Security News

The Internet’s Most Tempting Targets
2022-01-21 21:03

For every 1,000 assets on an attack surface, there is often only one that's truly interesting to an attacker. Attackers likely put it top of their list because 1) there is a known exploit; 2) Solarwinds is typically a mission-critical technology for a business that could give an attacker privileged access; and 3) it's widely used.

Avira also mines imaginary internet money on customers' PCs
2022-01-10 18:36

Germany-based security biz Avira's antivirus has enabled a new feature: "Avira Crypto". As NortonLifeLock also bought Avast last year, it will be interesting to see if its owner's new-found fondness for imaginary internet money will soften Avast's strong anti-cryptocurrency-mining stance.

QNAP: Get NAS Devices Off the Internet Now
2022-01-07 16:14

Get your internet-exposed, network-attached storage devices off the internet now, Taiwanese manufacturer QNAP warns: Ransomware and brute-force attacks are widely targeting all network devices. "The most vulnerable victims will be those devices exposed to the Internet without any protection," QNAP said on Friday, urging all QNAP NAS users to follow security-setting instructions that the Taiwanese NAS maker included in its alert.

QNAP warns of ransomware targeting Internet-exposed NAS devices
2022-01-07 13:20

QNAP has warned customers today to secure Internet-exposed network-attached storage devices immediately from ongoing ransomware and brute-force attacks. "QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP networking devices," the Taiwanese NAS maker said in a press release issued today.

EV certificate usage declining: Is the internet becoming more secure?
2021-12-13 06:00

Driven by the acceleration of digital transformation and cloud migration during the pandemic, the analysis of the world's top 1 million sites over the last 18 months shows that in many ways, the internet is becoming more secure. Despite the adoption of stronger encryption protocols, many companies continue to use legacy RSA encryption algorithms to generate keys, which in conjunction with TLS certificates, act as machine identities that authorize secure connections between physical, virtual and IoT devices, APIs, applications and clusters.

Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk
2021-12-10 21:29

The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Log4j is used as a logging package in a variety of different popular software by a number of manufacturers, including Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and video games such as Minecraft.

Kafdrop flaw allows data from Kafka clusters to be exposed Internet-wide
2021-12-06 14:36

Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than 20 million times. Companies affected range from major global players to smaller organizations in healthcare, insurance, media, and IoT - basically anyone using Kafdrop with Apache Kafka, an open-source distributed event streaming platform, for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.

Russian internet watchdog announces ban of six more VPN products
2021-12-02 16:04

Russia's internet watchdog, 'Roskomnadzor', has announced the ban of six more VPN products, bringing the total number to more than a dozen, shows a notification to companies in the country. The latest services added to the list of banned VPN services are Betternet, Lantern, X-VPN, Cloudflare WARP, Tachyon VPN, PrivateTunnel.

Germany to force ISPs to give discounts for slow Internet speeds
2021-11-24 19:08

A new regulation coming in the form of an amendment in the Telecommunications Act of Germany could radically change the relationship between consumers and internet service providers. According to the draft, users will be able to test their internet speeds and, if there's a too large deviation between their real-world results and what their ISPs promised, they will be eligible for a bill discount.

German law enforces bill discounts for slow Internet speeds
2021-11-24 19:08

According to the draft, users will be able to test their internet speeds and, if there's a too large deviation between their real-world results and what their ISPs promised, they will be eligible for a bill discount. The discount amount will be comparable to the deviation between the contractually agreed Internet speeds and the actual ones.