Millions download botnet-building malware from Google Play
Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices. The apps’ …
Another KRACK in the network perimeter
When a high profile vulnerability surfaces that is as far reaching as KRACK, a WPA2 encryption attack to hijack Wi-Fi networks, it’s common to respond impulsively. “Why are …
Most organizations don’t have SSH security policies in place
Cybercriminals can abuse SSH keys to secure and automate administrator-to-machine and machine-to-machine access to critical business functions. According to Venafi’s research, …
Enterprise container security: There’s room for improvement
With companies such as Facebook, Netflix and Google heralding the use of containers for their agility, portability, and cost benefits – enterprises are following suit. …
Google offers Advanced Protection for high-risk users of its services
High-risk Google users – journalists, human rights and civil society activists, but also campaign staffers and people in abusive relationships – can now take …
Europol wants ISPs to aid law enforcement by dropping CGN technologies
Europol is urging ISPs to stop using Carrier Grade Network Address Translation technologies, because they make identifying and tracking criminals a lot harder. What is Carrier …
Digital skills gap: The biggest hindrance to addressing cybersecurity?
Although businesses recognize the importance of digital transformation, organizations worldwide are struggling to balance the elements needed to deliver on digital. Of 1,625 …
Oracle fixes 252 vulnerabilities in October 2017 Critical Patch Update
Oracle has released its Critical Patch Update (CPU) for October 2017, addressing 252 vulnerabilities across the wide multitude of its products. Compared to the July 2017 CPU, …
The pervasive risk of vulnerable open source components
Veracode announced findings from the 2017 State of Software Security Report, a comprehensive review of application security testing data from scans conducted by a base of more …
Should non-security functions get more involved in cybersecurity?
According to a survey conducted by Dimensional Research, 100 percent of respondents believe soft skills are important when hiring for their security teams. The three most …
Digital transformation and the loss of security control
Unpatched web infrastructure and de-centralised web management practices are leaving UK organisations vulnerable to cyber-attacks and high profile data breaches. New RiskIQ …
Vulnerability in code library allows attackers to work out private RSA keys
Researchers have discovered a security vulnerability in the Infineon-developed RSA library, which could be exploited by attackers to discover the RSA private key corresponding …