Business

Microsoft has patched yet another bug in OLE, this time one that’s 19-years-old. While it is extremely surprising this bug hadn’t been discovered earlier, the crucial question here is the use of the underreviewed legacy code that developers have to drag along for decades.

Will mankind become overrun by technological and information threats while future humans’ raison d’etre would be to keep the machines going “Metropolis” or “Matrix” style? We don’t know. The future remains a product of our imagination until it comes true, while our reality is the consequence of actions.

The newly disclosed Darkhotel APT campaign will surely draw increased scrutiny to hospitality systems’ security worldwide. Hoteliers acknowledge the existence of security problems in their software systems, and many are opting to move these systems into the cloud. Is this a viable solution?

Securelist has published extensive research on BlackEnergy. Initially a DDoS crimeware, it turned into a huge collection of various tools currently used in various APT-type activities, including some “significant geopolitical operations”.

1 in 8 people don’t believe that cyberthreats are real. The threat may go away if you turn your back to it in a dream, but that won’t work in reality.

Kaspersky Lab has just announced the discovery of an alarming APT campaign codenamed “Darkhotel,” targeted mainly at business executives staying at certain hotels in Asia. Luxury hotels offer not just places to stay, but also comfort and privacy. However, their cybersecurity occasionally fails.

Today’s software packages have become so huge and complex that stacks of patches issued one after the other are increasingly common. This has consequences for system administrators.

Car hacking is a topic that resurfaces regularly. Still, a remote takeover of a car’s system is not a reality – yet. It may become a reality without the proper approach to the security of a car’s on-board systems.

Internal and external threats may be quite different in nature, but they demand equal attention from the IT staff in order for the protection to be complete.

Brian Donohue reflects on Kaspersky Government Cybersecurity Forum discussions about cyber-resiliency. We all know what resilience means. Technically speaking though, what does it take to be resilient on the network level?

We’re taking a look at the security features in the new version of Mac OS X – Yosemite. Apple makes a decent effort.

Kaspersky Lab has launched public beta-testing of its enterprise security solution, Kaspersky Endpoint Security 10 Service Pack 1. Take a look at the screenshots showcasing the new features.

Many organizations—especially government agencies or heavily regulated businesses—are nervous about sharing this data, for fear of reprisals if information about successful attacks becomes public. And politicians and security experts say this is an issue that needs to be solved if businesses are going to have the chance to succeed.

Hotels offer not just free WiFi but occasionally even free use of devices such as iPads these days. While it is really nice, a misconfigured device like this may store just a bit too much personal data, easily retrievable by the next visitor…

Every fifth Android-based device protected by Kaspersky Lab security solutions was attacked by malware at least once in 2013-2014. In 60% of the registered attacks the malware used had a “financial” nature. While there’s seemingly nothing unexpected a certain twist is present…

A critical civilian system goes down – it’s a scenario that evokes some apocalyptic pictures of destruction and mayhem; remember, for instance, “Die Hard 4.0”? Actually this could happen with any corporate infrastructure, since all of them have certain critical systems of their own.

Linux bugs may affect or directly threaten entire virtualization infrastructures: Whatever OS is used on VMs, an attack on a hypervisor is possible from both the outside and inside, and exploitation of the dreaded Shellshock vulnerability on Linux-based hypervisors is a possibility, too.

A data access policy becomes an issue for any company as soon as it accumulates a considerable amount of valuable and sensitive data. That doesn’t mean the policy is always in place when it should be, or that it’s implemented properly.

Can a business be “partially” prepared to ward off cyberthreats? That’s up for debate, but it seems there is little difference between “partial protection” and no protection at all.

Vulnerabilities vary. Some are considered critical, some – less problematic; their severity is determined by a few well-known factors such as ease of exploitability and popularity of software. But, no matter their differences they all require serious attention at a constant level, so that when the next Shellshock-like incident occurs, it won’t take cybersecurity world by surprise.

The recent developments with “big bugs” such as Heartbleed and Shellshock created a global security strain, with many questions emerging. Both bugs were open-source software-related, but indirectly they would constitute a threat to Windows-based infrastructure. In this post we review a few scenarios of an attack on mostly Windows-based network with Linux servers at certain points.