The investigation of Egress Software Technologies has discovered that 24 % of UK workers have purposefully distributed the company sensitive information among rivals and new or former workers. Continue reading →

To the detriment of the effective security measures, many employees are looking for information that doesn`t have anything to do with their referral tasks.

A global survey involved more than 900 IT security experts from One Identity and demonstrated that 92 % of employers have found their workers trying to get access to information that has no relevance to their everyday work. Practically one in four, which is 23 % emphasized that this is a rather frequent behavior. Continue reading →

Accenture

The Cyber Risk Team at UpGuard revealed that Accenture didn`t properly protect no fewer than 4 AWS S3 storage buckets, as a result, they are open for a public access. This gap undermines security of authentication credentials, secret API data, digital certificates, decryption keys, information about the user, and other types of information. UpGuard stressed that this problem could cause a vast financial loss, because now hackers have opportunity to exploit the keys in order to disguise themselves as Accenture employees and to steal different sensitive data they need.

Viaco

A large Viacom company also left its data insecure on a AWS S3 cloud storage bucket, which is available for a public download. This allows attackers to take control over its IT infrastructure and or Internet availability. More important is that secret cloud keys of the company are also at risk, so hackers could keep an eye on its cloud-based servers. Continue reading →

Weak passwords become the highest priority danger for organizations to be attacked, but nevertheless, majority continues to pay more attention to policy based technology, and not to the user.

The investigation from LastPass and Ovum shows that most IT executives` respondents completely entrust password behavior to employees` control. Nearly 61 % of IT executives consider employee education to be the essential component for ensuring the password security, so workers are able to improve password only by themselves, without using any modern technology or system. Continue reading →

Don`t you consider well-known KRACK to be the most dangerous attack? Meet even worse security hole. A destroying vulnerability has endangered the security of the most encryption keys, including those being used in identification documents, software signing and platform modules preventing government and enterprise computers from different attacks. One more wild morning brought the terrible news: security specialists discovered an inevitable deficiency in a commonly used cryptography code library, to be more precise, in chips that were made by a German company.
ROCA is short for Return of Coppersmith`s Attack, the researchers revealed this weakness in RSA keys of the software library that was used by cryptographic smartcards, security tokens and other secure hardware chips. The researchers wrote that this exploit allows the attacker to figure out the private part of an RSA key. Moreover, such an attack impacts on all widely used key lengths and chips produced in 2012. Continue reading →

The KRACK Attack is coming! The recent development – a Bug with a telling name

To be more precise, these are the KRACK Attacks, because there are several similar attacks that were introduced in the paper by KRACK.
So-called KRACK attacks are yet more proofs that many encrypted Wi-Fi networks are not as secure as you may think.
Using WPA and WPA2 encryption, KRACK affects many networks. It`s worth mentioning that nowadays the majority of wireless access points are covered exactly with this kind of encryption.
From the theoretical perspective, a criminal in your surrounding could spy out some of the encrypted traffic sent to one of the company computers.
A criminal can only fitfully transmit small amounts of traffic, but nevertheless, the consequences could be very dangerous. Continue reading →

According to the results of a new investigation, workers have a big gap in knowledge of security measures and these unaware employees represent a great risk for their company to be hit by the criminals.

The 2017 State of Privacy and Security Awareness Report involved 1,012 US workers in the survey and revealed that 70% of employees lack a knowledge of security and privacy spheres. It`s better result in comparison with the last year, when the number of unaware employees reached 88%. Continue reading →

Nowadays, to be proactive when it goes about privacy, is no longer about making efforts to hide from authorities. Privacy is of a critical importance now, because it is closely connected with security and protection of you as well as your close people or a working staff from being hit by the skilled and inventive cybercriminals. Continue reading →

European companies must adhere to staff privacy at work, as the European Court of Human Rights has decreed.

The lower chamber of the court reconsiders the case of 2016, when it found no interference in privacy of the workplace communication surveillance. It was the first time for considering issue connecting with the electronic communication surveillance at a private company.

In August 2007, the employer fired Bogdan Mihai Bărbulescu from Bucharest, Romania, for use of Yahoo Messenger for his personal purposes. The account was created by his employer`s demand, and court documents don`t contain this information. Continue reading →

Microsoft has been using Linux for practically three years, and it costs the system a pretty sum, actually.
Last year, Microsoft informed about the development of Windows Subsystem for Linux (WSL) in Windows 10, which provides users with the Linux command-line shell in order to use native Linux applications on Windows system. So, there is no need for a virtualization.
Security specialists of the security firm Check Point Software Technologies have revealed the WSL feature that helps malware intended for Linux to hit Windows devices.
The investigators created a new tricky mechanism called Bashware, which exploits Windows` built-in WSL feature. CheckPoint researchers indicated that a well-known Linux malware is able to exploit this Bashware attack mechanism, because security measures for Windows aren`t designed for the protection of similar threats.
This new malware provides the hacker with possibily to disguise any Linux malware from the most widespread security solutions such as future anti-virus programs, anti-ransomware solutions, malware inspection tools, etc. Continue reading →