In spring of 2019, AV-Comparatives ran a team-building event, in which their research team was asked to find security bugs on macOS. This was actually planned as a nice event with co-operative activities, but it happened that they found a security flaw on macOS Mojave 10.14.4 and earlier versions. The issue allows Gatekeeper to be bypassed, and unsigned apps from outside the App Store to be executed. The method used does not require any specialist knowledge or programming ability. Anyone who can create, copy and rename folders in Finder could do it, with a few very simple instructions.
Spotlight on security: the inconvenient truth about CEO-impersonation fraud
Reported incidents of CEO-fraud or business email compromise (BEC) scams are so bizarre that most people think they are urban myths, told by security specialists to spice up their business and catch the attention of board-level executives. Sadly, these “April Fools’ Day” story lines have the opposite effect on C-level management. Let’s take a look at a recent € 19.2 million CEO-fraud case and put BEC-scams in a cyber-crime perspective to see whether you still think “it won’t happen to me”.
Spotlight on Security: why the claims of Google Play Protect are misleading
In October, Google announced two contract changes for European Android device vendors. One concerned a minimum security-patch requirement, and the other involved charging a fee for Google services (e.g. Google Play Store). These announcements indicate that many Android smartphones suffer from significant security weaknesses. Let us explain (and prove) why Google’s claims about the effectiveness of their Play Protect service are misleading, to say the least.
Spotlight on security: Politics and cyber security, a troubled relationship
The relationships between various countries in the world are worsening, not only with regard to economic and political issues, but also in the field of cybersecurity. The recent bans on Chinese (such as Huawei) and Russian security products (such as Kaspersky Lab) are examples of the troubled relations between politics and cyber security.
Malware in the media – why healthcare systems are under attack
Also this summer incidents were reported in general news media involving cyber- and ransomware-attacks on healthcare organizations. Cyber-attacks on healthcare organizations are not uncommon. According to CSO-online “the healthcare experiences twice the number of cyber-attacks as other Industries”. Why are health care systems so often attacked?
Spotlight on security: The problem with false alarms
False Positives (FPs, also known as False Alarms) are harmless and legitimate programs that are incorrectly identified as malicious by an antivirus program. A false positive can have very serious consequences. In some cases, it will not be possible to run a legitimate program if it is blocked by the security software.
Spotlight on security: Why do AV products score so highly in professional tests?
This question often arises on security-focussed internet forums. Why do antivirus solutions perform worse when tested by amateurs than when tested by professional testing organizations? It seems odd when hobbyist home testers publish tests on YouTube that seem to be a greater challenge to the AV programs than the comparative tests of professional organizations. Despite popular conspiracy theories, there is a logical explanation for these apparently contradictory test results.
AV-Comparatives redesigned website
About one month ago we launched the redesign of your new AV-Comparatives website, which illustrates our expanding role as a global leader in IT security testing for consumer and enterprise users.
To make it easier to find what you want quickly, we have split the site into two areas, Consumer and Enterprise. Each area gives you easy access to the relevant test results, methodology and charts. In both areas, the charts and test results pages have been completely redesigned.
Malware in the media – Same old song with a different meaning?
No, we are not going to talk about the classic Motown song out of the sixties performed by the Four Tops. This month’s blog is about Mark Zuckerberg’s promise, GDPR, Facebook’s new data leak and politicians putting their money where their mouth is. The question is, will that money be put on privacy or security?
Spotlight on security – The end of Net Neutrality?
Normally we post on what security news topped the media. This month’s blog covers the end of the Net Neutrality legislation. Net neutrality was initiated by the Obama administration. Ironically Trump buried both Net Neutrality legislation and media coverage with his historic meeting on neutral grounds with Kim-Jong un. Is Net Neutrality legislation obsolete or has ‘the open internet for all’ just suffered a serious setback?