A Chinese cybersecurity firm has discovered a "double kill" bug in Internet Explorer that it said is already being used by possible nation-state hacking groups.
Users can launch either Ethereum or Hyperledger Fabric networks in just a few clicks.
By not following basic security practices on social media, individuals and businesses increase the risk of attack, said Mike Price, CTO of security firm ZeroFox.
Social engineering scams make even the best security solutions useless, Microsoft said. It wants industry-wide collaboration to solve the problem.
The method behind the spam glitch was spotted last year but ignored by Google
A proposal by the European Commission would also protect those who expose fraud and tax evasion from retaliation.
Biometric authentication may be more convenient than passwords, and harder for hackers to duplicate, but how much protection does it offer from the law?
The PureSec Tesseract is a serverless security runtime engine that protects apps in AWS Lambda, Microsoft Azure, and other environments.
LinkedIn's AutoFill button is supposed to only work on approved websites, but any website could have tricked users into providing personal data with just one click anywhere on their screen.
Microsoft is planning a new feature for Windows Defender that will continually check for system integrity, informing users if any secure part of the operating system has been compromised.
Cybersecurity can be a demanding and rewarding field. Here are some tips for those just starting out, based on the experience of two seasoned security pros.
In-memory attacks are part of the next generation of exploits that cybersecurity experts need to guard against, and AI and machine learning can help.
Attackers are using HTTPS to carry malware, which means companies need to do DPI on SSL packets to guard against it.
At RSA 2018, Bill Conner, CEO of SonicWall, talks to TechRepublic about how AI and machine learning can help companies guard against in-memory attacks.
At RSA 2018, Bill Conner, CEO of SonicWall talks to TechRepublic about how companies can guard against malware carried by HTTPS.
Security researchers have just revealed a new unpatched bug that allows attackers to circumvent Windows 10 S' Device Guard feature, which locks the OS to only running whitelisted software.
Protecting customers' personal data is vitally important to the future success of every organization. Encrypting that data with one of these apps is a good place to start.
Recent research indicates that employees are responsible for a large percentage of cybersecurity incidents. Here are five ways they're causing vulnerabilities.
Recent research indicates that employees are responsible for a large percentage of cybersecurity incidents. Here are five ways they're creating vulnerabilities.
BitLocker, an encryption program from Microsoft, offers data protection for the whole disk in an efficient method that is easy to implement, seamless to the user, and can be managed by systems admins.
Microsoft has its own built-in disk encryption utility, but not all Windows PCs have BitLocker installed on them.
If you forget your Mac's login account password, you might not be able to access the data stored on a FileVault encrypted drive. Discover three methods for regaining access to your data.
A new report found that a large percentage of web apps contained at least one security vulnerability, says TechRepublic's Brandon Vigliarolo.
Private browsing mode won't hide your search history from advertisers, big data brokers, or your ISP says TechRepublic's Alison DeNisco Rayome.
When companies partner with vendors for big data analysis, they must be prepared for the consequences.
Every administrator should consider enabling two-factor authentication on their CentOS 7 server for an added layer of security.
The ad blockers, which can take over users' browsers, were removed from the Chrome Store after being downloaded 20 million times.
Jack Wallen shows you how to set up both two-factor authentication and SSH key authentication for a rock-solid remote login of your Linux servers.
Old smart car exploits can allow hackers to leak data, demand a ransom, unlock your doors, or track your location, according to Kaspersky Lab.
The flaw takes advantage of Wi-Fi syncing in iTunes, but requires a developer image to work properly.
According to cybersecurity firm Proofpoint, the 'vast majority' of digital attacks aimed to exploit the "human factor" through phishing attempts and related efforts.
Attorney and former CIA case officer Jack Rice explains how foreign actors could attack critical infrastructure, and how US intelligence agencies deploy a proportional response to cyber attacks.
IBM machine learning researcher Maria-Irina Nicolae spoke with TechRepublic about how the company's new Adversarial Robustness Toolbox can protect AI from tampering.
Attackers have long shared their exploits, code, and methods, while defenders remained siloed. IBM Security created the X-Force Exchange platform as a way to share threat intelligence.
To deal with BYOD, insecure endpoints, and data leakage, many enterprises opted for MDM solutions-but they've turned out to be overbearing and ineffective.
Having learned the lessons of the antivirus and malware wars on computers, ARM architected a secure hardware enclave that mobile devices have the option to tap into.
The case led to the CLOUD Act, which requires tech companies comply with court orders for data stored in the US and overseas.
The bad actors of cybersecurity have long shared their exploits, code, and methods with one other, while defenders largely worked in silos.
The focus of students, researchers, and professionals is migrating from computer science to machine learning, and it has a number of important implications.
As artificial intelligence algorithms become mission critical for more functions in society and business, we need tools to protect AI from tampering.
Digital fraudsters know humans are terrible at checking facts. A psychologist and researchers explain how better fact-checking may help foil cybercriminals' attempts at phishing.
At the 2018 RSA conference, the United States Secretary of Homeland Security Kirstjen Nielsen said 'cybersecurity is national security.'
Google recently added new G Suite safety settings to give Gmail users an added layer of protection. Learn how to warn users of harmful emails, or simply send them straight to spam with these options.
The NHS has only 20 security professionals on staff, and the financial impact of WannaCry has not yet been determined.
The new paper, signed by 34 tech companies, is akin to a 'digital Geneva Convention' to govern the rules of engagement in technology.
SiteLock's Neill Feather explains how IT teams can train remote employees to be cyber-secure in a workplace that's becoming more browser-based.
Securing a company's hybrid cloud environment is far from simple. A SANS analyst explains why and how to improve security at the public-private cloud interface.
Studying how online users react to attacks in of itself is not going to solve the phishing epidemic. Researchers suggest looking at digital fraudsters' adversarial behavior.
Qualcomm components were inundated with security issues in this month's Android Security bulletin. Here's the highlights.
Hackers are using artificial intelligence and machine learning to improve their attacks. Here's how to safeguard against malicious AI, according to Forrester.
More than three quarters of US consumers now say that a company's ability to keep their data private is 'extremely important,' according to IBM.
More than two-thirds of organizations experience between 20 to 50 DDoS attack attempts each month, according to Corero Network Security.
Intel also announced Advanced Platform Telemetry, which uses machine learning to improve threat detection.
Christy Wyatt, CEO of Dtex Systems, shares best practices for getting your team to make cyber-threats a top priority.
An ISACA report has found that security budgets are increasing, but the cybersecurity skills gap remains.
A joint statement issued by DHS, FBI, and NCSC claim that Russian state-sponsored hackers are leveraging vulnerabilities in routers to harvest data.
The OS is part of Azure Sphere, a new service that Microsoft says will secure IoT devices from their manufacture to their end of life.
Mayer Brown cybersecurity and data privacy attorney Stephen Lilley explains why SMBs and startups are particularly vulnerable to cyber-attacks and data breaches.
To disrupt elections hackers are likely to target critical infrastructure like transportation, energy, and communication systems, says CloudPassage CTO Carson Sweet.
Rebuilding operating systems has been the only true way to trust malware-infected computers. Security engineers at AV-TEST say there are other options.
Nearly all of the vulnerabilities detected in web apps were of a critical nature, with financial services sites the most at risk, according to a Positive Technologies report.
Citizen development is a growing trend in many companies. Here's how IT departments can maintain security while letting users create their own business solutions.
Best practices for government agencies and enterprise workers to secure critical infrastructure.
At the 2018 RSA conference, CrowdStrike unveiled a new endpoint security solution and other tools.
The new IBM X-Force Threat Management Services uses an artificial intelligence (AI) engine to automate active threat management.
Florian Bersier, CEO of email solution provider Gmelius talked with TechRepublic about how the blockchain can be used to prove the authenticity of communications and transactions done via email.
Carson Sweet, CTO of CloudPassage, explains the mechanics of bots, spam, and fake news.
One in four organizations have experienced data theft from the public cloud, according to McAfee.
XMRig is an endpoint cryptomining malware capable of doing damage without an active browser session, and its use is on the rise.
The Pentagon's upcoming multibillion dollar cloud deal will go to one provider, but is that the best option?
TechRepublic's Dan Patterson and Bill Detwiler, and ZDNet's Larry Dignan discussed a recent Verizon report on the rise of ransomware, and the pros and cons of meeting attackers' demands.
Although Android device manufacturers are claiming their devices are completely up to date, researchers found that, for some OEMs, patches are secretly missing.
Carson Sweet, CTO of CloudPassage, explains how elections are vulnerable to a vast spectrum of cyberattacks.
The industry is projected to have 1.8 million unfilled jobs by 2022, says Forrester's Stephanie Balaouras and Claire O'Malley, but women represent just 11% of cybersecurity professionals worldwide.
Identity Guard SVP Jerry Thompson shares cybersecurity tips for budget-constrained startups and SMBs.
The acquisition of clear and express consent to process personal data under the GDPR will be a priority for all organizations starting May 25, 2018. Here are some simple guidelines.
Thinking about getting into the cybersecurity field? Take these lessons from an experienced IT pro so you don't have to learn them the hard way
Once you have CentOS 7 up and running, you'll want to lock down that server with two-factor authentication. Every administrator should consider enabling this additional layer of security.
TechRepublic's Jason Hiner and Dan Patterson discussed what lies ahead for major tech companies like Facebook, Google, and Amazon now that regulators and the public are focused on privacy.
Forrester analyst Jeff Pollard Jeff Pollard explains why Facebook's data platform is a ripe target for hackers and cyber-criminals.
Carson Sweet, CTO of CloudPassage, explains the hacking tactics used by nation-states.
More than one third of companies face issues detecting and responding to cloud security incidents, according to Oracle and KPMG.
Researchers exfiltrated data at 1000 bits per second by listening in on the electrical connection of a computer.
Mike Price, CTO of security firm ZeroFOX, talked with TechRepublic about how social media takeovers happen, and how companies can protect their accounts.
More than 90% of healthcare IT managers said the adoption of mobile devices improved hospital communication and patient satisfaction.
A new outbreak of the Quant Loader trojan is tricking vulnerable users into opening malicious attachments that bypass browser security features.
TechRepublic's sister site, Tech Pro Research, wants to find out how much professionals know about blockchain and what (if anything) their companies are doing with it.
Blockchain is all about replacing trust with software. For non-developers, this could be a terrible idea.
Emergency sirens sold by Acoustic Technology use an unencrypted command and control system broadcast over the air, which allowed attackers to commandeer them.
The API, which has almost reached formal adoption, provides a vendor-neutral method for organizations to use password-less authentication.
Credit card transactions will no longer require signatures due in part to the rise of chip-based EMV cards, highlighting the digital transformation of retail.
Mozilla said the current 'online advertising economy is broken and easily bent to fraud and abuse.'
DNS is prone to snooping of personal data, but four Princeton researchers think they've found a way to encrypt everyone's traffic without any changes to the current DNS system.
Trends like remote work are leading to a rise in SaaS adoption and rampant shadow IT issues, according a report.
The Facebook CEO is set to testify before Congress on the Cambridge Analytica big data scandal that left data from 87 million users compromised.
DHS official Christopher Krebs confirmed that the US government is aware of hackers using surveillance devices in Washington, DC since 2014.
Atlanta's ransomware attack was just the beginning. Larry Dignan and Bill Detwiler explain why cyber-attacks are the new normal for business.
Ransomware was the cause of 39% of malware-related data breaches, more than double that of last year, according to Verizon's annual Data Breach Investigations Report.
Many in the tech space are boycotting the social media giant's alleged misuse of user data by pulling ads or deactivating their accounts.
Brett Koenig, of IT consulting firm HMB, talked with TechRepublic about the emergence of blockchain and a business tool, and its potential uses.
According to a report from Positive Technologies, hackers continue to target the weak link in any company's security posture: Humans.
Utilizing a recent Cisco flaw, hackers attacking Iran and Russian left behind the message 'Don't mess with our elections' followed by an ASCII rendition of the American flag.
Facebook has banned two more analytics firms, made changes to its advertising platform, and is rolling out an Unsend feature for messages.
The attack targets the Cisco Smart Install Client, and as many as 168,000 systems could be vulnerable.
Web browsers are designed to store information for your convenience, but that information can also fall into the wrong hands. Here are some simple tips for preventing that situation.
The attack is similar to the Black Ruby, Zenis, and HiddenTear / InfiniteTear ransomware variants and seems to utilize unsecured Remote Desktop services.
A third-party vendor used by both companies announced that its system had been breached for two weeks starting in September 2017.
At Code PaLOUsa 2018, HMB consultant Brett Koenig explained what blockchain is and what industries will use it in the near future.
More than half of consumers mistakenly believe that Incognito and Private browsing modes will hide their identity and browsing habits from governments, organizations, and advertisers.
The app, available for iOS and Android, allows an attacker to inject keystrokes.
ZDNet's Danny Palmer explains how nation-state hackers undermine institutional trust in critical services and companies.
If you're looking for a way to help email recipients know that emails are actually coming from you, adding a photo to your OpenPGP keys can help.
Security extends to all endpoints and services. Locking down boot devices on client systems helps protect against unauthorized installations by leveraging secure boot to allow only trusted devices.
To protect your Chromebook from a targeted attack on a firmware flaw, save your data and update your device. This four step process shows you how.
After a boycott began with more than 50 researchers, KAIST said it has no intention to build 'killer robots.'
Still not sure how GDPR will apply to your business? This list contains the essentials about the European Union's privacy regulations that will take effect in May.
Software that secretly mines cryptocurrency on infected devices is gaining popularity with cybercriminals, who have even managed to sneak malicious apps into the Google Play Store.
Adding more security teams staffers for vulnerability response won't improve an enterprise's posture if they don't fix broken patching processes first, according to a ServiceNow report.
Still not sure what GDPR is, or how it might apply to your business? Here are the basics.
According to Recorded Future research, this could mark the first IoT botnet used in a DDoS attack since the initial Mirai attacks.
Organizations are increasingly leveraging encryption to protect data and guard against human error, according to Thales eSecurity.
Vulnerabilities and attacks on networked devices have surged in the past decade, while spam emails have dropped, according to a Trustwave report.
The firm has faced backlash following revelations that data from 87 million users was shared with research firm Cambridge Analytica.
Jenny Soubra, US head of cyber for Allianz Global Corporate & Specialty, spoke with TechRepublic's Dan Patterson about detecting and preparing for major attacks before they happen.
Jenny Soubra, US head of cyber for Allianz Global Corporate & Specialty, talked with TechRepublic about what role cyber insurance plays when privacy regulations are put in place.
Data security firm Varonis released a report with alarming statistics about how unprotected corporate networks truly are.
Microsoft warned that the vulnerability could allow attackers to execute arbitrary code and take control of a system.
Media organizations are facing SQL injections, DNS attacks, pirated content, and DDoS attacks, according to an Akamai report.
According to the 2018 IBM X-Force Threat Intelligence Index, breached records dropped 25% as hackers turned to ransomware.
The live chat scripts embedded in the websites of businesses across a variety of industries are leaking the full name, employee ID, and location of employees.
BioCatch's VP Frances Zelazny explains the mechanics of pretexting and social engineering, and why your company is vulnerable to low-tech hacks.
Jenny Soubra, head of cybersecurity for Allianz, explains why cyber-insurance is the safety net for enterprise digital transformation initiatives.
Intel has listed a range of CPUs released between 2007 and 2011 that will not receive a firmware update to help guard against Spectre-related exploits.
The VPN field is provider-rich, and the offerings vary considerably. Consider these important factors and your use case when selecting a VPN service provider.
The Bancor Network integrates with more than 100 blockchain apps and holds balances of ERC20 tokens within a smart contract.
Most SOCs can only handle seven to eight incident investigations per day, and have little time for threat hunting, according to a Fidelis Cybersecurity report.
The majority of cyber pros said that gaming teaches skills critical to security, including logic and perseverance, according to a McAfee report.
Representatives from the company downplayed the issue on Fox Business Network after Brian Krebs broke the story.
Often data breaches and cyber-attacks target companies and access sensitive information using third-party vendors, says Jenny Soubra, head of cybersecurity for Allianz.
BioCatch's VP Frances Zelazny explains why companies are dropping passwords in favor of biometric security like fingerprint and iris scanners.
Every business can be hacked, says Allianz head of cybersecurity Jenny Soubra, and it's critical to perform risk analysis before a cyber-attack happens.
Russian-speaking hackers compromised systems at the luxury retail outlets in May 2017, and are now offering the data of millions on the dark web.
Android malware called HiddenMiner can prevent uninstallation and can mine cryptocurrency until your device is destroyed, says TechRepublic's Brandon Vigliarolo.
Uncertified devices with older Android firmware could be disconnected from Google's productivity services, says TechRepublic's Brandon Vigliarolo.
TechRepublic's Dan Patterson and Frances Zelazny of Biocatch with the details of biometric security you need to know
APNIC and CloudFlare announced the free 220.127.116.11 DNS resolver service, which is intended as a drop-in replacement to protect your privacy from providers.
Some 26 suspects were involved with the act, which took phones from Hong Kong to Shenzhen.
Hardware can fail and malware happens to the best of us. Don't be caught without the ability to restore a computer: Use one of these 10 free backup programs instead.
Jack Wallen shows you how to enable Google's Find My Device on Android. This feature allows you to find a lost device or prevent data loss from occurring, should your device be stolen phone.
A breach of the Under Armour-owned app affected 150 million user accounts.
The plan would affect nearly 15 million travelers annually and requires five years worth of social media usernames to be disclosed.
Recently, a Walmart vendor inadvertently exposed the data of over 1.3 million people online. Here are some tips for avoiding that situation at your company.
A newly discovered malware for Android is programmed to eat up every available device resource to mine cryptocurrency, killing infected devices in the process.
BioCatch's VP Frances Zelazny explains each step of social engineering hacks, low-tech cyberattacks that have a big impact on business.
Facebook has announced more coming changes to how it handles user data, including an expansion of its bug bounty program to cover data misuse by third-party apps.
According to a VoidSec report, 23% of VPNs leak IP addresses via a WebRTC vulnerability.
If you depend upon Facebook for your business but want more control over your data, what should you do? Installing the official Mozilla Facebook Container extension might be your best option.
The input sanitation vulnerability, an oversight that allows for arbitrary code execution, was patched on Wednesday by Drupal developers.
Purchase of Huawei and ZTE networking equipment with federal funds would be blocked in the proposal by FCC Chairman Ajit Pai, which is expected to pass.
Companies that want to protect their intellectual property with a patent must be wary of certain false truths about the process, according to an intellectual property attorney.
Protecting your organization's intellectual property in a global marketplace is a growing challenge. These tips will help make that a little easier.
"In the long run, it's in Facebook's interest to get the facts out there and regain the public trust," said New York attorney general Eric Schneiderman in an interview with TechRepublic.
IoT devices can make work more fun and productive, but they also pose a security risk. It's time for HR, IT, and other departments to come together and create guidelines for using these products.
A new survey by Crowd Research Partners, in partnership with a group of vendors, predicts that cloud security budgets will see a median increase of 22%.
The cyberattack slowed emergency response times as dispatchers had to resort to manual methods.
In order to protect users and ensure compatibility, Google has blocked owners of such devices from logging in to their Google accounts or using Google apps.
BioCatch's VP Frances Zelazny explains how biometric security could soon replace passwords.
External volumes encrypted using the Apple File System are logging decryption passwords in plain text, and Apple has yet to fix the problem.
The average estimated business cost of a ransomware attack is more than $900,000, according to a SentinelOne report.
The vulnerability affects Windows 7 and Windows Server 2008 R2, and gives complete memory access to hackers.
Web traffic generated by bots has risen nearly 10 percent in the past year, with most of it aimed at these industries.
Apple's FileVault 2 offers whole-disk encryption schemes that protect the contents of your disk from unauthorized access. Here are three ways to regain access to your encrypted drive and recover data.
The March Security Bulletin brought another rise in Critical vulnerabilities. Is it time to panic? Jack Wallen says "no." Here are the highlights from the March Android Security Bulletin.
More than a third of organizations have no procedures in place to identify risk to different individuals, according to AvePoint and CIPL.
While the Spectre vulnerability focused on the branch target buffer, BranchScope shows similar flaws in the branch predictor, but is unaffected by patches.
In an extensive report, 26 experts offer artificial intelligence security analysis and tips on forecasting, prevention, and mitigation. They note the AI-security nexus also has positive applications.
The distributed ledger technology lacks clear business use cases in finance, despite hefty investment from banks and other firms.
Prior to the advent of the internet, personal data was siloed in hard-to-find places, says Abine CEO Rob Shavell. Today data about all of us is remarkably easy to find.
We still have a massive number of hacks and malware coming in through phishing and older "tricks," says Franc Artes, Architect of Security Business at Cisco.
Mac users exercise less caution, says Secdo security evangelist Mitchell Bezzina, which means there is a higher risk of exploits and malware infection.
Rich Arundel, co-founder and general manager of Currencycloud, explains how hackers who attack the web, APIs, IoT, and mobile devices can earn a living without breaking the law.
We're building a payment platform so white hat hackers can get paid quickly and focus on their business, says Rich Arundel, co-founder and general manager of Currencycloud.
Smart office devices introduce a large spectrum of security risks to your company, says ZDNet's Steve Ranger.
The US Computer Emergency Readiness Team recently issued warnings about attacks on businesses in energy, aviation, and other sectors. Here's why those are important and how security pros can respond.
Apple CEO Tim Cook called on Congress to create tougher measures protecting people's data and privacy.
The IETF has finally given the okay to the TLS 1.3 protocol, which will speed up secure connections and make snooping harder for attackers.
"Consumers have a right to know how their information is used," says New York Attorney General Eric Schneiderman.
"Every sort of institution, business, public, private sector, whatever the case may be, is being attacked right now by some malicious actor," said Mercury Communication's Jake Dilemani.
The trend was consistent across Windows PCs in both homes and businesses according to Webroot.
Internet of Things devices are expanding in the enterprise, but only 46% of businesses have a policy to disable risky devices, according to Ponemon Institute and Shared Assessments.
In a move that signals data is more valuable than cash, phishing and ransomware cyber-attackers are now demanding sensitive company information, says ZDNet's Danny Palmer.
Facing regulatory interference, consumer cloud service providers are dumping users with little notice.
Many of the legacy industrial-control systems that run our power grids and control our drinking water systems have poor cybersecurity, and it could take 15-20 years to replace them. Here's what we can do in the mean time.
The US Election Assistance Commission will receive an additional $380 million toward cybersecurity efforts. Here's what IT pros and elections officials need to know.
Security provider Symantec said that nearly a quarter of the attacks it blocked in December 2017 were related to cryptojacking.
Monero-mining malware GhostMiner is fileless, nearly undetectable, removes competing cryptominers, and may have provided experts with a way to eliminate cryptomining infections.
GhostMiner is an advanced cryptomining malware, but it contains code that can kill it and others like it.
It is not yet known why the software in the Uber driverless car did not register the pedestrian or stop, according to experts.
The cryptocurrency, and its underpinning blockchain, have serious implications for the business world, too.