BetaNews Staff

Passwords have been under attack for a long time. Not just by data breachers, but by people writing, ad nauseum, about how passwords are an ineffective means of authentication. And yet, after years of password warnings by IT departments, and plenty of hand wringing over how passwords need to be more complex and how often people should change them, the most used passwords are easily guessable (things like Password123, 123456 and QWERTY).

Still, passwords remain in wide use today, and we are paying for it. According to the Verizon Data Breach Investigations Report (DBIR), 82 percent  of data breaches are due to the "human element." Chief among this element is stolen credentials, which means passwords.

Continue reading →

As organizations and their customers become more reliant on digital services, DevOps teams are often required to get together quickly to troubleshoot and resolve outages or user experience problems.

However, against the backdrop of the 24/7 economy and a shortage of technology skills, it’s time to reassess whether these 'war rooms' remain an effective tactic for dealing with urgent issues. Or, could they be exacerbating the challenges organizations face in retaining staff and managing skilled DevOps teams’ workloads?

Continue reading →

Since its inception, Microsoft Defender Antivirus (FKA Windows Defender) was considered somewhat of a joke by power users. They would assert that it provided you with the protection of an umbrella in a hurricane. While its deficiencies were often exaggerated, indeed, it didn’t give you the same depth and scope as high-quality third-party solutions. 

When Bitdefender retired its free antivirus solution in 2021 (only to release a new free antivirus in 2022), many turned back to Microsoft Defender. After all, Microsoft should ultimately know the best ways to secure its software. It's surprising it took so long for the company to expand the coverage of its Microsoft Defender line, especially, with the largest share of its revenue being made from intelligent cloud computing.

Continue reading →

When we’re going about our days -- ingesting media from a mountain of different sources -- it is always possible that the information we come across, be it in print, radio, or on the internet, may not be accurate. False information has been around since the beginning of time, but due to the ever-present online world, we are now more likely to consume content that is distorted or fabricated unintentionally.

People are used to having their thoughts shaped by the material they come across online, for example, through influencer marketing or celebrity endorsements. Even if facts don't back up these opinions, they still have a significant impact, and a lot of false news is created to evoke strong emotions. Therefore, it is essential that we take a moment to check if what we have read or heard is true when our feelings are affected.

Continue reading →

Since 2020, several governments and organizations have banned, or considered banning, the immensely popular social media app TikTok from their staff’s devices.

With all these alarming bells ringing, we thought it might be handy to break down what we know and see if we can plot a sensible strategy from there. So, if your hair is on fire, extinguish it and consider this with a cool head.

Continue reading →

While many were marveling at the release of OpenAI’s GPT-4, Monitaur was busy analyzing the accompanying papers that examined the risks and technical design of its latest engine. In this commentary, I examine this through the lens of proper governance, responsible use, and ethical AI, while also considering the larger landscape of language models within which OpenAI sits.

The analysis results were not what were hoped for.

Continue reading →

Historically, some sectors have moved towards a digital transformation quickly, while others have taken longer to progress. Here, we will look at how living in the per-digitalised age can be dangerous, as well as issues surrounding companies falling behind their competitors, and how and why traditional processes can be changed.

Digital transformation happens when companies shift away from traditional methods and introduce technology as a fundamental part of their strategy. This can take place through either digital technology being integrated into an organization or through a cultural shift within the business.

Continue reading →

For the past few months, the tech -- and tech-adjacent -- world has been fascinated by ChatGPT. A generative artificial intelligence (AI) tool that has been open for public use since late 2022, it’s designed to interact with humans to answer questions or develop content based on a prompt written in simple, conversational English rather than a complex data query.

ChatGPT has been used to write Valentine’s Day poems, plan a Thanksgiving menu and write other humorous outputs. It also has quickly become a research hub, programming tutor and source for writing inspiration. Famously, a leading tech news site used ChatGPT to write some of its articles, to varying degrees of success.

Continue reading →

With the creation, storage, and use of data continuing to accelerate dramatically, security vulnerabilities and risks to data integrity are also escalating across the board. The trends are alarming, with one recent study from IDC -- looking at the requirements for ransomware and disaster recovery preparation -- revealing that in 2022, almost 80 percent of organizations surveyed had activated a disaster response. What’s more, 83 percent had experienced data corruption, and most worrying of all, almost two-thirds said that a ransomware attack had resulted in unrecoverable data.

Indeed, there is currently no application type that can be considered to be completely safe from ransomware. Among the wide range of possibilities this situation creates are the risks posed to organizations that are refactoring their applications for Kubernetes. Refactoring is an increasingly popular approach to application deployment, whereby apps are broken down into a range of services that can subsequently be operated independently. One of the key benefits this offers is that the application’s underlying hardware is used more efficiently, while each service can also be scaled as required without impacting other services and resources.

Continue reading →

Developers are constantly innovating better and more efficient ways to deploy software, but not all teams are privy to the new strategies. We as a developer community need to eliminate all gatekeeping and share best practices. What benefits one team will help another, allowing us to continuously build on these improvements together.

Deployment velocity drives business value, but only if the software is reliable. Users won't care about receiving frequent updates if they don't work. Sharing deployment best practices can eliminate manual tasks and enable developers to focus on coding, leading to more reliable deployments and apps and more efficient processes.

Continue reading →

Cybersecurity threats are growing at an alarming rate across the globe while at the same time, cybercriminals are becoming even more sophisticated in their methods of attacks. Meanwhile, the shortage of cybersecurity talent is making it difficult for organizations and industries to meet these constantly shifting security demands.

As such, the cybersecurity landscape has become increasingly challenging. In fact, cybercrime is expected to cost the world $10.5 trillion annually by 2025 but organizations are struggling to build the specialized skills required to manage these growing threats. According to ISACA’s latest State of Cybersecurity Report, 63 percent of enterprises have unfilled cybersecurity positions while labor shortages in the UK have become particularly acute. In fact, while there are currently about 339,000 cyber professionals in the UK (up 13 percent year-on-year), there is still a shortfall of 56,811 workers (up 70 percent year-on-year).

Continue reading →

Our threat researchers at Lares encounter a broad range of security flaws and vulnerabilities when we conduct Purple Team exercises on behalf of our clients. Over time, the same unforced errors seem to come up so often that we warn security teams to develop standardized practices to defend against them.

The Lares Adversarial Collaboration Unit assists clients with defensive collaboration engagements and Purple Team assessments, which combine offensive and defensive techniques to strengthen security protections. Red Teams emulate external or insider attackers, while Blue Teams serve as internal security defenders. Purple Teams assist both sides by aligning the defensive tactics of the Blue Team with the threats attempted by the Red Team.

Continue reading →

It's like in the movie "Groundhog Day". Every 31st March the music plays and on World Backup Day we are reminded of the promise: "I solemnly swear to back up my important documents and applications". A noble goal that every company and every user immediately agrees to.

But in the weeks surrounding World Backup Day, we hear from the media that companies have been hacked and their data hijacked by ransomware. The big promise to restore the data from the backup and thus be resistant to any attempt at blackmail is then broken again.

Continue reading →

Implementing your security approach will depend on how you can translate your approach from strategy into reality. As part of this, you will have to make decisions on what tools you use based on the functions that they cover, how they help you create and use data, and how they work. This latter part is important as all security professionals have their own preferences. One of the big debates here is whether you use agent-based or agentless tools.

Using security tools that rely on agents can be an issue for some security professionals, while others will swear by their agent-based tool of choice, and you would have to pry it from their hands. The challenge here is when you have a combination of complex environments to consider, faster software development goals to support, real-time security pressures to contend with, and more data than you know what to do with. So what approach should you choose?

Continue reading →

It is no secret that the web browser is becoming an increasingly popular target for cybercriminals looking to compromise an endpoint to gain entry to a network. The increased business use of the browser (remote work) on networks that lack the perimeter security infrastructure of traditional campus networks has made them easier to exploit. In recent months, we have seen an increase in cyberattacks and data leaks caused by browser-related security incidents, including a data breach caused by a phishing attack on Dropbox that gained the hacker access to over 100 of the company’s code repositories in November, and December’s CircleCi breach resulting from an infection of information-stealing malware.

Highly Evasive Adaptive Threats, or HEAT attacks, are a new spin on existing browser exploit techniques that make them much more dangerous. These attacks exploit browsers by leveraging features and tools to bypass traditional security controls and then attack from within, including compromising credentials or deploying ransomware. Comprised of known tactics such as phishing messages, HTML smuggling and dynamic drive-by downloads, these attacks frequently target SaaS applications and other web-based tools that are critical to productivity.

Continue reading →