Articles about Security

The next time you sign into your Microsoft account you may well be greeted by a new look. Microsoft has started the roll out of what it is calling a “new sign in experience” as the company uses its Fluent 2 design language to revamp the UI and UX. For better or worse, this is an attempt to create an “unmistakably Microsoft” look and feel.

The changes affect users of Windows, Xbox, Microsoft 365, and more, and Microsoft predicts that the majority of users will see the new look by the end of April. As part of the redesign, users are being given more choice; there is now a dark mode option.

Continue reading →

Cyber-attacks are becoming increasingly sophisticated and targeted, with the average number of weekly attacks per organization soaring to 1,673 in 2024 -- a 44 percent increase from 2023. In response, researchers and defenders are harnessing AI-powered analytics, anomaly detection and correlation engines to bolster security efforts. It’s an ongoing cat-and-mouse game that makes cyber compromise a question of when rather than if.

Effective defense hinges on resilience and minimizing the attack surface. However, many businesses are finding that traditional point-based solutions are leaving them with gaps in their security posture due to limited tools, skills or resources. There are five key factors that are leading organizations to look for a more sustainable and comprehensive platform-based approach.  

Continue reading →

Security issues in Windows crop up with scary frequency, and most are fixed by Microsoft… eventually. But while the tech giant works out how to patch holes in its buggy operating system, there are -- thankfully -- others who are willing to do the fixing faster.

0patch is a familiar name. It is a firm that, on a subscription basis, provides support and security fixes for versions of Windows that Microsoft has abandoned. It also frequently releases free patches for security issues that Microsoft is yet to fix, and this has just happened again with a fix for a worrying SCF File NTLM hash disclosure 0day vulnerability.

Continue reading →

The vast majority of IT professionals will agree that in cybersecurity, waiting for an attack to happen in order to expose weaknesses is a losing strategy.

As such, many will be well-clued up on the benefits of penetration testing; from demonstrating a commitment to protecting sensitive data and ensuring ongoing compliance with industry regulations, to gaining a clearer understanding of security gaps, and strengthening incident response readiness.

Continue reading →

In the film Sliding Doors, a split second choice leads to two branching stories -- yet while the two stories are very different, they both lead to hospital trips and potential tragedy. The world of cyber security is similar. Whatever decisions we make, we are still under pressure and we will -- eventually, whatever we do -- end up facing significant risk.

Yet how do we show that we are doing a good job? If everything is working, there is nothing to see. Or have we collectively just been lucky to that point? Unless you have an active attack taking place, you can argue that your efforts are enough. But when you only look at a single point in time, it is a challenge to show that you are making a difference and reducing risk.

Continue reading →

2024 ushered in one of the biggest shifts in data security, as cyber threats continued to increase in sophistication by leveraging advancements in AI to outpace traditional defenses. High-profile breaches across all industries continued, uncovering vulnerabilities in even the most robust systems. Meanwhile, the ongoing hybrid work models and migration to cloud-based technologies expanded the attack surface, creating new challenges for protecting sensitive data.

As 2025 rolls on, organizations need to follow best practices that represent a proactive, forward-thinking framework to stay ahead of emerging threats, protect critical data, and maintain the trust of their stakeholders. Here are ten best practices that organizations should consider.

Continue reading →

Do you trust your SaaS vendor with the keys to your kingdom? The agent running on your systems is only as secure as your cloud vendor’s security posture. It’s a security risk that should keep every organization’s IT and security teams up at night.

Many vendors will cite pen testing, bug bounty programs, and certifications like SOC 2 and ISO 27001 as a testament to their security. But the reality is that breaches still happen.

Continue reading →

Firefox users running older versions of the web browser could be in for a really nasty surprise. On March 14, 2025, a critical root certificate will expire. And, if your browser isn’t updated to at least Firefox 128 (or ESR 115.13+ for those using the long-term support version) your add-ons will be disabled. Additionally, streaming services that require DRM may even stop working!

For anyone still using an outdated version on Windows, macOS, Linux, or Android, time is running out to avoid these annoyances. Even those sticking with older operating systems (such as Windows 7, 8, and 8.1, or macOS 10.12–10.14) need to at least update to ESR 115.13+ if they want to keep their add-ons and media playback working.

Continue reading →

Security researchers have shared details of newly discovered, undocumented commands in ESP32 Bluetooth firmware that can be exploited by an attacker. The Chinese-made chip is found in millions of devices, meaning the findings are significant.

Speaking at RootedCON in Madrid, researchers from Tarlogic Security, Miguel Tarascó Acuña and Antonio Vázquez Blanco, described the “hidden functionality” they have unearthed as a backdoor, but later conceded that this may be a misleading description. They warn that exploitation could allow “hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls”.

Continue reading →

The truth about cybersecurity is that it’s almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry becomes increasingly sophisticated and their technology more advanced.

Once a hacker has broken through an organization’s defenses, it is relatively easy to move within the network and access information without being detected for days, and even months. This is a significant concern for Banking and Financial Services organizations, which house valuable sensitive and Personally Identifiable Information (PII). The goal of cybersecurity is to minimize the risk and the impact of a breach. Understanding the adversary’s mindset and activity is central to this.

Continue reading →

ExpressVPN has rolled out a much-needed update for Linux users, finally adding a graphical user interface (GUI) to its VPN app. Yes, folks, a GUI for Linux is only being rolled out in 2025! Better late than never, I suppose.

Until now, ExpressVPN users in Linux were stuck with a command-line interface (CLI), while Windows and macOS users enjoyed a more user-friendly experience. This update brings ExpressVPN more in line with competitors like Surfshark, which has long offered a Linux app with a GUI.

Continue reading →

Mozilla has long positioned itself as a champion of privacy and open-source software, but its latest move really makes me worry that the organization could be drifting away from those values. You see, Mozilla has introduced Terms of Use for Firefox for the first time ever. Additionally, there is an updated Privacy Notice. And while Mozilla frames this as a move toward transparency, the actual terms are raising some major red flags for me.

Mozilla claims these new terms are necessary due to a changing “technology landscape,” yet the fine print tells a far different story. One of the most troubling aspects is that users must grant Mozilla all rights necessary to operate Firefox, including a “nonexclusive, royalty-free, worldwide license” to use information entered through the browser. Mozilla insists this is meant to help users navigate the web, but the vague wording leaves a dangerous amount of room for interpretation. Could this include personal data, saved passwords, or browsing history? Mozilla simply fails to say.

Continue reading →

According to estimates from Goldman Sachs, generative AI (GenAI) will constitute 10-15 percent of cloud spending by 2030, or a forecasted $200-300 billion (USD). The public cloud serves as the perfect vessel for delivering AI-enabled applications quickly, cost-effectively, and at scale. For organizations looking to profit from AI’s potential, the path effectively travels through the cloud.

For cloud security teams on the ground, however, the impact of AI can seem complicated. Understanding the challenges it presents, and the key capabilities it enables, can help them work smarter and more effectively. This article explores the three ways cloud security teams should think about AI to enhance protections, improve efficiency, and address resource constraints.

Continue reading →

Earlier this month, reports emerged that the UK government had pressured Apple, under the Investigatory Powers Act 2016, to create a backdoor into encrypted iCloud data. Unlike targeted access requests tied to specific cases, this demand sought a blanket ability to access users’ end-to-end encrypted files.

Apple was forced to reconsider its Advanced Data Protection service in the UK, and this latest development raises a fundamental question: Why does the debate over encryption backdoors persist despite decades of technological progress and repeated warnings from cybersecurity experts?

Continue reading →

Security firm Kaspersky has suffered a dramatic fall from grace in recent years because of its Russian ties. Around the world, concerns have sprung up that the security software actually poses a security risk.

In the middle of last year, the US government banned the software from being sold in the country -- or even updated for existing users. Following suit, Australia has also announced a ban, citing a "security risk to the Commonwealth". Fears of "foreign interference, espionage and sabotage" were also key factors.

Continue reading →