Tagged With security

0

Google definitely got the message that users weren't happy about the auto-sign in/out link implemented in the previous version of Chrome. The company has launched an updated version of the browser (version 70) that makes it a lot easier to disable this annoying feature — among other changes.

1

We often forget that routers are very complex machines that run software designed to manage a massive array of functions - software that can carry vulnerabilities. Throw in the fact many people don't know how to secure their network or router and you have a ticking time-bomb that bad guys are waiting to detonate. What can you do defuse this potentially explosive situation?

0

Hangzhou Xiongmai Technology (Xiongmai) is a company whose products you may have in your home or office but have never heard of. That's because they make products that are then rebranded by other companies. Their focus is on security products such as cameras and video recording equipment. SEC Consult has been scouring the Internet and found products made by Xiongmai are vulnerable to attack.

0

In a recent blog post titled "Hardening macOS," Ricard Bejarano offers an extensive list of settings you can tweak to make macOS as secure as possible. It's a comprehensive list of tasks — and we love it — but it's important that you understand the "why" behind his recommendations, too. Here are a few of his top tips and explanations for why you're adjusting, installing, or modifying your Mac that way.

0

Threat actors are refining their methods and are executing malicious acts with greater efficiency and effectiveness. Monzy Merza, the Head of Security Research at Splunk, says that while what the bad guys are doing isn't substantially changing, the landscape they operate in is. With the increased pervasiveness of cloud and mobile apps, we're seeing increased malicious activity across a broader spectrum of surfaces. I asked Merza what we can do about this as well emerging threats such as cryptojacking.

2

In perhaps one of the most audacious and worrying revelations in the battle for privacy, it's been found that the manufacturing supply chain for a number of servers has been compromised. A Bloomberg investigation reports that servers made in China's technology hub have been tainted with the installation of a tiny chip that can siphon data. At least 30 major tech companies are affected in the sophisticated nation-state attack.

3

It's often said that the safest password you can have is one you don't know. Which is why so many password management programs create passwords for you that impossible for you to remember. But Microsoft is going a step further. They are enabling password-free access to more services through their Authenticator app.

0

Mozilla has officially launched its new Firefox monitor service. Now, if your user credentials have been compromised in a data breach, anywhere in the world, you'll be automatically notified rather than learning about it the hard way. The feature has been in testing for some time and works with the Aussie-made HaveIBeenPwned service created by cybersecurity expert Troy Hunt.

0

We've learned to be highly suspicious that the GPS, camera and microphone in our smartphones can be used to track our every move, listen into our conversations and watch our most intimate moments. But what about the act of tapping and swiping our screens? Can that be used by a bad actor? Researchers from CSIRO's Data 61 have found just that.

0

ServiceNow might have started out as a ticket management and IT service management tool but the company has evolved into all areas of business workflow. And part of that evolution has been a push into information security. The company now boasts tools for automating security response so limited security resources can focus on critical threats and not be distracted by known attack vectors that can be actioned by an automated responder. Yuval Cohen is ServiceNow's CISO and I spoke to him about the current threat landscape and what security professionals need to focus on.

3

With all the brouhaha going on in Canberra recently, the draft of a piece of very important legislation was introduced along with an explanatory note. The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 might sound all soft and fluffy but it's anything but that. This is a piece of legislation that will compel IT companies that create encrypted systems to "assist" the government with access to encrypted communications.

0

A serious vulnerability has been disclosed in the Fortnite installer for Android phones. The vulnerability has since been patched but it allowed malware to use the Fortnite installer to install anything - including apps with full permissions - in the background.