Articles about Security

The stark reality of cybersecurity today isn't merely a question of advanced software or strategic counterattacks. It's about people.

The financial impact is undeniable with cybercrime costs projected to reach an astonishing $10.5 trillion annually by 2025. Yet, beneath these figures lies a more pressing issue: the exploitation of human psychology.

Continue reading →

Python’s latest updates add numerous libraries that can be used to perform critical security-related missions, including detecting vulnerabilities in web applications, taking care of attacks, and helping to build secure and robust networks that are resilient to them.

This fully updated third edition of Python for Security and Networking will show you how to make the most of them and improve your security posture.

Continue reading →

The benefits of shift-left security are clear. It puts security testing in the hands of the engineers who write the code, enabling vulnerability fixes to occur before software hit production. This provides fixers with faster feedback loops on vulnerabilities found, as well as ensuring more efficient time to feature delivery and cohesive teamwork between security and development teams. With all the benefits that come with shifting API and web application security left, it’s no wonder that 57 percent of security team members have either already shifted their security strategy left or are planning to do so this year, according to a GitLab survey.

So, how do organizations implement a shift-left security strategy successfully? The answer lies in the popular three-legged stool analogy: assessing the process, people, and technology behind this major organizational change, and how they all can work together interdependently.

Continue reading →

In the era of digital transformation, national security faces complex and multifaceted challenges. To address these challenges, the Department of Defense (DOD) is taking a vigilant approach to fortify the security of cloud infrastructure.

This approach seamlessly aligns with overarching national cybersecurity initiatives, which are focused on countering a multitude of emerging threats in the age of automation. Collaboratively, the DOD and other government agencies are dedicated to strengthening the ever-evolving cloud ecosystem, while navigating an increasingly intricate threat landscape.

Continue reading →

Without intending to be trite, there is a very important role that experience plays in the mitigation of risk. Experience comes into play when you are tasked with prioritizing risks. If you have zero experience in cybersecurity risk management, two critical vulnerabilities have equal weight and importance. But not all critical vulnerabilities can or will be weaponized and exploited. And not all critical vulnerabilities will result in a breach or security incident. This is the difference between a priori (independent from any experience) vs a posteriori (dependent on empirical evidence) vulnerability management.

To be effective at mitigating risk, we need to find ways to make intelligent use of experience in running infosec programs. We need to use not just our own experience, but also the experience of others. This is a form of collective resilience that is crucial to defending against nation states, organized crime and, like it or not, bored teenagers attacking and breaching companies just for the lulz like LAPSUS$. This piece aims to help identify some ways in which we can better prioritize our efforts.

Continue reading →

APIs are unseen. They are not typically a technology that end users interact with directly and are somewhat hidden from their day-to-day activities. Therefore, user understanding of API vulnerabilities and the impact an API security incident could have, when it comes to data breaches, is often lacking.

While data breaches are big news, what regularly isn’t reported is the way in which some of these incidents happen. But the reality is that for many data breaches, the weak links, more often than not, are APIs and improper security around those APIs.

Continue reading →

Microsoft 365 Defender is an XDR platform that provides security across multi-platform endpoints, hybrid identities, emails, collaboration tools, and cloud apps. Mastering Microsoft 365 Defender will teach you how to get started and use Microsoft’s suite effectively.

You’ll start with a quick overview of cybersecurity risks that modern organizations face, such as ransomware and APT attacks, how Microsoft is making massive investments in security today, and gain an understanding of how to deploy Microsoft Defender for Endpoint by diving deep into configurations and their architecture.

Continue reading →

Over the past year, we have seen generative AI and large language models (LLMs) go from a niche area of AI research into being one of the fastest growing areas of technology. Across the globe, around $200 billion is due to be invested in this market according to Goldman Sachs, boosting global labor productivity by one percentage point. That might not sound like much, but it would add up to $7 trillion more in the global economy.

However, while these LLM applications might have potential, there are still problems to solve around  privacy and data residency. Currently, employees at organisations can unknowingly share sensitive company data or Personal Identifiable Information (PII) on customers out to services like OpenAI. This opens up new security and data privacy risks.

Continue reading →

Network management and security should go hand in hand. However, making these services work has become more complicated and riskier due to the growth of the public cloud, the use of software applications, and the need to integrate different solutions together.

This complex network security domain requires more skilled cybersecurity professionals. But as this need becomes obvious, so does the glaring skills gap. In the UK, half of all businesses face a fundamental shortfall in cybersecurity skills, and 30 percent grapple with more complex, advanced cybersecurity expertise deficiencies.

Continue reading →

Every organization in the 21st century understands that keeping proprietary data safe is crucial to its success. However, while business leaders tend to believe their current security products and policies are truly secure, breaches continue to climb. It is clear that despite an ever-increasing number of companies maintaining formalized security programs and annually increasing security budgets, there are gaps that continue to go unnoticed and unaddressed.

Through hundreds of assessments and breach analyses, we have concluded there are eight common weaknesses that most commonly enable threat actors to penetrate organizations’ security armor, move through networks to elevate privileges, and ultimately allow them to compromise defenses. These weaknesses are continuously probed by threat actors, and while they may seem secure at deployment, they often are not; and even if initially secure, they frequently become obsolete due to missed updates, upgrades, changes to the enterprise environment, and evolving threat tactics. A frequent misconception is that security products and processes can be set and then forgotten; but since threat actors’ tactics evolve at an alarming pace, security controls must also be continually adjusted to ensure that organizations’ security armor continues to envelop and protect. In the absence of continuous evolution, the armor and its contents become vulnerable and, often, more at risk due to a false sense of security.

Continue reading →

There is some good news for anyone who wants or needs to stick with Windows Server 2012 for a little longer.

Just a month after Windows Server 2012, Windows Server 2012 R2, and Windows Embedded Server 2012 R2 reached end of support, Microsoft has announced that administrators are able to get three additional years of Extended Security Updates (ESUs).

Continue reading →

For many enterprises, the move to cloud computing has raised concerns for security, but when applications are architected with focus on security, cloud platforms can be made just as secure as on-premises platforms.

Cloud instances can be kept secure by employing security automation that helps make your data meet your organization's security policy.

Continue reading →

Patch Tuesday, the second Tuesday of each month when Microsoft releases updates for Windows, has been with us for a long time now. In fact, Microsoft has been using the predictable schedule for releasing patches for no less than 20 years.

The emergence of Patch Tuesday -- a day anticipated for its bug-fixing and dreaded for its bug-introductions -- dates back to the days of Bill Gates and Windows Vista. In celebrating the incredible landmark of two decades of update releases on a reliable timetable, Microsoft has shared some of the history behind it and reiterated the importance of updating the operating system in this way.

Continue reading →

In a sea of messaging apps, WhatsApp remains one of the most widely used, its popularity buoyed by end-to-end encryption. Meta has now added a new feature aimed at "those who are particularly privacy-conscious".

There is a new option to protect your IP address by hiding it from other WhatsApp users during calls. This is important as IP addresses can reveal quite a lot, including location. While the new call relaying privacy measures are likely to be welcomed, there are a couple of significant caveats to keep in mind.

Continue reading →

It’s no secret the depreciation of third-party cookies has been a popular topic of conversation in the industry. Now, however, Google is making changes that will eventually lead to the demise of third-party cookies. The tech giant is rolling out its Privacy Sandbox initiative in the latest version of Chrome and for Android. With any big privacy change, there is a ton of controversy and impending regulations that may mean the Privacy Sandbox is not the futureproof solution brands hope it is.

So, what can IT teams do to help marketers take back control of their data collection strategies and ethically reach customers during this time of change?

Continue reading →