Windows shops be warned: New Internet Explorer bug lets hackers hijack your system
A Chinese cybersecurity firm has discovered a "double kill" bug in Internet Explorer that it said is already being used by possible nation-state hacking groups.
Author Archives: Security on TechRepublic
New templates let AWS users quickly and easily deploy blockchain networks
Users can launch either Ethereum or Hyperledger Fabric networks in just a few clicks.
How to protect your business from the real risk of a social media takeover
By not following basic security practices on social media, individuals and businesses increase the risk of attack, said Mike Price, CTO of security firm ZeroFox.
Microsoft: Tech support scams rose by 24% in 2017, costing some victims thousands of dollars
Social engineering scams make even the best security solutions useless, Microsoft said. It wants industry-wide collaboration to solve the problem.
You weren’t hacked, Google tells Gmail users who received spam from themselves
The method behind the spam glitch was spotted last year but ignored by Google
IT whistleblowers who expose company data breaches may soon be protected in EU
A proposal by the European Commission would also protect those who expose fraud and tax evasion from retaliation.
Biometrics and the law: Police try to unlock phone with dead man’s fingerprint
Biometric authentication may be more convenient than passwords, and harder for hackers to duplicate, but how much protection does it offer from the law?
How Puresec aims to safeguard serverless applications from cyberattacks
The PureSec Tesseract is a serverless security runtime engine that protects apps in AWS Lambda, Microsoft Azure, and other environments.
LinkedIn AutoFill bug could leak personal data to third parties and attackers
LinkedIn's AutoFill button is supposed to only work on approved websites, but any website could have tricked users into providing personal data with just one click anywhere on their screen.
Upcoming Windows Defender feature will tell you when security fails
Microsoft is planning a new feature for Windows Defender that will continually check for system integrity, informing users if any secure part of the operating system has been compromised.
10 bits of career wisdom for beginning cybersecurity professionals
Cybersecurity can be a demanding and rewarding field. Here are some tips for those just starting out, based on the experience of two seasoned security pros.
How machine learning allowed one company to detect Meltdown and Spectre before Intel went public
In-memory attacks are part of the next generation of exploits that cybersecurity experts need to guard against, and AI and machine learning can help.
Why SSL is part of the problem behind a dramatic increase in malware and ramsomware in Q1 2018
Attackers are using HTTPS to carry malware, which means companies need to do DPI on SSL packets to guard against it.
Machine learning allowed this company to detect Meltdown and Spectre before Intel broke the news
At RSA 2018, Bill Conner, CEO of SonicWall, talks to TechRepublic about how AI and machine learning can help companies guard against in-memory attacks.
SSL partly responsible for dramatic Q1 2018 increase in malware and ransomware
At RSA 2018, Bill Conner, CEO of SonicWall talks to TechRepublic about how companies can guard against malware carried by HTTPS.
Windows 10 jailbreak: Google’s Project Zero reveals unpatched bug that bypasses app lockdown
Security researchers have just revealed a new unpatched bug that allows attackers to circumvent Windows 10 S' Device Guard feature, which locks the OS to only running whitelisted software.
Protect sensitive data with these five free encryption apps
Protecting customers' personal data is vitally important to the future success of every organization. Encrypting that data with one of these apps is a good place to start.
Top 5: Ways employees create security headaches for their companies
Recent research indicates that employees are responsible for a large percentage of cybersecurity incidents. Here are five ways they're causing vulnerabilities.
5 reasons your employees are a security threat to your business
Recent research indicates that employees are responsible for a large percentage of cybersecurity incidents. Here are five ways they're creating vulnerabilities.
Microsoft’s BitLocker encryption program: A cheat sheet
BitLocker, an encryption program from Microsoft, offers data protection for the whole disk in an efficient method that is easy to implement, seamless to the user, and can be managed by systems admins.
Microsoft BitLocker: Built-in encryption for your Windows PC
Microsoft has its own built-in disk encryption utility, but not all Windows PCs have BitLocker installed on them.
Forgot your Mac password? 3 ways to unlock startup disks encrypted with Apple’s FileVault
If you forget your Mac's login account password, you might not be able to access the data stored on a FileVault encrypted drive. Discover three methods for regaining access to your data.
Report: A majority of web apps have security holes
A new report found that a large percentage of web apps contained at least one security vulnerability, says TechRepublic's Brandon Vigliarolo.
Most consumers believe that private browsing modes hide their identity
Private browsing mode won't hide your search history from advertisers, big data brokers, or your ISP says TechRepublic's Alison DeNisco Rayome.
Tools like Palantir illustrate how easily big data can be misused
When companies partner with vendors for big data analysis, they must be prepared for the consequences.
How to set up two-factor authentication on CentOS
Every administrator should consider enabling two-factor authentication on their CentOS 7 server for an added layer of security.
If you downloaded one of these 5 Chrome ad blockers, you could have been hacked
The ad blockers, which can take over users' browsers, were removed from the Chrome Store after being downloaded 20 million times.
How to combine SSH key authentication and two-factor authentication on Linux
Jack Wallen shows you how to set up both two-factor authentication and SSH key authentication for a rock-solid remote login of your Linux servers.
If you buy these tech accessories, you’re inviting hackers to take control of your car
Old smart car exploits can allow hackers to leak data, demand a ransom, unlock your doors, or track your location, according to Kaspersky Lab.
iOS trustjacking vulnerability lets hackers steal iPhone data, install spy apps
The flaw takes advantage of Wi-Fi syncing in iTunes, but requires a developer image to work properly.
Why human vulnerabilities are more dangerous to your business than software flaws
According to cybersecurity firm Proofpoint, the 'vast majority' of digital attacks aimed to exploit the "human factor" through phishing attempts and related efforts.
US-CERT issues alert for Russian attacks targeting IoT devices
Attorney and former CIA case officer Jack Rice explains how foreign actors could attack critical infrastructure, and how US intelligence agencies deploy a proportional response to cyber attacks.
IBM introduces ‘Adversarial AI toolbox’ to keep your AI from getting attacked
IBM machine learning researcher Maria-Irina Nicolae spoke with TechRepublic about how the company's new Adversarial Robustness Toolbox can protect AI from tampering.
How IBM Security is helping cybersecurity pros collaborate like the bad guys
Attackers have long shared their exploits, code, and methods, while defenders remained siloed. IBM Security created the X-Force Exchange platform as a way to share threat intelligence.
Why MDM is a relic of the past for mobile security
To deal with BYOD, insecure endpoints, and data leakage, many enterprises opted for MDM solutions-but they've turned out to be overbearing and ineffective.
How mobile devices became fundamentally more secure than PCs
Having learned the lessons of the antivirus and malware wars on computers, ARM architected a secure hardware enclave that mobile devices have the option to tap into.
Cloud data privacy for businesses unclear after Supreme Court drops Microsoft case
The case led to the CLOUD Act, which requires tech companies comply with court orders for data stored in the US and overseas.
How IBM Security is helping the good guys collaborate like the bad guys
The bad actors of cybersecurity have long shared their exploits, code, and methods with one other, while defenders largely worked in silos.
Why AI is the new IT
The focus of students, researchers, and professionals is migrating from computer science to machine learning, and it has a number of important implications.
IBM open sources ‘Adversarial AI toolbox’ to keep your AI from getting infiltrated
As artificial intelligence algorithms become mission critical for more functions in society and business, we need tools to protect AI from tampering.
How fact-checking could thwart phishing attacks
Digital fraudsters know humans are terrible at checking facts. A psychologist and researchers explain how better fact-checking may help foil cybercriminals' attempts at phishing.
DHS takes strong stance on hackers as tech firms stand against government cyberattacks
At the 2018 RSA conference, the United States Secretary of Homeland Security Kirstjen Nielsen said 'cybersecurity is national security.'
Why G Suite admins should enable Gmail’s advanced anti-phishing and malware settings
Google recently added new G Suite safety settings to give Gmail users an added layer of protection. Learn how to warn users of harmful emails, or simply send them straight to spam with these options.
A year after WannaCry, victims haven’t improved cybersecurity policies
The NHS has only 20 security professionals on staff, and the financial impact of WannaCry has not yet been determined.
Cybersecurity Tech Accord sets new privacy standards for tech companies
The new paper, signed by 34 tech companies, is akin to a 'digital Geneva Convention' to govern the rules of engagement in technology.
Simple steps to keep your remote workforce secure
SiteLock's Neill Feather explains how IT teams can train remote employees to be cyber-secure in a workplace that's becoming more browser-based.
How to secure hybrid clouds: What IT pros need to know
Securing a company's hybrid cloud environment is far from simple. A SANS analyst explains why and how to improve security at the public-private cloud interface.
How to prevent phishing by studying the psychology behind digital fraud
Studying how online users react to attacks in of itself is not going to solve the phishing epidemic. Researchers suggest looking at digital fraudsters' adversarial behavior.
Android Security Bulletin April 2018: What you need to know
Qualcomm components were inundated with security issues in this month's Android Security bulletin. Here's the highlights.
4 ways to protect enterprise AI efforts from cybercriminals
Hackers are using artificial intelligence and machine learning to improve their attacks. Here's how to safeguard against malicious AI, according to Forrester.
75% of consumers won’t buy your product if they don’t trust you to protect their data
More than three quarters of US consumers now say that a company's ability to keep their data private is 'extremely important,' according to IBM.
Here’s how much money a business should expect to lose if they’re hit with a DDoS attack
More than two-thirds of organizations experience between 20 to 50 DDoS attack attempts each month, according to Corero Network Security.
New Intel tool uses GPU to scan for viruses, saving time and compute resources
Intel also announced Advanced Platform Telemetry, which uses machine learning to improve threat detection.
Employees are desensitized to the potential dangers of data compromise
Christy Wyatt, CEO of Dtex Systems, shares best practices for getting your team to make cyber-threats a top priority.
Here’s why 81% of security pros believe their company will be hacked this year
An ISACA report has found that security budgets are increasing, but the cybersecurity skills gap remains.
Why router-based attacks could be the next big trend in cybersecurity
A joint statement issued by DHS, FBI, and NCSC claim that Russian state-sponsored hackers are leveraging vulnerabilities in routers to harvest data.
Microsoft says its new Linux-based OS will secure IoT devices for a decade
The OS is part of Azure Sphere, a new service that Microsoft says will secure IoT devices from their manufacture to their end of life.
How SMBs and startups can mitigate the impact of cyberattacks
Mayer Brown cybersecurity and data privacy attorney Stephen Lilley explains why SMBs and startups are particularly vulnerable to cyber-attacks and data breaches.
Myth vs. Reality: Critical infrastructure hacks
To disrupt elections hackers are likely to target critical infrastructure like transportation, energy, and communication systems, says CloudPassage CTO Carson Sweet.
AV-TEST reveals the best post-malware attack security tools
Rebuilding operating systems has been the only true way to trust malware-infected computers. Security engineers at AV-TEST say there are other options.
Report: 100% of web apps have at least one security vulnerability
Nearly all of the vulnerabilities detected in web apps were of a critical nature, with financial services sites the most at risk, according to a Positive Technologies report.
5 tips for managing shadow IT without destroying innovation
Citizen development is a growing trend in many companies. Here's how IT departments can maintain security while letting users create their own business solutions.
How hackers infiltrate critical infrastructure
Best practices for government agencies and enterprise workers to secure critical infrastructure.
CrowdStrike tools help businesses recover quickly after cyberattack, predict next threat
At the 2018 RSA conference, CrowdStrike unveiled a new endpoint security solution and other tools.
How IBM’s new cyber tools use AI to make human security pros more effective
The new IBM X-Force Threat Management Services uses an artificial intelligence (AI) engine to automate active threat management.
How the blockchain can help track important messages and prevent email fraud
Florian Bersier, CEO of email solution provider Gmelius talked with TechRepublic about how the blockchain can be used to prove the authenticity of communications and transactions done via email.
The impact of cognitive hacking on business
Carson Sweet, CTO of CloudPassage, explains the mechanics of bots, spam, and fake news.
The cybersecurity skills gap caused 40% of IT pros to stall their cloud migrations
One in four organizations have experienced data theft from the public cloud, according to McAfee.
New cryptomining malware doesn’t need a browser session to operate
XMRig is an endpoint cryptomining malware capable of doing damage without an active browser session, and its use is on the rise.
Cloud contracts: How to choose between winner-takes-all and best of breed
The Pentagon's upcoming multibillion dollar cloud deal will go to one provider, but is that the best option?
Ransomware attacks are on the rise. Should businesses pay up or focus on tightening security?
TechRepublic's Dan Patterson and Bill Detwiler, and ZDNet's Larry Dignan discussed a recent Verizon report on the rise of ransomware, and the pros and cons of meeting attackers' demands.
SnoopSnitch shows Android users what security patches are missing from their phone
Although Android device manufacturers are claiming their devices are completely up to date, researchers found that, for some OEMs, patches are secretly missing.
How hackers attack voting machines
Carson Sweet, CTO of CloudPassage, explains how elections are vulnerable to a vast spectrum of cyberattacks.
How to diversify the cybersecurity industry
The industry is projected to have 1.8 million unfilled jobs by 2022, says Forrester's Stephanie Balaouras and Claire O'Malley, but women represent just 11% of cybersecurity professionals worldwide.
How SMBs can protect themselves from hacks and data breaches
Identity Guard SVP Jerry Thompson shares cybersecurity tips for budget-constrained startups and SMBs.
Understand the GDPR guidelines for obtaining lawful consent to process data
The acquisition of clear and express consent to process personal data under the GDPR will be a priority for all organizations starting May 25, 2018. Here are some simple guidelines.
8 hard truths about working in cybersecurity
Thinking about getting into the cybersecurity field? Take these lessons from an experienced IT pro so you don't have to learn them the hard way
How to set up two-factor authentication on CentOS 7
Once you have CentOS 7 up and running, you'll want to lock down that server with two-factor authentication. Every administrator should consider enabling this additional layer of security.
User privacy and data management: Changes to expect in light of the Facebook debacle
TechRepublic's Jason Hiner and Dan Patterson discussed what lies ahead for major tech companies like Facebook, Google, and Amazon now that regulators and the public are focused on privacy.
Forrester: Facebook’s platform is a ripe target for nefarious actors
Forrester analyst Jeff Pollard Jeff Pollard explains why Facebook's data platform is a ripe target for hackers and cyber-criminals.
How state actors like Russia perpetrate cyberattacks
Carson Sweet, CTO of CloudPassage, explains the hacking tactics used by nation-states.
82% of cyber pros worry employees don’t follow cloud security policies
More than one third of companies face issues detecting and responding to cloud security incidents, according to Oracle and KPMG.
PowerHammer lets hackers steal data from air-gapped computers through power lines
Researchers exfiltrated data at 1000 bits per second by listening in on the electrical connection of a computer.
How to stop hackers from taking over your company’s social media accounts
Mike Price, CTO of security firm ZeroFOX, talked with TechRepublic about how social media takeovers happen, and how companies can protect their accounts.
Mobile devices boost digital transformation in healthcare, but security issues remain
More than 90% of healthcare IT managers said the adoption of mobile devices improved hospital communication and patient satisfaction.
A new email attack could infect you with ransomware and steal your passwords
A new outbreak of the Quant Loader trojan is tricking vulnerable users into opening malicious attachments that bypass browser security features.
Survey: How much do you know about blockchain?
TechRepublic's sister site, Tech Pro Research, wants to find out how much professionals know about blockchain and what (if anything) their companies are doing with it.
Why a fully trust-less view of Blockchain is dangerous for business
Blockchain is all about replacing trust with software. For non-developers, this could be a terrible idea.
Emergency broadcast system hack shows need for encrypted wireless communication
Emergency sirens sold by Acoustic Technology use an unencrypted command and control system broadcast over the air, which allowed attackers to commandeer them.
WebAuthn API helps businesses ditch passwords for biometric security
The API, which has almost reached formal adoption, provides a vendor-neutral method for organizations to use password-less authentication.
Credit card companies will ditch purchase signatures by end of month
Credit card transactions will no longer require signatures due in part to the rise of chip-based EMV cards, highlighting the digital transformation of retail.
Mozilla: IoT a growing security concern, social fraud hitting ‘epidemic proportions’
Mozilla said the current 'online advertising economy is broken and easily bent to fraud and abuse.'
Oblivious DNS could protect your internet traffic against snooping
DNS is prone to snooping of personal data, but four Princeton researchers think they've found a way to encrypt everyone's traffic without any changes to the current DNS system.
Businesses are adopting SaaS too fast to properly secure it
Trends like remote work are leading to a rise in SaaS adoption and rampant shadow IT issues, according a report.
Zuckerberg’s Facebook testimony: 5 big questions for businesses and developers
The Facebook CEO is set to testify before Congress on the Cambridge Analytica big data scandal that left data from 87 million users compromised.
How 5G could prevent Stingray-style surveillance and keep business travelers safer
DHS official Christopher Krebs confirmed that the US government is aware of hackers using surveillance devices in Washington, DC since 2014.
Ransomware: The new cost of doing business
Atlanta's ransomware attack was just the beginning. Larry Dignan and Bill Detwiler explain why cyber-attacks are the new normal for business.
Ransomware reigns supreme in 2018, as phishing attacks continue to trick employees
Ransomware was the cause of 39% of malware-related data breaches, more than double that of last year, according to Verizon's annual Data Breach Investigations Report.
Photos: All the tech celebrities and brands that have deleted Facebook
Many in the tech space are boycotting the social media giant's alleged misuse of user data by pulling ads or deactivating their accounts.
The future of blockchain: Which businesses are using it now, which industries will use it soon
Brett Koenig, of IT consulting firm HMB, talked with TechRepublic about the emergence of blockchain and a business tool, and its potential uses.
Don’t skimp on IT security training: 27% of employees fall prey to phishing attacks
According to a report from Positive Technologies, hackers continue to target the weak link in any company's security posture: Humans.
When hackers attack a country, they use the same flaws impacting your business
Utilizing a recent Cisco flaw, hackers attacking Iran and Russian left behind the message 'Don't mess with our elections' followed by an ASCII rendition of the American flag.
If your organization advertises on Facebook, beware of these new limitations
Facebook has banned two more analytics firms, made changes to its advertising platform, and is rolling out an Unsend feature for messages.
Cisco switch flaw led to attacks on critical infrastructure in several countries
The attack targets the Cisco Smart Install Client, and as many as 168,000 systems could be vulnerable.
5 common browser security threats, and how to handle them
Web browsers are designed to store information for your convenience, but that information can also fall into the wrong hands. Here are some simple tips for preventing that situation.
WhiteRose ransomware attack sends bizarre poetry in ransom note to victims
The attack is similar to the Black Ruby, Zenis, and HiddenTear / InfiniteTear ransomware variants and seems to utilize unsecured Remote Desktop services.
Thousands of Sears, Delta customers affected by data breach
A third-party vendor used by both companies announced that its system had been breached for two weeks starting in September 2017.
Where is blockchain heading?
At Code PaLOUsa 2018, HMB consultant Brett Koenig explained what blockchain is and what industries will use it in the near future.
No, private browsing mode won’t hide your search history from advertisers
More than half of consumers mistakenly believe that Incognito and Private browsing modes will hide their identity and browsing habits from governments, organizations, and advertisers.
Intel: Our Remote Keyboard app has a critical bug; delete it now!
The app, available for iOS and Android, allows an attacker to inject keystrokes.
Hackers are trying to destroy institutional trust
ZDNet's Danny Palmer explains how nation-state hackers undermine institutional trust in critical services and companies.
How to add an image to your OpenPGP key with Enigmail
If you're looking for a way to help email recipients know that emails are actually coming from you, adding a photo to your OpenPGP keys can help.
How to add a Secure Boot entry for WDS to prevent access to rogue deployment servers
Security extends to all endpoints and services. Locking down boot devices on client systems helps protect against unauthorized installations by leveraging secure boot to allow only trusted devices.
How to update Chrome OS firmware to improve security
To protect your Chromebook from a targeted attack on a firmware flaw, save your data and update your device. This four step process shows you how.
South Korea university faces major backlash after opening AI weapons lab
After a boycott began with more than 50 researchers, KAIST said it has no intention to build 'killer robots.'
Top 5: Things you should know about GDPR
Still not sure how GDPR will apply to your business? This list contains the essentials about the European Union's privacy regulations that will take effect in May.
Cryptojacking apps invade Google Play store, with one even hitting more than 100K downloads
Software that secretly mines cryptocurrency on infected devices is gaining popularity with cybercriminals, who have even managed to sneak malicious apps into the Google Play Store.
Why hiring more cybersecurity pros may not lead to better security
Adding more security teams staffers for vulnerability response won't improve an enterprise's posture if they don't fix broken patching processes first, according to a ServiceNow report.
GDPR: The top 5 things you need to know
Still not sure what GDPR is, or how it might apply to your business? Here are the basics.
Mirai variant botnet launches IoT DDoS attacks on financial sector
According to Recorded Future research, this could mark the first IoT botnet used in a DDoS attack since the initial Mirai attacks.
43% of enterprises have adopted an encryption strategy
Organizations are increasingly leveraging encryption to protect data and guard against human error, according to Thales eSecurity.
100% of web applications vulnerable to attack, despite billions spent on security efforts
Vulnerabilities and attacks on networked devices have surged in the past decade, while spam emails have dropped, according to a Trustwave report.
Facebook’s Zuckerberg: Here’s how we’ll fix our massive data privacy problems
The firm has faced backlash following revelations that data from 87 million users was shared with research firm Cambridge Analytica.
How the insurance industry prepares for massive cyberattacks
Jenny Soubra, US head of cyber for Allianz Global Corporate & Specialty, spoke with TechRepublic's Dan Patterson about detecting and preparing for major attacks before they happen.
The impact of regulations like GDPR on cybersecurity insurance
Jenny Soubra, US head of cyber for Allianz Global Corporate & Specialty, talked with TechRepublic about what role cyber insurance plays when privacy regulations are put in place.
Report: 41% of companies have 1,000+ sensitive files open to every employee
Data security firm Varonis released a report with alarming statistics about how unprotected corporate networks truly are.
Microsoft patches Malware Protection Engine to protect against devastating memory corruption attack
Microsoft warned that the vulnerability could allow attackers to execute arbitrary code and take control of a system.
Only 1% of media companies are ‘very confident’ in their cybersecurity
Media organizations are facing SQL injections, DNS attacks, pirated content, and DDoS attacks, according to an Akamai report.
Human error led to 424% increase in misconfigured cloud servers, prompting hacks
According to the 2018 IBM X-Force Threat Intelligence Index, breached records dropped 25% as hackers turned to ransomware.
LiveChat, TouchCommerce customer support platforms leaking sensitive employee info
The live chat scripts embedded in the websites of businesses across a variety of industries are leaking the full name, employee ID, and location of employees.
How hackers use low-tech tactics to target business
BioCatch's VP Frances Zelazny explains the mechanics of pretexting and social engineering, and why your company is vulnerable to low-tech hacks.
How cybersecurity insurance works
Jenny Soubra, head of cybersecurity for Allianz, explains why cyber-insurance is the safety net for enterprise digital transformation initiatives.
Got an old PC? Find out whether you will get Intel’s latest Spectre patch
Intel has listed a range of CPUs released between 2007 and 2011 that will not receive a firmware update to help guard against Spectre-related exploits.
How to balance security and user needs when choosing a VPN service provider
The VPN field is provider-rich, and the offerings vary considerably. Consider these important factors and your use case when selecting a VPN service provider.
Bancor launches digital wallet with built-in cryptocurrency conversion
The Bancor Network integrates with more than 100 blockchain apps and holds balances of ERC20 tokens within a smart contract.
Why notification overload is killing enterprise cybersecurity teams
Most SOCs can only handle seven to eight incident investigations per day, and have little time for threat hunting, according to a Fidelis Cybersecurity report.
72% of cybersecurity pros say hiring video gamers could fix the IT skills gap
The majority of cyber pros said that gaming teaches skills critical to security, including logic and perseverance, according to a McAfee report.
Panera Bread website leaked customer data for 8 months, ‘fix’ failed to patch flaw
Representatives from the company downplayed the issue on Fox Business Network after Brian Krebs broke the story.
Why vendors can increase your company’s cybersecurity risk profile
Often data breaches and cyber-attacks target companies and access sensitive information using third-party vendors, says Jenny Soubra, head of cybersecurity for Allianz.
These industries will soon be impacted by biomectic security
BioCatch's VP Frances Zelazny explains why companies are dropping passwords in favor of biometric security like fingerprint and iris scanners.
Why every business should consider cybersecurity insurance
Every business can be hacked, says Allianz head of cybersecurity Jenny Soubra, and it's critical to perform risk analysis before a cyber-attack happens.
Hackers hit Saks Fifth Avenue and Lord & Taylor, stealing credit card data of millions
Russian-speaking hackers compromised systems at the luxury retail outlets in May 2017, and are now offering the data of millions on the dark web.
Report: 23% of VPNs leak IP addresses
To browse anonymously, users must disable WebRTC, JavaScript, and Canvas Rendering, says TechRepublic's Conner Forrest.
Android users: Be careful what you HiddenMiner for
Android malware called HiddenMiner can prevent uninstallation and can mine cryptocurrency until your device is destroyed, says TechRepublic's Brandon Vigliarolo.
Uncertified Android devices will soon be shut off from Google services
Uncertified devices with older Android firmware could be disconnected from Google's productivity services, says TechRepublic's Brandon Vigliarolo.
Here’s what the biomectric security market looks like in 2018
TechRepublic's Dan Patterson and Frances Zelazny of Biocatch with the details of biometric security you need to know
Free APNIC, CloudFlare tool prevents ISPs from selling your internet history
APNIC and CloudFlare announced the free 1.1.1.1 DNS resolver service, which is intended as a drop-in replacement to protect your privacy from providers.
Chinese smugglers use drones to transport $80M worth of iPhones
Some 26 suspects were involved with the act, which took phones from Hong Kong to Shenzhen.
Gallery: 10 free backup applications to help you prevent disaster
Hardware can fail and malware happens to the best of us. Don't be caught without the ability to restore a computer: Use one of these 10 free backup programs instead.
How to enable Find My Device on Android
Jack Wallen shows you how to enable Google's Find My Device on Android. This feature allows you to find a lost device or prevent data loss from occurring, should your device be stolen phone.
After massive MyFitnessPal breach, firms should reconsider mobile fitness programs
A breach of the Under Armour-owned app affected 150 million user accounts.
State Department may force all US visa applicants to disclose social media accounts
The plan would affect nearly 15 million travelers annually and requires five years worth of social media usernames to be disclosed.
How to achieve better security with third-party vendors
Recently, a Walmart vendor inadvertently exposed the data of over 1.3 million people online. Here are some tips for avoiding that situation at your company.
Android Monero-mining malware can destroy phones, and it’s nearly impossible to remove
A newly discovered malware for Android is programmed to eat up every available device resource to mine cryptocurrency, killing infected devices in the process.
Here’s what happens during a social engineering cyber-attack
BioCatch's VP Frances Zelazny explains each step of social engineering hacks, low-tech cyberattacks that have a big impact on business.
What developers need to know about Facebook’s huge data privacy changes
Facebook has announced more coming changes to how it handles user data, including an expansion of its bug bounty program to cover data misuse by third-party apps.
Network admins: These VPNs might leak your IP address
According to a VoidSec report, 23% of VPNs leak IP addresses via a WebRTC vulnerability.
How to protect yourself on Facebook using a simple Firefox extension
If you depend upon Facebook for your business but want more control over your data, what should you do? Installing the official Mozilla Facebook Container extension might be your best option.
Drupal CMS vulnerability allows hackers to gain complete control of your website
The input sanitation vulnerability, an oversight that allows for arbitrary code execution, was patched on Wednesday by Drupal developers.
US FCC aims to block Chinese networking gear over national security concerns
Purchase of Huawei and ZTE networking equipment with federal funds would be blocked in the proposal by FCC Chairman Ajit Pai, which is expected to pass.
5 common misconceptions businesses have about technology patents
Companies that want to protect their intellectual property with a patent must be wary of certain false truths about the process, according to an intellectual property attorney.
5 tips for guarding your company against intellectual property threats
Protecting your organization's intellectual property in a global marketplace is a growing challenge. These tips will help make that a little easier.
NY AG Eric Schneiderman talks about holding Facebook accountable for violation of user privacy
"In the long run, it's in Facebook's interest to get the facts out there and regain the public trust," said New York attorney general Eric Schneiderman in an interview with TechRepublic.
Smart office security means balancing convenience and risk
IoT devices can make work more fun and productive, but they also pose a security risk. It's time for HR, IT, and other departments to come together and create guidelines for using these products.
Only 16% of organizations believe their current security can protect them in the cloud
A new survey by Crowd Research Partners, in partnership with a group of vendors, predicts that cloud security budgets will see a median increase of 22%.
Baltimore emergency 911 dispatch hacked, taken offline for 17 hours
The cyberattack slowed emergency response times as dispatchers had to resort to manual methods.
Uncertified Android devices are now blocked from accessing Google services
In order to protect users and ensure compatibility, Google has blocked owners of such devices from logging in to their Google accounts or using Google apps.
Why passwords are a terrible method of authentication
BioCatch's VP Frances Zelazny explains how biometric security could soon replace passwords.
macOS High Sierra bug will show hackers what your password is
External volumes encrypted using the Apple File System are logging decryption passwords in plain text, and Apple has yet to fix the problem.
Only 26% of US companies that paid ransomware attackers had files unlocked
The average estimated business cost of a ransomware attack is more than $900,000, according to a SentinelOne report.
Total Meltdown: How Microsoft’s Meltdown patch created an even bigger flaw for hackers
The vulnerability affects Windows 7 and Windows Server 2008 R2, and gives complete memory access to hackers.
These 10 industries are most impacted by malicious bot traffic
Web traffic generated by bots has risen nearly 10 percent in the past year, with most of it aimed at these industries.
How to recover data encrypted with Apple’s FileVault 2
Apple's FileVault 2 offers whole-disk encryption schemes that protect the contents of your disk from unauthorized access. Here are three ways to regain access to your encrypted drive and recover data.
Android Security Bulletin March 2018: What you need to know
The March Security Bulletin brought another rise in Critical vulnerabilities. Is it time to panic? Jack Wallen says "no." Here are the highlights from the March Android Security Bulletin.
As GDPR looms, 60% of global enterprises still don’t properly tag sensitive data
More than a third of organizations have no procedures in place to identify risk to different individuals, according to AvePoint and CIPL.
BranchScope vulnerability could be the next Spectre/Meltdown flaw for the enterprise
While the Spectre vulnerability focused on the branch target buffer, BranchScope shows similar flaws in the branch predictor, but is unaffected by patches.
The malicious uses of AI: Why it’s urgent to prepare now
In an extensive report, 26 experts offer artificial intelligence security analysis and tips on forecasting, prevention, and mitigation. They note the AI-security nexus also has positive applications.
Why Blockchain adoption has stalled in financial services and banking
The distributed ledger technology lacks clear business use cases in finance, despite hefty investment from banks and other firms.
Your personal data is widely available to hackers
Prior to the advent of the internet, personal data was siloed in hard-to-find places, says Abine CEO Rob Shavell. Today data about all of us is remarkably easy to find.
How the malware landscape is evolving
We still have a massive number of hacks and malware coming in through phishing and older "tricks," says Franc Artes, Architect of Security Business at Cisco.
Evolving threats to Mac environments
Mac users exercise less caution, says Secdo security evangelist Mitchell Bezzina, which means there is a higher risk of exploits and malware infection.
How hackers get paid
Rich Arundel, co-founder and general manager of Currencycloud, explains how hackers who attack the web, APIs, IoT, and mobile devices can earn a living without breaking the law.
Disrupting the bug bounty ecosystem
We're building a payment platform so white hat hackers can get paid quickly and focus on their business, says Rich Arundel, co-founder and general manager of Currencycloud.
Why smart office tech could be a security nightmare
Smart office devices introduce a large spectrum of security risks to your company, says ZDNet's Steve Ranger.
Why cybersecurity pros should pay attention to recent warnings about Russian attacks
The US Computer Emergency Readiness Team recently issued warnings about attacks on businesses in energy, aviation, and other sectors. Here's why those are important and how security pros can respond.
Could Facebook’s data debacle force more companies to act like Apple on privacy?
Apple CEO Tim Cook called on Congress to create tougher measures protecting people's data and privacy.
TLS 1.3 is approved: Here’s how it could make the entire internet safer
The IETF has finally given the okay to the TLS 1.3 protocol, which will speed up secure connections and make snooping harder for attackers.
NY AG on Facebook and Cambridge Analytica: “We will hold them accountable”
"Consumers have a right to know how their information is used," says New York Attorney General Eric Schneiderman.
Facebook’s failure to protect personal data is irresponsible
"Every sort of institution, business, public, private sector, whatever the case may be, is being attacked right now by some malicious actor," said Mercury Communication's Jake Dilemani.
Still running Windows 7 instead of Windows 10? You’re at greater risk from malware says report
The trend was consistent across Windows PCs in both homes and businesses according to Webroot.
97% of risk pros say IoT cyberattack would be ‘catastrophic’ for their business
Internet of Things devices are expanding in the enterprise, but only 46% of businesses have a policy to disable risky devices, according to Ponemon Institute and Shared Assessments.
Now hackers want your money, and your data
In a move that signals data is more valuable than cash, phishing and ransomware cyber-attackers are now demanding sensitive company information, says ZDNet's Danny Palmer.
Why passage of SESTA/FOSTA is leading some cloud providers to terminate users
Facing regulatory interference, consumer cloud service providers are dumping users with little notice.
How to protect our critical infrastructure IT systems while we replace our legacy control systems
Many of the legacy industrial-control systems that run our power grids and control our drinking water systems have poor cybersecurity, and it could take 15-20 years to replace them. Here's what we can do in the mean time.
US election cybersecurity funding gets a boost of $380 million
The US Election Assistance Commission will receive an additional $380 million toward cybersecurity efforts. Here's what IT pros and elections officials need to know.
Report: Cryptojacking exploded 8,500% in 2017 as Bitcoin gained value
Security provider Symantec said that nearly a quarter of the attacks it blocked in December 2017 were related to cryptojacking.
GhostMiner fileless cryptomining malware has code that kills itself and other strains
Monero-mining malware GhostMiner is fileless, nearly undetectable, removes competing cryptominers, and may have provided experts with a way to eliminate cryptomining infections.
How a recently discovered malware may save you from cryptomining infections
GhostMiner is an advanced cryptomining malware, but it contains code that can kill it and others like it.
Self-driving Uber crash that killed pedestrian should have been avoided, experts say
It is not yet known why the software in the Uber driverless car did not register the pedestrian or stop, according to experts.
Twitter CEO: Bitcoin will be world’s ‘single currency’ within 10 years
The cryptocurrency, and its underpinning blockchain, have serious implications for the business world, too.