After waking up from PrintNightmare, Microsoft has a workaround for another Windows Print Spooler vulnerability
After the PrintNightmare fiasco of recent weeks, Microsoft has shared information about another Windows Print Spooler security vulnerability.
The issue is being tracked as CVE-2021-34481, and is described as a "Windows Print Spooler Elevation of Privilege Vulnerability". For the time being, there is no patch available, but Microsoft has offered details of a workaround that mitigates against potential attack -- but it is far from being an ideal solution.
Roll up, roll up! Spot a scam to win a prize!
Cybersecurity is one of the biggest challenges for small and medium-sized businesses and employees are often the weakest link when it comes to preventing data breaches.
In order to improve awareness of phishing scams -- and hopefully stop people falling for them -- ESET is launching an interactive phishing derby to allow people to test their scam-spotting skills and get the chance to win real prizes.
Why a safer future depends on protecting IoT devices [Q&A]
There's been a huge proliferation of Internet of Things devices in recent years, but along with this has come a whole range of new security and privacy concerns.
How are IoT devices secured -- if they are at all -- and what are they doing with our data? We spoke to Rob Shavell, co-founder and CEO of Aine/DeleteMe to talk about security gaps, privacy concerns and more.
Who is responsible for guarding against software supply chain attacks? Who knows!
Software supply chain attacks like that on SolarWinds have become more of a threat in recent months. But when it comes to defending against them businesses can't decide who is responsible according to a new report.
The study from machine identity management company Venafi is based on the opinions of over 1,000 information security professionals, developers and executives in the IT and software development industries.
Businesses fall victim to ransomware despite precautions
According to a new survey of 200 decision makers in businesses that had suffered a ransomware attack since 2019, more than half of victims had received anti-phishing training and 49 percent had perimeter defenses in place at the time of attack.
The study conducted by Sapio Research for Cloudian finds that phishing continues to be one of the easiest paths for ransomware, with 24 percent of attacks starting this way. Phishing succeeds despite the fact that 54 percent of all respondents and 65 percent of those that reported it as the entry point have conducted anti-phishing training for employees.
Critical manufacturing vulnerabilities soar in 2021
New research shows that critical manufacturing vulnerabilities rose 148 percent in the first half of 2021 with ransomware-as-a-service driving attacks.
The report from Nozomi Networks finds ICS-CERT vulnerabilities increased by 44 percent too. Manufacturing is the most susceptible industry with the energy sector proving vulnerable too.
New solution helps manage identities and entitlements
Businesses are increasingly adopting the public cloud, but this brings with it a number of security challenges that traditional tools struggle to handle.
Identity specialist Attivo Networks is launching a new Cloud Infrastructure Entitlement Management (CIEM) solution designed to improve visibility and reduce the attack surface for identities and entitlements in the cloud.
Security leaders want to give people more freedom -- but restrict it
A new survey of 200 enterprise IT and security leaders appears to uncover a fundamental paradox. 96 percent of respondents called for an expansion of IT freedom, while 91 percent say that enterprises also need to put more IT restrictions in place.
The study from OS isolation company Hysolate finds that in the post-COVID world businesses face demands to press for changes to IT security policies to simultaneously increase employee productivity while also enhancing the organization’s ability to ward off ransomware and other attacks.
Insider breaches hit 94 percent of organizations
Insider data breaches have been experienced by 94 percent of organizations in the past year, according to a new survey of 500 IT leaders and 3,000 employees in the US and UK, from email security company Egress.
Human error is the top cause of serious incidents, according to 84 percent of IT leaders surveyed. However, respondents are more concerned about malicious insiders, with 28 percent saying that intentionally malicious behavior is their biggest fear.
Tweak the registry to make sure you're protected against the PrintNightmare Windows vulnerability
The accidental revelation of the PrintNightmare security vulnerability in Windows set off a chain of workarounds, third-party patches, official patches and problems with patches. But even after two weeks of back and forth, there are still steps you need to take to ensure that you're fully protected.
Microsoft recently updated its security advisory notice about the vulnerability to include additional details that system administrators should check. A quick visit to the registry is all it takes to ensure complete security.
Companies face more than 1,000 domain impersonations each year
Businesses are facing a wave of attacks using domains impersonating their company and brand names according to a new study.
The research from risk protection specialist Digital Shadows shows that in the last four months its clients experienced an average of 360 domain impersonations, amounting to over 1,100 per year.
New free tool helps map legacy identity systems
A number of on-premise identity systems from major suppliers including CA, Oracle and IBM are coming to the end of their lives and many businesses are looking to migrate to cloud alternatives.
But before migration can begin it's necessary to discover and catalog legacy identity systems. This is a largely manual process because there is no unified view of older environments that span multiple stakeholders, have evolved over a number of years, and can contain hidden complexities.
Security leaders struggle to guard against data loss
A new study from risk protection platform SafeGuard Cyber shows cybersecurity leaders understand what is needed for successful digital risk protection, but they are still struggling to provide it.
Lack of visibility (39 percent) is the biggest challenge for security leaders who aim to maintain security and compliance across all business communications.
Why enterprises need a data-centric approach to security [Q&A]
Most cybersecurity focuses on keeping out threats, but there's an increasing view that everyone is going to get breached sooner or later and that protecting data is key to keeping a business safe.
We spoke to Kurt Mueffelmann, global chief operating officer of Nucleus Cyber -- which has recently been acquired by Australian access control company archTIS -- to find out more about how this approach works.
Without training one in three users fall for phishing scams
New research finds that, if they haven't received security awareness training, one in three users will likely fall for a phishing or social engineering scam that could put their organization at risk.
The study from awareness training specialist KnowBe4 set out to measure organizations' phish-prone percentage (PPP) and found an initial baseline of 31.4 percent across all industries and sizes.