for a virtualization.
Security specialists of the security firm Check Point Software Technologies have revealed the WSL feature that helps malware intended for Linux to hit Windows devices.

 » Read more about: The Bashware Attack Technique  »

Unjustified Job Dismissal – Justified Law Decision

There was a legal procedure between a web developer and his former employer in Germany, when a judge ordered that keeping an eye on a worker, using keylogger spyware contravenes the law.

Actually, keyloggers can be of different types. They can be plugged in between a keyboard and a PC, but the most are software with advanced features, such as watching over monitor object file and taking screenshots of it. The employer’s malware contains exactly these features.

 » Read more about: Unjustified Job Dismissal – Justified Law Decision  »

Thousands of Android-spying Apps are on the Loose: how to Deal with SonicSpy

The majority of malicious software apps are coming from the Internet, and unfortunately, Android users have one more reason to worry: spyware apps that steal data from the infected devices.

 » Read more about: Thousands of Android-spying Apps are on the Loose: how to Deal with SonicSpy  »

Numerous Android Apps on Google Play Store Found Keeping an Eye on 100 Million Users

A lot of users have downloaded over 500 various apps from official Google Play Store. The majority of these apps were infected with a tricky ad library that spreads spyware without being noticed and can do different hazardous procedures.

The main source of income for the app developers is advertising, because Google Play Store provides free downloads for 90% of Android apps. Toward this goal, they embed Android SDK Ads library in their apps that doesn’t influence app’s functionality.

 » Read more about: Numerous Android Apps on Google Play Store Found Keeping an Eye on 100 Million Users  »

Concealed Botnet is the Key Danger

Security specialists revealed a dangerous adware botnet counting practically half a million victims, after attempts to remain in the background.

As ESET informed, Stantinko botnet targets mainly Russia and Ukraine. Its developers put it in circulation by installing hostile browser extensions that contain malicious ad and click fraud.

ESET also added that they were used for a fully featured backdoor sending, a bot for searches on Google, and a tool for performance of brute-force attacks on Joomla and WordPress administrator panels when trying to resell them.

 » Read more about: Concealed Botnet is the Key Danger  »

Your Smartphone and Hackers – How to Keep It Safe

This banking Trojan can easily thieve sensitive data from the infected devices because of Accessibility Services.

Android devices with all updates and the latest Android version, and all security patches installed are also at risk, so these techniques aren’t as safe as many users think.

 » Read more about: Your Smartphone and Hackers – How to Keep It Safe  »

Al creates new malware, which cannot be revealed by AV software

The experiment involves Elon Musk’s OpenAI framework.

DEF CON Machine-learning tools improve their skills and have ability to create their own malware that overcomes antivirus software.

In a major presentation at the DEF CON hacking convention Hyrum Anderson, technical manager of data science at security shop Endgame, demonstrated the company research involving Elon Musk’s OpenAI framework adaptation to the aim of developing malware that cannot be revealed by security-protection modules.

 » Read more about: Al creates new malware, which cannot be revealed by AV software  »

New Study from OneLogin Reveals that a Great Number of Ex-Employees Continue to Exploit Company Applications

The survey reveals that a leak of data has increased to 20% because of failure to deprovision employees.

In spite of the fact that companies pay more attention to security sphere, a new investigation from the identity management provider OneLogin proved that still there is a lack of attention in many businesses to critical threats issues brought on by ex-employees – San Francisco, Calif., July 13, 2017.

 » Read more about: New Study from OneLogin Reveals that a Great Number of Ex-Employees Continue to Exploit Company Applications  »

Americans are not very proficient in password algorithm

The investigation of Wakefield Research revealed that although online worry increases, password algorithms remain unimproved. For example, 81% of respondents use one password for many accounts. They are more or less digitally dodgy, but, nevertheless, 92% say they use one password for various accounts.

 » Read more about: Americans are not very proficient in password algorithm  »

phishing_email_ransomware
Email is the main source for Ransomware Attacks

Many ransomware attacks (76%) take roots in your PC performance through sending malicious messages to your email.

As Barracuda reported, phishing is a real moneymaking (particularly spear phishing). Most of the companies communicate through email, that is why it is the most commonly used tool for attackers’ tricks.

 » Read more about: Email is the main source for Ransomware Attacks  »

Gmail Works in with Machine Learning

Google created new security measures for Gmail users, including protection against phishing attacks, click-time warnings for fraudulent links and unintended external reply warnings.

The new machine learning technologies are based on a certain principle that spot-checks messages for phishing tricks. Andy Wen said that it helps to block spams and phishing messages from occurrence in the inbox folder within the accuracy of 99.9%.

The viral detection combines with Google Safe Browsing’s machine learning technologies for revealing and flagging “phishy” and malicious URLs.

 » Read more about: Gmail Works in with Machine Learning  »