Microsoft Teams for Windows, macOS and Linux insecurely stores authentication tokens in unprotected cleartext -- and a fix is NOT in the pipeline


Researchers from cybersecurity firm Vectra have issued a warning that Microsoft Teams stores authentication tokens in an unprotected form that could easily be abused by hackers.
The desktop apps for Windows, macOS and Linux all store authentication tokens in cleartext, and this can be used by an attacker to steal an identity and log into accounts. This is clearly worrying, but what is more concerning is Microsoft's reaction; the company says that the issue does not require "immediate servicing".
US businesses unprepared for rise in cyberattacks


The average US business faces around three successful cyberattacks each year, and while most agree that attacks are set to increase, 32 percent still lack a management platform for IT secrets, like API keys, database passwords and privileged credentials, posing a significant risk to organizational security.
A new US Cybersecurity Census Report from Keeper Security shows most organizations think they're prepared to fend off cyberattacks, with 64 percent of respondents rating their preparedness at least an eight on a 10-point scale and 28 percent rating themselves as a 10/10.
Organizations falling short in addressing security risks


According to 90 percent of IT security leaders their organizations are falling short in addressing cybersecurity risks.
Research from Foundry finds that this perception comes from a number of issues including convincing all or parts of their organization of the severity of risk (27 percent), and believing their organization isn’t investing enough resources to address risks (26 percent).
What are the most successful areas of tech in 2022?


Technology has evolved quickly in the past few decades and its growth has shown no signs of slowing down anytime soon.
Some trends come and go, but others stay as a way to solve catastrophic issues. These five areas of tech have been the most successful in 2022 and will be a mainstay for decades to come.
Lack of visibility is the biggest challenge for cybersecurity teams


New research from Sevco Security shows that more than 10 percent of enterprise IT assets are missing endpoint protection, and that roughly five percent are not covered by enterprise patch management solutions.
Nearly 20 percent of Windows servers lack endpoint protection, far more than Windows clients and MacOS assets, which are just over 10 percent.
SMBs turn to MSPs to improve cybersecurity


A new survey of over 500 IT decision makers at small and medium businesses, from threat detection and response specialist Vade, shows 69 percent say a serious breach had bypassed their current email security solution.
It's perhaps not surprising then that SMBs are increasingly likely to turn to managed service providers, with 96 percent of organizations either currently outsourcing at least some of their needs to MSPs or planning to do so in the future.
Security awareness training goes mainstream but still needs more work


Some form of cybersecurity awareness training has been implemented in 97 percent of enterprises this year, according to a new survey of 1,900 security professionals from ThriveDX.
However, only 42 percent report involving their employees in security detection with the use of such measures as a Phishing Incident Button, while 65 percent agree that their training program needs expansion.
A third of cybersecurity professionals are kept awake by stress


A new survey of over 300 UK security professionals shows 32 percent of respondents say they are kept awake by job stress, 25 percent by lack of opportunity, but only 22 percent by their organization suffering a cyberattack.
The study from The Chartered Institute of Information Security (CIISec) says organizations have been slow to adopt industry standards. Almost half (49 percent) don't follow the UK Government's Cyber Essentials practices, which provide basic best practice; and just 20 percent have formally adopted the NCSC's 'Ten steps to cyber security' guidance.
Your IT systems touch multiple networks -- what's your cyber hygiene plan?


The world is becoming more connected via the use of cloud computing services and Internet of Things (IoT) devices. Over the last decade, we have watched cybercrimes skyrocket before our very eyes. Corporations today cannot afford to rely on basic firewalls and antivirus software to ensure data is protected. It is essential to create a more powerful cybersecurity ecosystem.
How big is the threat against data? First, take a look at how much data we are talking about here. By the year 2025, we can expect there to be 175 zettabytes of data across the internet and networked computer systems. Think streaming video, dating apps, your private healthcare information, banking data, social media posts, and messages. The list can go on.
Maintaining top API-level security in today's cyber landscape


Data breaches, cyberattacks and security concerns are growing exponentially in the digital climate, as new development practices, extra languages, and structural frameworks appear -- compounded by geopolitical tensions giving rise to state sponsored attacks. In 2022 to date, 39 percent of UK businesses have already experienced the disruption and costly consequences of cyberattacks. Some of the largest enterprises, such as Microsoft, T-Mobile, and Vodafone, have experienced attacks by highly organized groups, such as Lapsus$.
With the scale, type of attacks and target industries constantly evolving, the healthcare sector has joined financial services and the public sector in becoming a lucrative target. Healthcare data breaches reached an all-time high in 2021, impacting 45 million people -- personal health information (PHI) became worth more than credit card information on the dark web. Attack approaches are constantly evolving, with hackers searching for any weak links in growing infrastructure.
Supply chains cybersecurity risks: Closing the protection gap


Supply chain attacks have been on the threat radar of many organizations and their security teams for several years. However, since the infamous SolarWinds attack in 2020 -- which led to widespread and damaging compromises of data, networks and systems -- the supply chain attack vector has taken on a new level of focus. Indeed, supply chain attacks, which have become an effective way for hackers to gain access to IT networks at scale, and as such, are among the most worrying cybersecurity risks currently facing organizations today.
Supply chain risks come in many forms -- from complex to relatively simplistic. The UK government’s Cyber Security Breaches Survey, which explores organizations’ policies, processes, and approaches to cybersecurity and is used to inform government cybersecurity policy, looked at this in its latest report. The 2022 survey reveals that just 13 percent of businesses review the risks posed by their immediate suppliers, with that number dropping to 7 percent for their wider supply chain. Possibly even more concerning, many organizations commonly perceive 'big tech' companies to be "invulnerable to cyber attacks".
Rethinking cybersecurity


If you’ve been in the cybersecurity field for a while, you’ve probably noticed that there’s less emphasis on formal disaster recovery and business continuity plans than there used to be. CISOs still create plans, but it’s not the centerpiece of cybersecurity operations in the same sense. As security technology evolved, people started focusing more on technology solutions that they hoped could prevent problems altogether.
There’s some magical thinking involved in that, and ironically, one of the biggest struggles CISOs face now is how their organizations think about cybersecurity problems, i.e., that there shouldn’t be problems. That’s not the world we live in. Having difficulties is not the issue. Rather, thinking there are magic solutions that can eliminate every weakness is the problem. We need to rethink cybersecurity to accommodate this reality and create a holistic response for when problems inevitably arise.
Why security training is key to improving cybersecurity posture


The threat landscape is constantly evolving and the shift to hybrid has only widened the attack surface. Today, organizations continue to be in the firing line as cybercriminals exploit their most used application: emails. The proliferation of phishing and business email attacks have seen hackers targeting the biggest corporate security weakness; employees.
Threat actors target workers because they are seen as the weakest link. Cybercriminals are thriving by targeting and exploiting staff, especially those who haven’t received effective user education and training. As the attack surface expands and threats become more sophisticated, organizations must reinvent the wheel by changing their approach to cybersecurity. Where should they start? With training employees and providing omnipresent tools and technology to prevent, detect, and recover from even the most sophisticated of attacks.
Identifying cybersecurity issues in your business


Threats to your business come in many forms. For most organizations, the biggest threats to their survival are related to cybersecurity. An Allianz survey found this to be true, as "cyber incidents" ranked as the biggest risk to organizations, overtaking "business interruption". Whether those threats are external or internal, they are continuous and evolving because of the ever-increasing shift towards digital.
Over 98 percent of UK security professionals have reported an increase in cyber-attacks against their businesses in the past year. A further 96 percent say those attacks have become more sophisticated. This shows the need for constantly-evolving UK cybersecurity.
60 percent of security pros say their strategy doesn't keep up with the threat landscape


A new survey reveals that 60 percent of respondents believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind (20 percent), treading water (13 percent), or merely running to keep up (27 percent).
The study from privileged access management specialist Delinea also shows that 84 percent of organizations experienced an identity-related security breach in the last 18 months, despite 40 percent of respondents believing they have the right strategy in place.
Recent Headlines
Most Commented Stories
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.