Sophisticated phishing campaigns bypass enterprise secure email gateways

Attack route

A new report from Cofense based on data from its Phishing Detection Center identifies over 1.5 million malicious emails bypassing customers' secure email gateways (SEGs), a 37 percent increase in threats compared to 2022.

The report shows that SEGs struggle to keep pace with sophisticated phishing campaigns and that relying on 'good enough' email security is no longer an option for most enterprises.

Continue reading

New solution secures any browser for the enterprise

Computer security

With more and more businesses relying on SaaS solutions, securing the endpoint browser is vital. Often this involves enterprises imposing a particular browser on their users rather than allowing a choice.

In a new approach, Menlo Security is launching a complete enterprise browser solution that can turn any browser into a secure enterprise browser.

Continue reading

Windows 12 Mobile is everything a phone operating system should be

Win12-Mobile-Hero-

Microsoft made a significant investment in Windows 10 Mobile, including acquiring Nokia to produce its own handsets. Despite the strengths of the tiled mobile operating system, it was unable to compete with the dominant iOS and Android platforms. While Windows 10 went on to become a hugely successful operating system for PCs and tablets, Microsoft was eventually to abandon its mobile ambitions.

Although the tech giant has yet to announce Windows 12, if you’re wondering how that OS would look and perform in the mobile space, we have an answer.

Continue reading

The phishing bait you're most likely to take

phishing keyboard hook

Phishing is the most common form of cyberattack as criminals seek to obtain credentials to access bank accounts or corporate networks.

Abnormal Security has analyzed which phishing attacks generate the highest click rate and categorized them based on the words included in the subject line.

Continue reading

TikTok under investigation for failing to protect minors and using algorithms that promote addiction

TikTok on phone

The latest online service to find itself facing scrutiny from the European Commission is TikTok. The Chinese-owned, video-based social media platform faces a probe from the Commission after an initial investigation into whether the company had breached the Digital Services Act (DSA).

Particular areas interest are TikTok's use of algorithms to surface content, with investigators worried about whether they create a "rabbit hole effect" and encourage addictive behavior. TikTok also faces criticisms for various failures to protect younger users, but there are concerns about the overall transparency of the platform, but especially in relation to advertising.

Continue reading

rSIM: A new technology to improve mobile connectivity for IoT devices

rSIM

A new intelligent SIM card technology, known as rSIM (Resilient SIM), has been introduced in partnership with global operators Deutsche Telekom IoT and Tele2 IoT. The rSIM technology is designed to enhance network connectivity for IoT devices by offering an “always on” solution that aims to improve network resilience.

The rSIM is the world's first resilient SIM card that checks its own network connectivity and automatically switches between mobile operator profiles when disruptions occur. This technology allows two independent mobile operator profiles to be stored on a single SIM card, effectively upgrading a Single SIM device to a Dual SIM. By switching to a backup mobile operator profile in the event of an outage, rSIM aims to reduce the risk of disconnection, providing a potential solution for uninterrupted internet access for IoT devices.

Continue reading

Can Wyze be trusted after recent security incident?

IMG_7307

Wyze customers experienced a service disruption last Friday morning due to an outage originating from their partner, Amazon Web Services (AWS). This incident temporarily disabled Wyze devices, preventing users from accessing live camera feeds and event recordings. The company has since apologized for the inconvenience this caused.

During efforts to restore camera functionality, a security issue emerged. Approximately 13,000 Wyze users inadvertently received thumbnails from cameras that were not their own, and 1,504 users interacted with these thumbnails. In some instances, users were able to view event videos from other accounts. Wyze has confirmed that all affected users have been notified and reassured that the majority of accounts remained unaffected.

Continue reading

90-day certificates to drive spike in outages unless businesses act now

Technical Difficulties message on a black keyboard

Last year, the Chromium Project -- a Google-backed open source browser project -- released its roadmap for building a safer, faster, and more stable Internet, containing recommendations to reduce the lifespan of Transport Layer Security (TLS) certificates from 398 days to 90. This was a starting gun to the industry. As the operator of Chrome, Google has the power to enforce shorter validity periods by making them a requirement -- which will likely become the de facto standard across all browsers soon after.  

When these changes come into force, every business that uses TLS certificates -- i.e. every business that connects services with the internet -- will be impacted. TLS certificates are machine identities, they enable systems to talk to each other securely over the internet. If they are not reissued or replaced before they expire, the service they are connecting stops working. This results in hugely costly outages, disruption, and increased security risks -- and it’s something that everyone has experienced with their browser through a 'can’t connect to untrusted site- error.  

Continue reading

Cybersecurity success -- elevate your defense against cyber threats

Security breach

As cybercrime continues to increase, organizations must consider actions to improve their cyber security and cyber resilience. There are constantly new ransomware and data breach headlines hitting the news, and, according to research, a company falls victim to a cyberattack every 39 seconds.

To bolster cybersecurity, organizations must maintain constant awareness, and they should regularly update systems, encrypt and backup data. Cyber security is an ongoing action, it requires constant vigilance as cybercriminals are always looking for new ways to exploit systems and steal data. In addition, 85 percent of all organizations consider their data as one of their most valuable assets, and hackers also share this view. Ransomware is not a problem that is going to go away on its own, especially as it continues to be very profitable for criminal cyber gangs. Having said that, there are many things that you and your organization can do to mitigate against becoming another victim of cyber crime.

Continue reading

Log4j lessons learned: A blueprint for zero-day defence

Log4J

Two years ago, the zero-day vulnerability, known as Log4Shell unwrapped itself spoiling holiday celebrations for many across the globe leaving organizations scrambling for a fix before it could be exploited. 

The vulnerability was discovered in Log4j, a widely used logging tool used by millions of computers worldwide running online services.  Its profound impact on IT environments has called for a fundamental shift in how organizations think about their security strategies.

Continue reading

People cannot be patched

Training course

When an organization is aware software is vulnerable, it focuses on patching systems to mitigate the risk. Likewise, when security technology becomes outdated, newer versions plug the gaps. However, with people there’s no patch or update readily available.

Instead, a workforce needs to stay abreast of the current threat landscape to ensure the company remains in a good position to combat cyber risks. However, almost 80 percent of leaders lack confidence in their team's ability to tackle cyber threats effectively. This highlights a substantial weakness in current cybersecurity strategies.

Continue reading

HexChat open-source IRC client is forking dead

IMG_5414

In a surprising turn of events, the popular IRC client HexChat has announced its final release, 2.16.2, marking the end of an era for the open-source project. The release, which was made public on February 9, 2024, includes a handful of minor fixes and features that have been in the works over the past two years.

The decision to cease development comes from the project's lead, who revealed that HexChat has been largely unmaintained for several years. Despite the lack of active maintenance, the client continued to be a favorite among many in the IRC community. However, with no one stepping up to take over the reins, the time has come to say goodbye.

Continue reading

How to prepare for the new PCI DSS 4.0 requirements [Q&A]

Contactless payment NFC

The Payment Card Industry Data Security Standard (PCI DSS) turns 20 next year and has remained largely unchanged during that time. But version 4.0, due to become mandatory from April 2024, will bring the standard bang up-to-date and usher in a number of big changes.

We spoke to Phil Robinson, principal consultant and QSA at Prism Infosec, to explore what's changing and how organizations can prepare to meet the new requirements.

Continue reading

Managing multi-cloud complexity: Frameworks to adopt, pitfalls to avoid, and strategies to bring it all together

Cloud-enterprise

As many companies are discovering, a multi-cloud environment can offer improved workload portability, purchasing power and increased innovation velocity, as well as other significant benefits. However, managing a multi-cloud environment can be challenging. From complex integrations to fragmented cost visibility to security and compliance concerns, today’s tech leaders can become overwhelmed.

Competing organizational interests, lack of expertise, and unexpected or hidden costs can detract from the great promise of a multi-cloud environment. Organizations need the right people, processes, and tools to overcome the challenges and realize the rewards.

Continue reading

SABRENT launches high-speed 20Gbps Rocket RGB SSD Enclosure

rocketrgb

In a significant upgrade from its predecessor, SABRENT has launched the Rocket RGB USB-C 20Gbps M.2 SATA/NVMe SSD Enclosure, promising to double the transfer speed of the previous 10Gbps model. This latest enclosure is available in two editions -- the EC-RGBG (available here for $49.99) and the "special edition" EC-RGBC (available here, also for $49.99) The special edition is essentially the same, but with a funky pinkish color scheme rather than grey.

The Rocket RGB enclosure supports both NVMe and SATA M.2 SSDs, accommodating a variety of sizes including 2230, 2242, 2260, and 2280. This versatility ensures that users won't be limited by the type of SSD they can use, making it a flexible option for a wide range of storage needs. The device operates over a USB 3.2 Gen 2x2 connection, offering speeds of up to 20Gbps with compatible USB ports, and maintains backward compatibility with 5 and 10Gbps ports.

Continue reading

Load More Articles