Friday, November 30, 2018

Huawei rolls out global blockchain

Chinese tech giant Huawei has made its Blockchain Service (BCS) available globally after first launching it for commercial use in its home country on October 10th of this year.

The service, which is available on the international Huawei Cloud website, helps global businesses and developers create, deploy and manage blockchain applications quickly and at a minimal cost.

Huawei's new service solves many of the problems businesses have when deploying a blockchain which can be a costly and time-consuming endeavour. 

In 2016, the Chinese hardware manufacturer joined the most influential open source project in the blockchain field, Hyperledger. Huawei has been recognised as a key Hyperledger maintainer (as well as the only one from Asia) for its continuous technical and code contributions to the Fabric and STL sub-projects.

Advantages of BCS

BCS capitalises on Huawei Cloud's container, security and other technologies to deliver a service that is easy to use, efficient and universally applicable. Developers and businesses can use the company's blockchain service in data applications, the Internet of Things (IoT), identity authentication, proof of information, remote healthcare and IoT device management.

Huawei Cloud is also working on developing its blockchain platform further to offer technical support for businesses developing blockchain applications and solutions.

BCS is open and easy to use with built-in compliance with Hyperledger Fabric 1.1 and Kubernetes

Using BCS, it is possible for a company to establish a blockchain system suited to its own business in just five to ten minutes according to Huawei.

Interested users can sign up and begin using Huawei's blockchain service today.



from TechRadar - Internet news https://ift.tt/2Q65b4e
via IFTTT

500 million Marriott customers affected by data breach

Hotel giant Marriott has revealed details of a major data breach that may have left the details of more than half a billion users exposed.

The company said that "approximately" 500 million guests who had made a reservation at one of its Starwood properties could be affected, with around 327 million of these seeing personal details compromised.

Information such as names, addresses, phone numbers, passport numbers and dates of birth were confirmed to be among the details taken.

However Marriott was unable to say whether payment card numbers and expiration dates were also compromised, noting that these details were encrypted, and would require multiple components to decrypt.

Marriott hack

The breach affects customer that made a reservation at a Starwood property (which includes the W Hotel, St. Regis, Sheraton, Westin, Aloft and Le Meridien brands) on or before September 10 2018, but affects bookings going all the way back to 2014.

Marriott began investigating the incident after receiving a security alert two days earlier, and on November 19 was able to confirm that details from its database had be stolen.

In a statement, Marriott President and CEO Arne Sorenson said that the company "deeply regret this incident happened."

“We fell short of what our guests deserve and what we expect of ourselves.  We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

“Today, Marriott is reaffirming our commitment to our guests around the world," he added. "We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center.  We will also continue to support the efforts of law enforcement and to work with leading security experts to improve.  Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network."

Marriott has set up a dedicated website and call centre to provide advice to customers worried they may have been affected. The company says it will begin sending out emails to affected guests from today.



from TechRadar - Internet news https://ift.tt/2zwU0XY
via IFTTT

Tis the season for cyberattacks

With Cyber Monday behind us and the holiday shopping season in full swing, consumers around the world are busy shopping for everyone on their list this year. However, this massive influx of online purchases has gained the attention of cybercriminals looking to exploit the holidays for their own gain.

TechRadar Pro spoke with Carbon Black's Chief Cybersecurity Officer Tom Kellerman who provided further insight on the tactics used by cybercriminals and how shoppers can protect themselves online this holiday season.

Tom Kellermann, Chief Cybersecurity Officer for Carbon Black

  • We've also highlighted the best antivirus to help you stay safe online this holiday season


from TechRadar - Internet news https://ift.tt/2Qzn6jz
via IFTTT

Cisco and UK police team up for cybersecurity training

Cisco has announced plans to help provide cybersecurity training for thousands of UK police in the latest attempt to curb the rise of online crime. 

The tech giant has announced its Cisco Networking Academy will be providing specialised training and guidance to 120,000 officers across England, Scotland, Wales and Northern Ireland.

The partnership will allow the police force to utilise Cisco's cybersecurity expertise, and build a strong and successful skill programme for officers at all levels of seniority.

The Cisco Networking Academy offers a range of specialised tech-focused programmes, with online and in-person learning options available.

Police cybersecurity

“We are very pleased to be working with Cisco Networking Academy," said Andy Beet from the National Police Chiefs’ Council. "By joining the programme, forces can access training designed to raise awareness and increase their understanding of cybercrime and cyber threats, while also gaining insights into the procedures used to defend networks."

"It’s important for all police officers to understand cybersecurity as fully as possible; by doing so they can develop their knowledge in this increasingly important area, improving security in both their professional and personal lives."

The news marks the first anniversary of Cisco's digital skills manifesto in the UK, which aimed to join forces with government, industry and educational institutions to promote tech knowledge and training across the country.

The company says that the Cisco Networking Academy has already helped train over eight million people around the world since its inception 20 years ago, and will help a further 250,000 people in the UK by 2020.

“The UK is one of the world’s most digitally active nations, and with that comes ever increasing opportunity for cyber criminals to exploit individuals and organisations," said Scot Gardner, Chief Executive, Cisco UK and Ireland.

"We’re extremely proud to be working with the Police in their efforts to help make the UK a safer place to be online. Through the Cisco Networking Academy, our ambition is to help ensure that people around the world have the digital skills they need to be successful in any profession.”



from TechRadar - Internet news https://ift.tt/2E78bam
via IFTTT

Get a £55 Amazon.co.uk Gift Card with this cheap broadband deal from TalkTalk

When it comes to the competitive world of internet providers, what's even better than a cheap broadband deal? Nothing, right? Well, what about a cheap broadband deal that comes with a £55 Gift Card that you can spend at Amazon.co.uk, Tesco, Argos or Ticketmaster? Oh yeah, now we've got your attention...

This offer that is EXCLUSIVE to TechRadar readers only, comes courtesy of TalkTalk who is offering the Gift Card alongside its Fast Broadband package. That's average speeds of 11Mb, no activation or set up fees and just £19.95 per month. While that's already a rather good deal TalkTalk is also throwing in this £55 Gift Card that you can use at your choice of those popular retailers.

To get your hands on this deal you'll have to go to this GiftCloud page and enter your email - you won't be eligible if you head straight to the TalkTalk site. You will then be guided through the process of getting your new broadband with that added £55 incentive. That page also has full terms and conditions of the offer.

Scroll down to see this deal in full or go to our broadband deals page if this one just doesn't quite fit what you're looking for. But keep in mind that this offer is only available on the TalkTalk Fast Broadband package.

TalkTalk's Amazon.co.uk Gift Card deal in full:

Are there any cheaper broadband deals around?

We're glad you asked, because there's yet another TechRadar exclusive internet plan from Black Friday that's still just about running. And we think you might like it...

It's with provider Onestream, and the headline is that it costs a mere £9.99 per month! Simply put, it's the cheapest broadband deal we've EVER seen. It's still going, but we know that there are less than 200 to claim, so you may need to hurry if the idea of £9.99 a month internet sounds like something you'd be up for - head here for all the details and to sign up.



from TechRadar - Internet news https://ift.tt/2BJhdIh
via IFTTT

Privacy search engine Startpage launches anonymous browsing feature

In an effort to further protect its users online, privacy search engine Startpage.com has launched a new “Anonymous View” feature.

The new feature protects users against tracking by serving as an anonymous buffer between websites and end users.

Most users are aware of Google Chrome and other browsers' 'incognito mode' which prevents your browsing history as well as cookies from being stored. However, incognito mode gives users a false sense of privacy since it does not actually protect users from websites that track, save and sell their web behaviour.

Anonymous View on the other hand, actually does. When a user clicks on an Anonymous View link, Startpage.com goes to the website, loads the page and displays it for them. Though instead of seeing the user, the webpage sees Startpage as the visitor while the user remains invisible.

Protecting users' privacy

A free Anonymous View link is available to the right of every search result on Startpage.com which makes it incredibly easy for users to visit websites while protecting their privacy.

The company's CEO Robert Beens provided further insight on this new feature in a statement, saying:

"With this innovation, we make it easier for consumers to keep personal data more private than ever before. Anonymous View is easy to use and unique for any search engine," said Startpage.com CEO Robert Beens. “Unlike the incognito mode in your browser, Anonymous View really protects you. It combines searching in privacy with viewing in privacy.

“We will continue to offer the world's best search results without the tracking and profiling,” Beens promised. “We are proud of our new features together with our new design and faster results. We will continue to develop new online tools that help people take back their privacy.”

  • Take your online privacy to the next level with our top picks for the best VPN


from TechRadar - Internet news https://ift.tt/2KIbtkP
via IFTTT

Starbucks plans to block adult content on its Wi-Fi in 2019

Starting in 2019, Starbucks will begin blocking adult content on its stores' Wi-Fi following increased public pressure from an internet-safety group.

While viewing adult content on the company's wireless network has always violated its policy, now the coffee giant has a way to stop it all together.

A Starbucks representative offered more details on how it plans to filter appropriate and inappropriate content to NBC News, saying:

"We have identified a solution to prevent this content from being viewed within our stores and we will begin introducing it to our U.S. locations in 2019.”

Public pressure

Starbucks' announcement comes after a recent petition from internet-safety advocacy group Enough is Enough earned 26,000 signatures. 

Back in 2014, the group launched an adult content-free campaign geared at McDonald's and Starbucks. While McDonald's responded to the campaign proactively, Starbucks did not which is why Enough is Enough decided to put additional pressure on the coffee chain to do something about the issue.

In a statement on its site, CEO of Enough is Enough Donna Rice Hughes criticised Starbucks' inaction in the US and explained how the lack of filters on its Wi-Fi could be harming the country's youth, saying:

"Starbucks has had a tremendous opportunity to put its best foot forward in protecting its customers from images deemed obscene and illegal under the law, but they haven't budged, despite their promise two years ago and despite the fact that they voluntarily filter this same content in the UK. Having unfiltered hotspots also allows children and teens to easily bypass filters and other parental control tools set up by their parents on their smart phones, tablets and laptops." 

Bypassing filters and dangers of public Wi-Fi

While filtering adult content may sound like a good idea on paper, there are certainly some issues with the system. For instance, those that do wish to access illegal or adult content will likely be able to find a way around the filters and will spread this information to others online. Also legitimate content could end up being filtered unintentionally which could upset customers used to browsing the web openly.

At the same time, public Wi-Fi poses a danger to everyone using it no matter what content they're searching for. Without the right security tools in place such as a VPN, malicious third parties on the same network could try to steal your login credentials and even other sensitive information stored on your laptop or smartphone.

As a general rule of thumb when it comes to free public Wi-Fi, you get what you pay for (or don't pay for in this case) and we strongly advise against using it unless absolutely necessary even with the right security tools in place.

Via NBC News

  • Also check out the best VPN to protect yourself and your data while on public Wi-Fi


from TechRadar - Internet news https://ift.tt/2RsG20B
via IFTTT

Thursday, November 29, 2018

Dell reveals it was targeted by cyberattack

PC hardware manufacturer Dell has announced that its online store suffered a security breach earlier this month on 9 November.

The company revealed that it detected an unauthorised intruder trying to extract customer information such as names, email addresses and hashed passwords from Dell.com. 

Dell reassured its customers that their data was safe in a press release announcing the breach, saying:

“Though it is possible some of this information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted. Additionally, Dell cybersecurity measures are in place to limit the impact of any potential exposure.”

According to a statement the company sent to ZDNet, Dell is still investigating the incident though the breach was likely not extensive as its engineers were able to detect it on the same day it occurred.

Password reset

Luckily for Dell, the hackers that targeted its site did not obtain any card details or other sensitive information about its customers. In fact the incident did not even disrupt the company's website which operated normally during as well as after the intrusion.

In order to protect its customers from any unforeseen consequences, the company initiated a password reset for all Dell.com accounts after it detected the security breach. Dell seems to have clearly had the situation in hand as it also notified law enforcement and hired a digital forensics firm to perform its own independent investigation.

Now that the company has released more information on the security breach, it seems that only a small amount of information from its website was obtained by the hackers responsible.

However, this could change and Dell customers should take the time to review the information they've shared with the company.

Via ZDNet

  • We've also highlighted the best antivirus to help keep your data safe from hackers


from TechRadar - Internet news https://ift.tt/2RoMdCv
via IFTTT

Don’t bank on IoT

When we talk about the Internet of Things (IoT), we tend to envisage the vast opportunities available through connected devices. At the touch of a button we’re now able to heat the house for when we arrive home, remotely portion meals for our beloved pets, and even start the coffee machine while we’re in the midst of prying ourselves out of bed. Yes, the IoT revolution looks bright – but at what cost?  

There’s no doubt that the IoT market has emerged at a rapid pace. By 2020, more than half of major new businesses will be using IoT in some capacity, and according to Gartner, investment in IoT and connected technology will rise to £429.01m. By the same date, IoT will encompass 26 billion devices worldwide, up from 900 million in 2009. Gartner also predicts IoT technology will be in 95 percent of electronics for new product designs. But, with the market emerging as quickly as it has, many manufacturers have created potentially vulnerable products, because they were not designed with high security in mind.

Barclays Digital Safety Index 2017 reports that 25 percent of UK adults has fallen victim to cyber fraud at least once in the past three years, and now smart homes represent a whole new area of attack. While the vulnerability of data produced by the IoT is a relatively new threat, the problem is expected to grow considerably over the next few years.

Proliferation of connected devices

Think about it – it’s January 2020. A consumer has several questionable transactions on their account. They’re dumbfounded. The fraudsters had all the correct details, so the purchases look legitimate. The consumer has been hit by “clean fraud”. Then the search for answers begins: When did they give out their card details or financial information? Could it be that someone else has passed on the information – a family member or colleague? 

Then realisation sets in – the thermostat, the lightbulbs, the coffee machine – they’re all connected devices. The smart devices that have been connected wirelessly to the internet aren’t particularly secure, and it’s possible that the criminals have hacked into the devices and stolen personal information. Worse still, these criminals are making fraudulent purchases that appear legitimate to both issuers and merchants – costing all parties involved in the transaction.  

Merchants and issuers must stay vigilant to this particular type of fraud, as cybercriminals increasingly make purchases through e-commerce sites with fraudulent payment information, or perhaps place purchases through someone else’s connected device without their knowledge. With so much room for error, merchants need to arm themselves against chargebacks – ensuring to use the latest technology to authenticate transactions.  

In the next few years, the evolution of IoT will be a significant factor for the need to develop new security measures and methods. Emerging technologies like biometrics and blockchain could soon combat IoT fraud, and make authentication more secure, build trust between parties and devices, and reduce risk of collusion and tampering.

There’s little doubt that the growth of IoT devices will precipitate an increase in fraud and chargeback disputes. The best way to protect against fraud and overcome the challenges of an increasingly connected world is to remain vigilant and use the most effective and up-to-date fraud prevention tools. 

Neil Smith, Regional Head, Issuer Sales, EMEA at Verifi  



from TechRadar - Internet news https://ift.tt/2zy43fL
via IFTTT

Google Translate gets a much-needed makeover

Google has given its online translator a little love, with a new look and functionality to make it easier to use. Google Translate for web now has a cleaner look and a responsive design that adapts dynamically to suit your browser – whether you're using it on a desktop, phone or tablet.

The change is part of a raft of updates designed to bring Google's web-based tools up to date and standardize their designs. Gmail, Google Calendar and Google Drive have all been spruced up this year, and now it seems the company has moved its attention to tools outside G Suite.

Speak easy

Several of the other changes simply make Google Translate's existing features more accessible. For example, the option to upload documents is now much clearer, presented as a large button at the top left of the page.

It's also easier to save translations you use frequently; simply select the star icon to add a translated snippet to your favorites. You can access and saved translations using the 'Saved' button at the bottom, and organize them by language with a single click.

Google Translate is one of the company's most useful but least glamorous tools, so it's good to see it getting some attention on the design front. When it first launched 12 years ago, it was only capable of translating between English and Arabic. Today it supports 103 languages, and is used to translate 30 trillion sentences per year.

Via BetaNews



from TechRadar - Internet news https://ift.tt/2RmY5oT
via IFTTT

How the Making Tax Digital programme is set to impact the UK mid-market

With less than six months to go until the UK Government’s Making Tax Digital (MTD) deadline in April, there still remains some uncertainty for UK organisations around the impact of MTD on their business. A recent Access Group survey of 300 finance professionals from UK mid-market businesses, found that 1 in 5 finance professionals are unaware of MTD, what it means and when its imminent deadline is due to hit.  

The Making Tax Digital programme will require UK businesses with annual turnovers above the VAT threshold of £85,000 to keep digital records for VAT and submit their returns digitally. The points-based penalty system means business taxpayers gather points with each late submission of an MTD report, those with multiple businesses must submit tax reports for each of their businesses. To ease the transition process, HMRC is allowing the use of ‘bridging software’ to support the digitised submission and account information retrieval from spreadsheets. However, some risk not having the systems in place to do so as they carry out business as usual.

Moving entirely to digital processes 

While all respondents in Access Group’s survey use some type of electronic system for financial management, 96 percent of mid-market businesses still process a portion of their tax returns manually, for example performing off-system calculations, which could be problematic come 1st April if businesses fail to use bridging software to support the digital submission of their VAT returns.  The question is then, why do some organisations rely heavily on manually calculating? A large proportion of the finance professionals surveyed explained that they haven’t transitioned to 100 percent digital processes due to a lack of knowledge and training (26 percent) while others said it’s the fact that multiple legal entities are involved in VAT registration (23 percent). 

Manually entering VAT is purely inefficient and prone to human error. Under the new regulations, mid-market businesses could stand to lose not only money in fines, but credibility within their respective marketplaces. Ignoring or putting off making the necessary technical changes to your business is no longer an option.   

Seizing the opportunity

There are some considerations that businesses must not gloss over. For example: 

  • Transformation: Implementing new business software isn’t always an easy decision. Especially when there are multiple ways to ensure your organisation remains compliant with government regulations. Considerations need to be made for either full business software transformation or a single solution update i.e. bridging software, to support. Given the impending six-month deadline, businesses must act now, to ensure they’ve put in place measures that abide by the regulations.
  • Accreditations: When deciding to begin a digital transformation project, particularly with digitising financial systems, choosing a partner that has the proper government accreditations is paramount. Acronyms like ISO or IL are ones to look out for.
  • Productivity: Digitising financial systems offers the business not only a more efficient, and free of human error way of working, but a more productive way as well. Entrusting admin-heavy tasks to intelligent software can free up time elsewhere to focus on innovation, business development and growth ambitions.

However, whilst it’s important that businesses’ financial systems are all set for the 1st of April deadline, to think about Making Tax Digital in terms of tax compliance alone would be to severely miss the point. It’s the perfect opportunity for UK business’ senior management teams to take a broader perspective – one that turns this regulatory burden to the business’ advantage. Those who act could see greater efficiency and productivity, driving both business growth and profitability by implementing the right solutions. And businesses are running out of time. Given the pressures coming from Government organisations to digitise and the complexities that go into technology investment, mid-market businesses need to ensure their finance teams’ house is in order to remain compliant and avoid fines in the new era of digital tax.

Steve Lane, CTO at The Access Group



from TechRadar - Internet news https://ift.tt/2SjE7eK
via IFTTT

Cloud is the biggest security risk facing businesses today

Cloud adoption is at an all time high but continued pressure to migrate 100 per cent to the cloud is raising security concerns and new research from Kaspersky Lab has revealed that more than half (58%) of CISOs cite uncontrolled cloud expansion as their top security concern.

The security firm surveyed over 250 IT security leaders to learn more on the views of CISOs regarding cybersecurity.

Through the use of multiple cloud platforms within a hybrid cloud infrastructure, businesses can deliver their products and services faster though cloud computing also brings its own security challenges. This is especially true when the cloud infrastructure is hosted by a third-party.

The skills shortage has also made it more difficult to manage complex IT environments as hybrid cloud adoption requires specialists with the necessary skills to configure and manage security for a business' IT infrastructure. Of those surveyed, 38 per cent claimed that it has become increasingly difficult to recruit the specialists needed to deal with this 'cloud zoo'.

Safeguarding cloud data

Vice President of Global Sales at Kaspersky Lab Maxim Frolov provided further insight on the company's findings, saying:

“There’s no denying that with the business benefits it brings, cloud is a key part of the strategic digital transformation journey for many enterprises. The use of cloud is growing fast, and businesses are not going to be put off adoption because of security concerns. It’s therefore vital that resilient security is also quickly and effectively implemented, to support this rapid adoption.

“Safeguarding data and workloads in the cloud environment, in addition to supporting the native security capabilities of a cloud platform is crucial. Protection layers should therefore include: the capability to monitor application behavior and ban any suspicious activity; prevent exploits by using the latest threat intelligence; and find and automatically patch vulnerabilities, to safeguard data and workloads moving across cloud infrastructure, from threats. The best solutions also provide orchestration capabilities, so that IT teams can control what workloads are being accessed and processed, on and off-premise.”

As is the case when adopting any new technology, security must be a first priority and hopefully Kaspersky Lab's research encourages businesses to think twice before migrating to the cloud without a well-thought out plan in place.



from TechRadar - Internet news https://ift.tt/2E1YJoE
via IFTTT

Wednesday, November 28, 2018

Google employees call for end to China Project Dragonfly

Google's plans to release a search product solely for the Chinese market are under attack by its own employees who have published a public letter urging the company to abandon its plans.

The initiative, known as Project Dragonfly, would enable state surveillance and help the Chinese government further expand its control over its populace.

The letter, published on Medium, was initially signed by just 10 employees but now others have added their names to the list and at the time of writing there are now 407 signatures.

The document also calls on management to be more transparent, accountable and to provide clear communication.

Growing internal dissent

Ever since the details of Project Dragonfly became known back in August, Google's parent company Alphabet has been rife with dissent from employees that opposed the idea. Building a censored search engine for China is a complete turnaround for the company that pulled out of the country in 2010 after it decided it would no longer remove controversial links from web searches.

In their letter, the Google employees explained exactly why they are so against Project Dragonfly, saying:

“Our opposition to Dragonfly is not about China: we object to technologies that aid the powerful in oppressing the vulnerable, wherever they may be. The Chinese government certainly isn’t alone in its readiness to stifle freedom of expression, and to use surveillance to repress dissent. Dragonfly in China would establish a dangerous precedent at a volatile political moment, one that would make it harder for Google to deny other countries similar concessions.”

By posting the letter publicly, the employees have certainly raised awareness regarding Project Dragonfly and the move could prompt the employees of other tech giants to follow suit with their own issues.

Via Bloomberg



from TechRadar - Internet news https://ift.tt/2DZLqVT
via IFTTT

BT's new fibre broadband deals are even better than they were on Black Friday

Honestly, we were a little bit disappointed with BT's broadband deals this Black Friday. The pre-paid Mastercard it was throwing in was certainly attractive, but that's a perk available 365 days a year (albeit for a little bit lower value).

It looks like BT was waiting for the post-Cyber Monday lull to launch the real bargains. Until December 6, BT will throw in a free Amazon Echo smart speaker (worth £90) with its best Superfast fibre broadband deals for new customers. That's on top of a Reward Card up to £130 and rapid internet speed it usually offers.

- Read on for more details or click here to go straight to the deals

The promotion is available on BT's main fibre optic broadband tariffs - the imaginatively named Superfast and Superfast 2. The former now costs £29.99 per month for an average speed of 50Mb (roughly 6MB per second), together with free activation and that £100 pre-paid Mastercard included as well. Or it's a tenner more a month to take the average speeds up to 67Mb (over 8MB per second) and an improved Reward Card for £130.

But do bear in mind that the clock is ticking for this one. You need to take advantage of the offer by next Thursday, December 6.

BT's great value broadband deals:

What is a BT Reward Card?

The Reward Card that BT sends out is a pre-paid credit card that you can use anywhere that accepts Mastercard. In short, that's around a million shops, cafes and restaurants around the world, so you shouldn't find it difficult to find places to spend, spend, spend.

It's an old-fashioned chip and pin card, rather than contactless. But do make sure that you claim your Reward Card within three months of installation, otherwise you'll lose out on all that cash.

Amazon Echo

Is the Amazon Echo any good?

The Amazon Echo features within the top three of TechRadar's best smart speakers buying guide - so yes, we rate it highly.

If you've not yet had the chance to form a relationship with Alexa, now is a good chance to start. With her unique set of Skills (over 30,000 of them), she'll simplify listening to music, finding out the weather, varying your central heating, ordering Christmas presents, and tonnes more. Plus, the Amazon Echo is a stylish and decent sounding standalone speaker as well.

Today's best broadband deals



from TechRadar - Internet news https://ift.tt/2Av6mjd
via IFTTT

Phishing sites trick users with fake HTTPS padlock

The padlock icon next to a web address used to let users know that a site is legitimate and secure but now new research from PhishLabs suggests that this is no longer the case as have of all phishing scams are now hosted on websites that have the padlock and begin with HTTPS.

The company's research shows that 49 per cent of all phishing sites in Q3 2018 had the padlock security icon next to their web address which is a 25 per cent increase from last year and a 35 per cent increase from last quarter.

The HTTPS at the beginning of a web address (also called the SSL) merely signifies that the data sent between a user's device and the website is encrypted to prevent third parties from accessing it. 

With a legitimate website, this means that the data sent between a user and the site can not be accessed by anyone else. However, if the site happens to be hosting a phishing scam, then encrypting the data sent from a device will not actually protect the user and could very well fool them into thinking the site they've visited is legitimate.

Hidden in plain sight

Cybercriminals have a real knack for devising new ways to trick users and hosting phishing scams on websites that appear secure is quite effective because the idea that the padlock indicates a site is secure is almost ingrained in the minds of many internet users today.

Last year, PhishLabs conducted a survey which found that more than 80 per cent of respondents believed the green lock meant a website is legitimate and/or secure.

The company's CTO, John LaCour explained how Google's move to label sites without SSL certificates as not secure contributed to the rise of phishing sites that appear legitimate, saying:

“PhishLabs believes that this can be attributed to both the continued use of SSL certificates by phishers who register their own domain names and create certificates for them, as well as a general increase in SSL due to the Google Chrome browser now displaying ‘Not secure’ for web sites that do not use SSL. The bottom line is that the presence or lack of SSL doesn’t tell you anything about a site’s legitimacy.”

  • Protect your security online with out top picks for the best antivirus


from TechRadar - Internet news https://ift.tt/2FIywwY
via IFTTT

YouTube plans to make its Originals free to watch with ads from next year

YouTube is embarking on a bold new strategy regarding its original content, with the Google-owned video platform set to provide users with free, ad-supported versions of its YouTube Originals shows, as reported by Variety.

Though previously only available as part of a paid subscription service, YouTube Originals (like the utterly fantastic Cobra Kai) will be made available with ads interspersed in 2019 – no YouTube Premium subscription required.

“As we look to 2019, we will continue to invest in scripted programming and shift to make our YouTube Originals ad supported to meet the growing demand of a more global fanbase,” said a spokesperson for YouTube.

The statement continued, “This next phase of our originals strategy will expand the audience of our YouTube Original creators, and provide advertisers with incredible content that reaches the YouTube generation.”

More like YouTube 'Freemium'

The second part of YouTube's statement suggests there will be more focus on celebrity creator content and less on scripted shows going forward, something echoed by Hollywood Reporter, which reports "a serious budget reduction" behind the scenes. 

That said, it's good to know that YouTube hasn't completely turned its back on scripted shows just yet, with a second season of Cobra Kai already in the works, along with a number of other projects, including the anthology series Weird City, produced by Jordan Peele (Get Out) and Impulse from Doug Liman (Edge of Tomorrow, The Bourne Identity).

According to Variety, those who subscribe to YouTube Premium will continue to receive ad-free and offline videos across the entire platform, YouTube Music Premium, and the added bonus of early access to its original and exclusive content in the near future.



from TechRadar - Internet news https://ift.tt/2ArFZKZ
via IFTTT

UK IT directors would pay cyber-ransom

Almost half (47%) of UK IT directors would 'definitely' be willing to pay a ransom rather than report a breach to the authorities according to new research from Sophos.

With GDPR now in effect, businesses could actually end up paying more in penalties than they would to hackers which is why so many IT directors have considered just paying a ransom to unlock their data from cybercriminals.

Sophos's research also revealed that 30 per cent of UK IT leaders would 'possibly' consider paying the criminals' ransom if it was lower than the possible penalty for a breach. Only one in five (18%) respondents completely ruled out paying off their attackers.

Small businesses were least likely to consider paying a ransomware demand with more than half (54%) of IT directors at UK companies with fewer than 250 employees ruling out paying their attackers.

Ransom over penalties

Of the 906 IT directors and managers surveyed in Belgium, France, Ireland, the Netherlands, UK and Ireland, UK IT directors are significantly more likely to pay than their counterparts in other Western European countries.

Irish IT directors were the least likely to pay with just 19 per cent saying they would 'definitely' be willing to pay a ransom over a larger fine.

IT directors in France, Belgium and the Netherlands were also less likely to pay a ransom. Only 33 per cent of respondents in France, 24 per cent of those in Belgium and 38 per cent of IT directors in the Netherlands said they would 'definitely' be willing to pay.

UK Managing Director at Sophos, Adam Bradley offered further insight on the findings of the study, saying:

“It is concerning to learn that so many UK IT leaders misunderstand the threat and consequences of even a minor data breach. Companies that pay a ransom might regain access to their data, but it’s far from guaranteed and a false economy if they do it to avoid a penalty. They still need to report the breach to the authorities and would face a significantly larger fine if they don’t report it promptly.

“It is surprising that large companies appear to be those most likely to pay a ransom. It is a mistake for companies of any size to trust hackers, or to expect that they’ll simply hand the data back. Our advice? Don’t pay the ransom, do tell the authorities promptly and make sure you take steps to minimise the chances of falling victim again.”

  • We've highlighted the best VPN to help you stay secure online


from TechRadar - Internet news https://ift.tt/2FGJ7s7
via IFTTT

Tuesday, November 27, 2018

Consumers would sue companies that misuse their data

Just six months on from the implementation of the General Data Protection Regulation (GDPR), new research from Thales eSecurity has revealed that more than two thirds (69%) of consumers would consider legal action against any company that failed to manage their data properly under GDPR.

The company surveyed 1,000 UK consumers and 250 IT decision makers to discover that 86 per cent of consumers would consider switching to another company after a data breach and 35 per cent stated that a data breach under GDPR would 'definitely' give them a negative perception of the a company.

Surprisingly 17 per cent of UK consumers said they still had not heard of the regulation compared to just nine per cent in Germany. However, a quarter (25%) of people in both regions revealed that they could not explain what GDPR is.

Thales eSecurity also questioned members of the C-Suite as to whether their organisation was prepared for the legislation in time for the May deadline and 84 per cent of businesses reported being 'completely' ready with 11 per cent being somewhat prepared. The manufacturing and utilities industries had the highest preparedness rates at 91 per cent while retail had the lowest across both countries at 78 per cent.

Cost to businesses

UK businesses also ranked second when it came to financial investment into preparing for GDPR. Spending in the UK averaged £86,806 while German organisations invested an average of €210,653.

Only three out of ten enterprises across the UK spent over £10,000 preparing for the regulation whereas more than half did the same in Germany. On the other end of the scale, 16 per cent of German organisations invested between €500,000 to €1m to become compliant compared with just five per cent of organisations across the UK.

GDPR has also affected how enterprises interact and engage with third-parties with 38 per cent admitting to completely changing their security policies with contractors or vendors while 24 per cent partially changed their policies.



from TechRadar - Internet news https://ift.tt/2AusUkb
via IFTTT

Microsoft reveals more on recent software hiccups

After investigating the November 19 worldwide multi-factor-authentication outage, Microsoft's Azure team has revealed the root causes of the disruption that affected a number of its users.

The team has discovered three independent root causes along with monitoring gaps that resulted in Azure, Office 365, Dynamics and other Microsoft users from being unable to authenticate for most of that day.

Microsoft's Azure Active Directory Multi-Factor Authentication (MFA) services were down for many customers for 14 hours on November 19 and since Office 365 and Dynamics also use this service to authenticate, their users were also affected.

The first root cause appeared as a latency issue in the MFA front-end's communication to its cache services. The second was a race condition in processing responses from the MFA back-end server. A code update rollout, which began in some data centres on Tuesday November 13, was responsible for these two causes.

A third root cause, which was triggered by the second, led the MFA back-end to be unable to process any more requests from the front-end despite the fact that it appeared to be working correctly based on Microsoft's monitoring.

Future MFA improvements

European, Middle Eastern and African (EMEA) and Asian Pacific (APAC) customers were the first users to be affected by these issues. However, as the day continued, Western European and then later American data centres were hit.

Microsoft has laid out a series of next steps to further improve its MFA service including a review of its update-deployment procedures, a review of its monitoring services a review of the containment process and an update to the communications process for the Service Health Dashboard and monitoring tools.

The company plans to have most of these steps completed by December with the exception of its containment process review which it aims to complete by January.

Via ZDNet



from TechRadar - Internet news https://ift.tt/2FJZ9BO
via IFTTT

Exclusive web hosting deal: InMotion now available from just $2.95 per month

The massive Cyber Week of deals is over, right? WRONG, dear reader. At least when it comes to website hosting services and, in particular, InMotion Hosting.

That's because we've just been given an exclusive web hosting deal to tell you about from InMotion - that's right, this one's just for TechRadar visitors and is only available until this Friday November 30.

So what's the deal? It's 67% off InMotion Power, which is the company's best value plan. That takes the monthly price down to a mere $2.95 (around £2.30) when you sign up for a three year plan. With that, you get all the premium web hosting features you could need for a small business (or very serious hobby).

We're talking themes, templates, SSD storage, SSL and a free domain all thrown in. InMotion Power gets you not one, not two, but six websites, unlimited emails, marketing tools, a security suite, unlimited bandwidth and unlimited storage. All this plus turbo charged speeds.

Our EXCLUSIVE InMotion Power web hosting discount:

In addition to that, TechRadar readers can also get a 53% reduction on InMotion Pro - its most premium subscription - at a discounted rate of $7.49 (roughly £5.90) per month. Pro is an obvious upgrade for developers and growing businesses, as it adds unlimited websites doubled performance speeds and additional support in to the mix. 



from TechRadar - Internet news https://ift.tt/2TQJpjb
via IFTTT

Uber fined £385,000 following UK data breach

Uber has been fined £385,000 for failing to protect customer information following a major data breach.

The taxi-hailing app was punished by the Information Commissioner's Office (ICO) after the breach, which saw the personal details of around 2.7 million UK customers put at risk back in October and November 2016.

Account details of 82,000 Uber drivers based in the UK, including their payments received and journey details, were also taken during the incident.

Uber has also been fined by the data protection authority in the Netherlands, the Autoriteit Persoonsgegevens, being ordered to pay €600,000 after 174,000 users in the country were also affected.

Uber data breach fine

Uber did not tell the customers or drivers affected about the incident for more than a year, instead paying the attackers responsible $100,000 to destroy the data that had been downloaded.

“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen," said ICO Director of Investigations Steve Eckersley. 

"At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”

Eckersley added that Uber paying the attackers but not disclosing this was not "an appropriate response" to the attack.

And although the company was not legally obligated to report the breach (which took place before GDPR came into force, so was covered by the older Data Protection Act 1998, the ICO noted that "Uber’s poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected.”

  • Want to ensure you stay private online? The best VPN services of 2018


from TechRadar - Internet news https://ift.tt/2rfy5QV
via IFTTT

A click away from catastrophe

There's a common (if dismissive) joke among security professionals that says, "the biggest vulnerability in any system is between the chair and the computer." People are just as easily tricked as computers, perhaps more easily. In fact, IBM’s 2018 Cyber Security Intelligence Index reported that human error was responsible for two-thirds of compromised records including a historic 424% jump in misconfigured cloud infrastructure.

To complicate matters further, over half of all security attacks are caused by those who had insider access to organisations’ IT systems. Companies themselves can be responsible for hundreds or thousands of employees, each with their own unique set of behaviours, motives and working practices. Detection technology and security packages, no matter how sophisticated, will always be limited by this human factor, which is often thwarted by these social engineering techniques.

An old-fashioned con: how we are duped

Social engineering at its core is the art of lies and manipulation, the oldest tactics in the book of deception. Through typical social engineering online today, humans are psychologically manipulated by exploiting cognitive biases and schema in order to steal information. 

There are several ways that cybercriminals can manipulate via social engineering. One of the most prevalent is phishing, in which cybercriminals seek to obtain private information or credentials via seemingly legitimate means. For example, a victim could receive an email that appears to be from a co-worker, vendor or other business associate, asking a user to share log in details, passwords or financial information.  

Similarly, spear phishing targets individuals and organisations to acquire information by masquerading as a legitimate entity. Russian hacking group Fancy Bear recently attempted a spear phishing attack, wherein victims were almost tricked into visiting mimicked US midterm election campaign domains allowing the group to see and steal login information of users.

Lesser known tactics: archaic trickery

Another typical confidence trick for information gathering purposes is waterholing or ‘watering hole attack’, named so as frequently visited websites are exploited. This exploit will drop malware into their machines, such as a remote access trojan, whereby the attacker can then begin exfiltrating data.

Even more archaically, the ‘baiting’ method sees an attacker luring their victims into executing code, usually by piquing their curiosity or otherwise convincing them to run hardware or software with hidden malware. For example, innocent looking USB sticks handed out at a conference as giveaways could actually contain malware – a person risks a malware infection anytime they accept and use a USB given to them.

Pretexting is when an attacker creates a plausible scenario that they trick their victim to play along with in order to steal their information. It relies on fostering a false sense of trust with the victim, who is convinced to give the attacker the benefit of the doubt.

How security training can mitigate social engineering hacks

Increasing the awareness of social engineering scams and methods at an organisation via ongoing training, alerts and testing is an effective way to improve security and behaviour. Attackers probe for weaknesses not only in software code and in networks but in individuals as well. Social engineering hacks have been so successful because they require no knowledge of code – it can be as simple as tricking a user into clicking on an ad, a video or an email. With attacks coming from nation states, hacktivists and financially-motivated threat actors, organisations need to invest in training and technology upgrades like two-factor authentication to make gaining access more difficult. Each device and each individual represents a potential attack vector. 

Paul Farrington, Director, EMEA Solution Architects at Veracode



from TechRadar - Internet news https://ift.tt/2FHDiL3
via IFTTT

Monday, November 26, 2018

Mobile networks outpacing Wi-Fi around the world

The common assumption that a Wi-Fi hotspot is faster than cellular data is not always true as a new study from OpenSignal has revealed that mobile data is faster than Wi-Fi in 33 countries.

The difference in speed is also quite striking and in places like Australia, Oman and the Czech Republic cellular users typically have a 10Mbps advantage over Wi-Fi. However, in places like Austria, Iran and South Africa, cellular networks have a multi-megabit advantage over Wi-Fi.

There are also many countries where cellular and wireless speeds are about the same. In countries with relatively fast home broadband such as Hong Kong, Singapore, South Korea and the US, Wi-Fi has a clear advantage over cellular networks.

At the same time though, LTE offers a clear advantage in areas like Lebanon where download speeds tend to be 25Mbps faster than on Wi-Fi.

Arrival of 5G

The findings of OpenSignal's study suggest that device manufacturers and users need to rethink the assumption that Wi-Fi is always faster than cellular data. While that may have been the case when smartphones first arrived, it is no longer true in many areas of the world.

With 5G set to roll out next year, cellular speeds are set to improve even further. Though just as it was with the introduction of 4G LTE, there will likely be issues that lead consumers to switch back to Wi-Fi instead of staying on cellular data.

Disruptive Wireless' Dean Bubley explained to The Register how it will be difficult to ensure good coverage indoors during the early days of 5G, saying:

"At 26/28GHz, there will need to be an outdoor unit, connected to an indoor Wi-Fi-enabled hub. But it will need power, either way. So either people need to run an electricity cable up the wall of the building, or drill a hole for a power-over-Ethernet cable between them. And install the outdoor antenna on a bracket (like satellite dishes of yore). Not self-install, and not great if you live in an apartment or rented house." 

Via The Register



from TechRadar - Internet news https://ift.tt/2FJ4M34
via IFTTT

Thursday, November 22, 2018

Helping marketers turn data into value

The buzz around Artificial Intelligence (AI) has reached a fever pitch in recent months because it solves a genuine problem for businesses; it helps to manage and process complex data, so they can change the way they engage, understand and interact with their customers.  

Just think – a digital campaign targeting tens of millions of people, in dozens of markets, creates more data in a day than an entire year’s worth of campaigns would have created just a decade ago. Tasks have become more time-intensive and brands are adapting to digital platforms more slowly than they’d like because they are simply collecting more data than they can manage. In fact, Adobe’s recent “Context is Everything” research found that more than half (59%) of UK brands cannot process data quickly enough, while 52% believe they are collecting too much data from too many sources.

So, how can customer experience teams, both in IT and marketing, find answers in this sea of information to stay relevant to their customers and be more efficient? And how can they help uncover new insights which will inform future activity?

Communicate the benefits

One of the biggest benefits of AI is that it allows companies to spend less time looking at the past and more time gaining a step on the future. Most analytics solutions (even recent ones) were only designed to collate and summarise facts. They combine data on customers, content performance and third-party sources into a more digestible format that serves a marketing team’s reporting needs. Of course, this is hugely valuable information, but they are still limited to asking the same questions they’ve always asked, just on a larger scale.

Now, with AI, brands are uncovering insights they didn’t even think to explore. For example, marketers are finding more interesting combinations of data sets which can have much broader implications than what that data says on the surface. It can take months or even years to uncover patterns that reveal it’s time for a change, whereas AI algorithms can do the job in seconds.

This is why nearly 85% of executives believe AI will allow their company to develop or sustain a competitive advantage, according to one MIT Sloan study. Our own research reinforces this point, with the majority (91%) of UK respondents viewing personalisation as a priority. Communicating this message will help brands appreciate how they can use this technology to drive performance and have a direct impact on the bottom line. 

Make AI accessible to everyone

To achieve value from data, they first need to understand the different forms of analytics currently relied on, of which there are four. This will help them to see how they can take performance to the next level:

In particular, many marketers may feel out of their depth. They likely didn’t study IT or data science, and may wonder how they are supposed to understand and use advanced data analytics technologies. But the beauty of AI is that the technology has matured and become far more accessible. 

Novices or occasional users should be able to get useful, actionable insights from their data easily and on their own. They do not need to know how the technology works or be able to develop an algorithm from scratch. 

UK companies have an aggressive timeline for the implementation of AI for business and customer data analytics. Just under three quarters (70%) plan to have implemented AI for business and customer analytics by 2019, going up to 92% by the end of 2020. However, the technology will drive the best results for the business when everyone is empowered to find the information they need, when they need it, and act on it in time. 


 Jamie Brighton is Head of Product Marketing for Adobe Experience Cloud, EMEA. 



from TechRadar - Internet news https://ift.tt/2DD6G2y
via IFTTT

Almost all UK SMBs suffering Wi-Fi issues

Britain's SMBs could be missing out on huge business opportunities due to Wi-Fi problems, according to new research.

A report from Netgear has found that  nine out of ten UK businesses experience at least one issue with their Wi-Fi that has prevented them from meeting business needs. 

The survey of 1000 UK SMBs across more than fifty sectors identified issues including poor coverage (18 per cent), dropped connections (33 percent) and slow connections (38 percent). 

This is despite 82 percent of SMBs considering it important to offer customers a good Wi-Fi connection, of which half (52 percent) rely on Wi-Fi for customer retention.

Time for Mesh?

The benefits of providing Wi-Fi are evident for those businesses that offer free connectivity to customers, with 16 percent saying it increases footfall and 24 percent saying customers spend more time on the premises. 

Over a third (36 percent) said that Wi-Fi is important for attracting new customers, and over 70 percent said that Wi-Fi is important for providing improved customer service.

Netgear believes that mesh Wi-Fi could provide the answer for many of the issues, however many businesses aren't aware of the service. Mesh Wi-Fi networks operate from a main router connected to the modem, which is supported by a number of satellite modules to help create a single network that can cover a much wider space.

“UK businesses recognise that customers expect a good Wi-Fi connection, and many SMBs rely on Wi-Fi for critical revenue-driving functions,” said Ollie Randall, UK Regional Director of NETGEAR. “However, nine out of ten businesses are still experiencing Wi-Fi issues that are easily preventable with mesh Wi-Fi technology.”



from TechRadar - Internet news https://ift.tt/2FCDL1k
via IFTTT

What 2019 holds for the future of business continuity and storage

Disaster tends to strike when you least expect it and a data breach, ransomware attack or even a phishing scam all have the potential to completely derail your business. 

This is why security experts recommend that every company has a disaster recovery plan in place. Unfortunately though, businesses don’t take business continuity as seriously as they should, which is why TechRadar Pro sat down with Arcserve’s VP EMEA Mike Bradley to better understand the biggest threats to business continuity and how organisations can protect themselves.

Mick Bradley, VP EMEA at Arcserve 



from TechRadar - Internet news https://ift.tt/2r1RcOc
via IFTTT

Top UK hacking hotspots revealed

With Black Friday hours away, the UK is in need of a major top-up of its security awareness, according to a new report that shone the spotlight on the most at-risk areas of the country.

Research from security firm ESET surveying 2,000 UK consumers found that 21 percent of Brits have had an online account hacked, showing how cyber threats can affect users everywhere.

Over half of users (51 percent) also admitted to clicking on links in scam emails, causing them to end up on dodgy websites that put their details at risk.

More than two fifths of Brits (44 percent) admitted that they never or rarely changed their email password, and over a third (36 percent) said they had not changed the default privacy settings on their social media networks.

UK security hotspots

Overall, Northern Ireland was identified as the riskiest part of the UK, with nearly one in three users (29 percent) saying they had suffered a hack or breach of their social media or email accounts.

Users in Birmingham and Coventry were found to be the most likely to click on a link in a scam email - and perhaps unsurprisingly also the most likely to fall victim to fraud. Identity fraud was found to be the most common type of fraud across the UK, with men more likely to fall victim than women.

“Email scams are only growing in frequency and it is becoming much harder to spot the ‘good’ from the bad’ as criminals become more sophisticated in their art of deception," said Jake Moore, cybersecurity expert at ESET UK. 

"Never click on or download anything from someone who you aren’t expecting something from and always look at the sender’s email address. If a company emails to say they have locked you out of your account, ask yourself why they would before clicking through in a fit of panic.”



from TechRadar - Internet news https://ift.tt/2PNHvSi
via IFTTT

Facebook appeals against UK Cambridge Analytica fine

Facebook has launched an appeal against the £500,000 fine it was given following the Cambridge Analytica scandal.

The social network says that the penalty handed out by the ICO last month was unfair, as there was "no evidence" that user information was shared inappropriately.

Facebook says that because the watchdog found no evidence that the personal data of UK users was shared without their knowledge, the fine (the maximum value allowed by law) was unjustified.

Around a million Facebook users in the UK are thought to have had their account information unlawfully accessed by agents working for Cambridge Analytica. User information was directly harvested using a free personality quiz on the site, with the public data of their contacts also recorded.

The ICO has noted that Facebook could have faced a much higher fine that £500,000 if the case had taken place under GDPR, which only came into force following the supposed data collection.

Facebook appeal

"Their reasoning challenges some of the basic principles of how people should be allowed to share information online, with implications which go far beyond just Facebook, which is why we have chosen to appeal," a statement from Facebook's lawyer Anna Benckert said.

"For example, under the ICO's theory people should not be allowed to forward an email or message without having agreement from each person on the original thread.

"These are things done by millions of people every day on services across the internet, which is why we believe the ICO's decision raises important questions of principle for everyone online which should be considered by an impartial court based on all the relevant evidence."

The ICO has confirmed it has received Facebook's appeal, which will now be considered by the independent General Regulatory Chamber tribunal. 

If Facebook is unhappy with the outcome of the tribunal, it can take its case to the UK Court of Appeal.

  • Want to ensure your online data stays private? Here's our pick of the best VPN service of 2018


from TechRadar - Internet news https://ift.tt/2PI8a2K
via IFTTT

Half a billion Android users downloaded malware from Play Store

Creating fake apps as a means to spread malware is nothing new but a security researcher has discovered that more than half a million users have installed malicious apps posing as driving games directly from the Google Play Store.

The malicious apps were discovered by security researcher Lukas Stefanko from ESET who tweeted that 13 gaming apps created by the same developer were being used to spread malware to Android users. When he first made the news public, two of the apps were trending on the store which gave them even greater visibility.

The apps themselves were created by developer Luiz O Pinto and before Google removed them from the Play Store, they had a combined 580,000 installs.

Not just a racing game

Users who downloaded the apps from Google's store thought they were getting a simple driving game when in reality they received apps that were filled with bugs and crashed every time they were opened.

Once someone opened one of the games in question, the app would download a payload from a domain registered to an app developer in Istanbul that would install malware in the background and delete its icon.

As of now, it is still unclear what the malicious apps do as none of the malware scanners tested were able to reach a consensus on what the malware does. However, the malware is persistent and launches every time the Android device its installed on starts up.

The malware also has “full access” to the device's network traffic which its author could use to steal sensitive data such as a user's credentials.

Via TechCrunch



from TechRadar - Internet news https://ift.tt/2Abc1uy
via IFTTT

Wednesday, November 21, 2018

Users can now log in to Microsoft accounts without a password

Microsoft has announced that Windows 10 users will now be able to log into their Microsoft accounts using its Edge browser without a password.

The company is giving users three different ways to securely log into their Microsoft accounts. 

Users can log into their accounts with Microsoft's biometrics-based authentication platform Windows Hello, with a FIDO2-compatible device from Yubico, Feitian or other manufacturers or with a phone running the Microsoft Authenticator app.

Password-less login is now available for Outlook, Office 365, Skype, OneDrive, Cortana, Microsoft Edge, Xbox Live, Mixer, Bing and the Microsoft store.

Improved security without passwords

Microsoft's Corporate Vice President of its Identity Division, Alex Simons explained in a statement how password-free login will improve security for users while making things even more difficult for hackers, saying:

“Password-less sign-in is a transformational change to how business users and consumers access devices and applications. It combines industry-best ease of use and security to create an experience people are going to love and hackers are going to hate. FIDO2 is a key part of Microsoft’s push to eliminate passwords and devices like the YubiKey 5 are a great example of how we’re working with partners to make this transformation a reality.” 

Simons highlighted the fact that besides being one of the first browsers to implement WebAuthn and CTAP2, Microsoft Edge also supports the “widest array of authenticators” when compared to other browsers. 

He also revealed that starting next year, password-less login is coming to educational and business accounts in Azure Active Directory with enterprise customers getting a chance to test out the feature before the end of 2018.

Via VentureBeat

  • Looking to improve your security online? Check out our picks for the best antivirus


from TechRadar - Internet news https://ift.tt/2FChAYZ
via IFTTT

Amazon suffers customer data breach hours before Black Friday

Amazon has admitted it has been hit by a data breach affecting shoppers just hours before Black Friday.

Customers have reported being contacted by Amazon Customer Service, which said that names and addresses were "inadvertently disclosed" due to a "technical error".

It's not known exactly how many customers have been affected by the breach, although users from multiple countries including the US and UK took to social media to report receiving the email. 

Amazon said that the issue has now been fixed, adding that, "this is not a result of anything you have done, and there is no need for you to change your password or take any other action."

Amazon Black Friday

The company's UK press office has confirmed that the email was genuine, saying in a comment sent to media that, "We have fixed the issue and informed customers who may have been impacted."

However it would not provide any further details, but the news comes a month after a similar email was sent out after an employee was caught selling customer data.

Depending on the details of the breach, Amazon could be in breach of the EU GDPR legislation, meaning it may face a major fine.



from TechRadar - Internet news https://ift.tt/2S3W4O7
via IFTTT

YouTube will stream the entire Lego Movie as an advertisement for the sequel

In preparation for the release of The Lego Movie 2: The Second Part, YouTube will be streaming the original Lego Movie in its entirety over Black Friday.

According to The Verge, the film itself will be (thankfully) ad-free, and will be available to watch for 24 hours from 12am PST on November 23. It will be available as an option if you click on a trailer for The Lego Movie 2.

Everything is awesome

The news comes shortly after YouTube began adding free, ad-supported movies to its roster, giving viewers the opportunity to enjoy the likes of Legally Blonde and Rocky without paying a subscription fee.

"We saw this opportunity based on user demand, beyond just offering paid movies," Youtube's Rohit Dhawan told AdAge. "Can we do ad-supported movies, free to the user? It also presents a nice opportunity for advertisers." 

The Lego Movie 2 will arrive in US theaters on February 8, 2019.



from TechRadar - Internet news https://ift.tt/2OWlBab
via IFTTT

How to navigate Black Friday and Cyber Monday without getting scammed or hacked

With Black Friday and Cyber Monday almost upon us, in the piece below, several cybersecurity experts give their thoughts and advice on how to navigate both shopping days without getting scammed or hacked.

Black Friday and Cyber Monday can make or break a year for retailers, with online becoming a critical channel for most. This necessitates highly available and rock-solid systems to deal with what has become a predictable yet simultaneously overwhelming demand. This shouldn’t just be focused on the underlying IT infrastructure; retailers also need to ensure their applications can handle the onslaught, be it their website, their mobile apps or their in-store payment terminals.

For years, the main driver for security within retail appears to have been PCI DSS, the data security standard merchants must comply with to accept and process payment cards. It’s reassuring to see some retailers join the BSIMM community, which may signal an evolution from a compliance-driven mentality to that of a proactive security mindset. Compliance will always be important, but retailers have much to gain from investing in strategic software security initiatives. This is especially true in territories where privacy legislation is getting stricter. Poor software security leading to information disclosure of customer data can now lead to business-altering fines in Europe, for example.

How to stay safe while shopping online this holiday

So, what are the issues when it comes to shopping online at this busy time of year and what can people do to remain safe?

The key is to identify the legitimate from the fake when a “50% off all iPads” deal is enticing. With all the various data breaches over the past few years, identification is particularly difficult. Some simple options are:

  • If you received an “great deal” email and don’t recognise the source, don’t assume because its personalised that it’s legitimate. 

Visit the website directly and while logged in look for the same deal. If it’s there and still interests you, then go for it. If it’s not, then the fact that the deal was tied to clicking a link in an email should indicate just how suspect the offer was.

Identifying the legitimacy of a “great deal” found on a non-vendor website is a bit harder. That deal might be the result of the website being an authorised distribution channel for the vendor or the website offering a fake deal. Authorised distribution channels will tend to behave in one of two ways – you’ll either purchase directly from them, or they’ll link you to the vendors website and pass along a referral code. 

The nice thing about authorised distribution channels is that neither party tends to benefit from the relationship being a secret. Perform an internet search with both company names and see if there is mutual identification and endorsement. Another thing to recognise is that if the deal site has you click a link and passes a referral code to the vendor, then that vendor will have your item in their cart. 

To avoid being scammed, first ensure you’re logged out from the vendor website and then click the link. That way if the deal site was suspect, they’re less likely to get any personal information from the vendor. Assuming the deal does show up in the cart at the correct price, simply login and complete the transaction.

In addition:

  • Use 2-factor authentication whenever possible.
  • If your credit provider doesn’t offer virtual credit cards, consider using PayPal or Amazon Pay (among other options) as a third-party payment solution. This provides one more layer of security between online stores and your financials.
  • Similarly, Google Pay (among others) will alert you when charges are made to your card. That way, if you’re not the one making a purchase, a red flag is raised early.
  • If you must create a password on the site to complete a purchase, don’t re-use a password. Take advantage of password managers to create new, unique passwords for each site.
  • Don’t allow websites to store your credit card information. Sure, it’s less convenient, but if the website or your account is hacked, the attackers won’t have access to your credit card information. 

Don’t assume your new device is secure

Some of the most popular items bought during Black Friday and Cyber Monday are connected devices. Gary McGraw, vice president of security technology at Synopsys says “when it comes to security, devices, gadgets, and consumer electronics are NOT secure by default.  If your gizmo maker does not mention security, do not assume that the thing you bought is secure.

IoT remains a security disaster waiting to happen.  One of the main problems is that there is no way to update the (broken) software and hardware running inside of IoT devices when new security problems are discovered.  IoT needs to be secure by design and secure by implementation.  Firewalls on the network will not fix this problem

In fact, IoT stuff is only one kind of cloud architecture.  And with cloud architecture…”

Follow this advice to stay safe online, and happy shopping! 

Tim Mackey, Larry Trowell and Nick Murison from Synopsys

  • Also check out our roundup of the best antivirus software to stay safe online this holiday season


from TechRadar - Internet news https://ift.tt/2OUO0xm
via IFTTT

Google search results get niche-specific

Businesses all over the world are trying their best to get to the top of Google’s search results. A higher ranking means that your website will get more views which in turn leads to more products or services being sold. However, understanding how Google’s algorithms work can be a time consuming process and not everyone is an SEO expert.  

To better understand how Google is making its search results more niche-specific, TechRadar Pro sat down with the Director of Searchmetrics’ Digital Strategies Group Björn Beth who filled us in on how these changes could spell the end for generic SEO and content tactics.

Björn Beth, Director of the Digital Strategies Group EMEA, at Searchmetrics



from TechRadar - Internet news https://ift.tt/2Kkshy4
via IFTTT

Tuesday, November 20, 2018

Pure Storage goes all-in on hybrid cloud

In an effort to unify application deployments on-premises and on the cloud, Pure Storage has announced a suite of new cloud offerings that run on Amazon Web Services (AWS).

These new products will allow customers to invest in a single storage architecture that works across cloud and on-premise to flexibly turn data into value across their business.

Enterprise application mobility, combined with emerging technologies like AI, ML and deep analytics, has increased the strategic importance of infrastructure exponentially. Traditional and emerging applications now demand flexible, location-independent data accessibility and this has certainly had an impact on infrastructure.

Applications require the ability to move freely between on-premises and the cloud as organisations now need real-time access to any and all data.

Adopting a hybrid approach  

Chairman and CEO of Pure Storage, Charles Giancarlo explained how the division between cloud and on-premises requires a hybrid approach, saying:

“Today, there exists a cloud divide - the cloud is not purpose-built for enterprise applications, and enterprise infrastructure isn’t as user-friendly as the cloud. Customers should be able to make infrastructure choices based on what’s best for their environment, not constrained by what the technology can do or where it lives. Today's announcement extends Pure's data centric architecture to the cloud, allowing our customers to build hybrid applications that provide true mobility and freedom.”

Pure Storage's Cloud Data Services are a new set of capabilities designed to run Pure Storage software on AWS.

Cloud Block Store for AWS is an industrial-strength block storage that runs on AWS that was designed to enable mission-critical applications to run seamlessly in the cloud. The new offering enables hybrid mobility while adding new storage services to webscale applications.

CloudSnap for AWS provides customers with cloud-based data protection built right into Pure FlashArray. This service allows FlashArray snapshots to easily be sent to Amazon Simple Storage Service (Amazon S3) to enable cost-effective protection in the cloud along with flexible recovery both on-premises or in the cloud.

StorReduce is a cloud-native deduplication technology designed to enable fast, simple, cost-effective cloud backup to AWS S3 storage in conjunction with on-premises flash for fast recovery.

Currently Cloud Block Store is in limited public beta with general availability planned for mid-2019, StorReduce is entering limited public beta with general availability planned for the first half of 2019 and CloudSnap is available now for Pure Storage customers.



from TechRadar - Internet news https://ift.tt/2A801tM
via IFTTT

Why industry-wide standards are needed for the future of the automotive industry

Competition within the automotive industry has accelerated in recent years, with new players coming out of other innovation hotbeds, such as Silicon Valley and Israel, tapping into a budding demand for progressive in-car experiences faster than most automakers can keep up. The impact of the legacy car and its traditional consumer group – the one that focuses on engine performance, brand loyalty, driving dynamics and aesthetics – is shrinking and a new generation of motorists with different priorities is growing in dominance.

While competition can result in engineering masterpieces, meeting this new demand for shared and open mobility, safer roadways, connected vehicles, and user experiences that model what’s found in the home or at the office is going to be an uphill battle without collaboration. This is especially true if our society wants to see the safety benefits of Level 5 autonomous cars on the roadways.

The case for industry-wide automotive standards

Traditional automotive business models are going away, replaced with new and exciting opportunities for selling connected mobility. The way consumers buy, use and interact with vehicles is likely going to change and there will be new network requirements to make all of this connectivity function reliably.  

In an age of rapidly changing and hard-to-predict consumer needs, automakers can no longer function in a silo. The investments needed to realize visions such as mass car-sharing or autonomous driving are simply too enormous and impracticable for a single company or a single industry to bring to fruition. This means all market participants – from automakers and tech companies to government road operators - should come together in an alliance to agree on a common foundation.  

The development and use of industry standards can also bring a sense of clarity to the various future mobility stakeholders and help create partnerships for advancement. Whether standards are implemented intra-industry, cross-industry or between government and the private sector, a standard is a common vernacular that everyone involved can work from to enable consumer safety and public trust. Doing so is going to be foundational to achieving widespread adoption of advanced vehicle tech.

Where standards are needed most

In the same vein that the internal combustion engine has been the agreed-upon standard of propulsion for the past century, these ideas of a safer and smarter road network will need a standard solution for transferring data. To some, this should be dedicated short-range communications (DSRC) and its European counterpart ITS-G5. Already in practice today on a small scale, such as electronic tolling, these Wi-Fi solutions could be supplemented or replaced by cellular-based communication infrastructure otherwise known as 5G.  

5G-fueled cellular vehicle-to-everything (C-V2X) technology provides data rates up to 20 Gbps and ultra-reliable, low latency communications with only 1 ms delays, making it suitable for the vast data transfer needs of a connected car. While it will take more work to establish a 5G network for cars rather than the already established Wi-Fi systems, the capabilities of 5G are too great to ignore, meaning a coalition of various industry players – from telecommunications providers and state DOTs to automakers and tech suppliers – need to come together to agree upon a network system that compliments rather than competes.  

Because automakers will need to start embracing digital interactions more by adopting techniques from tech suppliers typically more associated with consumer electronics than automotive components, cross-industry collaboration to agree upon a single network standard is going to be critical to realize the potential of the connected car.    

Dr. Mike Peters, President, Connected Car Division at HARMAN



from TechRadar - Internet news https://ift.tt/2BjvIlE
via IFTTT

Blog Archive

Web Resource

Total Pageviews

Copyright Design jitu it's222. Powered by Blogger.

Text Widget