A new study finds that enterprise networks have thousands of shadow personal devices including laptops, tablets and mobile phones, as well as Internet of Things devices -- such as digital assistants and smart kitchen appliances -- connecting to them.
The report from network control company Infoblox shows 35 percent of companies in the US, UK and Germany reported more than 5,000 personal devices connecting to the network each day.
The fragmentation problem that affects Android not only means that there are a tiny number of users running the latest version of Google's mobile operating system, but also that many handsets are not patched with the latest security update. This could be about to change.
At its I/O developer conference this week, Google announced that its security policies will be changing. While its not clear when this could happen, the company will require some smartphone manufacturers to roll out regular security updates to users.
A new report from mobile measurement company Adjust reveals that in the first quarter of this year mobile ad fraud nearly doubled over the same period in 2017.
Adjust measured 3.43 billion app installs and over 350 billion events, processing and analyzing 125 terabytes of data per day from 20,000+ apps over the first three months of 2018.
President Trump's re-imposition of sanctions against Iran could lead the country to respond by launching cyber attacks on Western businesses within months, according to a new report.
Threat intelligence company Recorded Future has today released new research and analysis into the Iranian cyber threat.
According to a new survey from Arxan, only 25 percent of respondents say their organization is making a significant investment in solutions to prevent application attacks.
This is despite awareness of the negative impact of malicious activity. A worrying 65 percent of companies say they would be spurred to increase application protection measures only after an end user or customer was negatively affected.
The number of data breaches disclosed in the first three months of this year fell to 686 compared to 1,444 breaches reported in the same period of 2017, according to a new report.
This still represents the exposure of some 1.4 billion records, although this figure too is down from 3.4 billion in the same quarter last year.
It's been accepted wisdom for some time that an injection of extra talent is needed to solve the cybersecurity skills shortage.
Further confirmation of this comes in the form of a report from ProtectWise looking at the survey responses of 524 technology-savvy millennials and post-millennials in the US, conducted by Enterprise Strategy Group (ESG), to see if there were potential answers to the security skills shortage.
If you've not updated to Windows 10 April 2018 Update but you have installed Microsoft's Meltdown patches from a few months ago, your computer is vulnerable to a "fatal flaw".
This is not the first time a patch for the Meltdown vulnerability has led to problems with Windows, but previously it was Windows 7 and Windows Server 2008 that were affected. A security researcher found that Microsoft's patch for Windows 10 "undermined the mitigation", and while the problem has been fixed in the April 2018, the company is still working on backporting an updated patch for older versions of Windows 10.
Twitter has issued a warning to its 330 million users, urging them to change their passwords. The security announcement comes after the company discovered a bug that left passwords stored in unencrypted form in internal logs.
While Twitter says that the bug has been fixed and that the plaintext logs have been deleted, it is encouraging the password change out of "an abundance of caution".
The industrial control systems (ICS) used to run equipment in manufacturing, energy, and other sectors are secured differently from office networks. Vulnerabilities often go unpatched, because organizations are afraid to make changes that might cause downtime.
To minimize the chances of exploitation of vulnerabilities, measures put in place include placing ICS components on a separate network, isolating them, or air-gapping them entirely from Internet-connected corporate systems. However, penetration testing performed by Positive Technologies has shown that such measures often fall short in practice, leaving attackers plenty of opportunity to access critical equipment.
It's World Password Day and we've already looked at tips for safe password use, but a new survey from identity management company SailPoint reveals that IT professionals aren't practising what they preach when it comes to password use.
In partnership with research company Vanson Bourne, SailPoint surveyed 400 IT decision makers about their password habits and came up with some worrying results.
Ransomware attacks grew by 400 percent last year, largely down to the success of the WannaCry attack. It’s perhaps not surprising that other variants slowed down, but this signals a shift in the way ransomware is being used.
A new report from F-Secure shows WannaCry accounted for nine out of every 10 ransomware detection reports by the end of the year.
We're constantly being told that the password's days are numbered. No less a figure than Bill Gates predicted the end of the password as far back as 2004. Yet we still rely on them to protect many of our day-to-day activities.
To mark today’s World Password Day, Raj Samani, chief scientist and fellow at McAfee, has produced a set of tips that people can follow to make the best use of passwords.
A new study of password and account security on 55 of the world's most popular travel-related sites reveals that 89 percent leave their users' accounts potentially exposed to hackers due to unsafe password practices.
The research by password management company Dashlane tested each website on five critical password and account security criteria. A site received a point for each criterion it met, for a maximum score of 5/5. Any score below 4/5 was considered failing and not meeting the minimum threshold for good password security.
A critical remote code execution vulnerability has been discovered in two Schneider Electric applications heavily used in manufacturing, oil and gas, water, automation and wind and solar power facilities.
The vulnerability, discovered by cyber exposure company Tenable, could, if exploited, give cyber criminals complete control of the underlying system.