Articles about Security

Why identity management needs to be brought up to date for the cloud [Q&A]

Cloud data security

Historically identity and access management has been built around an on-premises model. But with more systems now residing in the cloud the old way of doing things isn't working.

To find out more about why the cloud needs a new approach to IAM we spoke to Britive CEO, Art Poghosyan, about the challenges it raises and how to address them.

Continue reading

Attackers use Adobe Cloud to host phishing documents

Adobe Creative Cloud hosts popular apps including Photoshop and Acrobat, it also aids collaboration by allowing users to share documents.

Cybersecurity researchers at Avanan have discovered that hackers are now exploiting these file-sharing services as a phishing attack vector by sending legitimate emails through a trusted sender, bypassing ATP protection via Adobe’s SaaS offering.

Continue reading

Cybersecurity and the generation gap

As baby boomers reach retirement age, younger people are taking their place in the workforce. But does this lead to a loss of skills that aren't being replaced?

A new study commissioned by Appgate looks at how generational differences impact cybersecurity teams and the benefits to be gained from having an inter-generational mix of staff.

Continue reading

The big three threat actors behind financial services attacks

Cybercriminal with cash

The financial services industry is a prime target for cybercriminals due to the vast sums of money managed but also the quantity and quality of sensitive information that is collected by these institutions.

A new industry report by Blueliv uses threat intelligence gathered by the company’s Threat Compass to assess the evolving threat landscape surrounding the financial services sector.

Continue reading

Open source tool helps in the fight against log4j vulnerability exploits

Since the Log4Shell attack targeting a log4j vulnerability was first uncovered towards the end of last year it's posed a threat to web servers worldwide.

It's a tricky problem to address because doing so means updating software dependencies. Meanwhile attackers are seeking to inject text into log messages or log message parameters, then into server logs which can then load code from a remote server for malicious use, using obfuscation techniques to hide from security software.

Continue reading

Half of global ransomware attacks target the US

ransomware laptop

Last year 48 percent of ransomware attacks were directed at targets in the United States, with industrial and energy, retail, and finance businesses among the most threatened.

Research from AtlasVPN finds that out of 2,845 witnessed ransomware attacks worldwide in 2021 1,352 were launched against targets in the US. Meanwhile one in five attacks were against European countries with France suffering 146 attacks, the UK 139 and Germany 115.

Continue reading

Microsoft urges Windows users to patch critical HTTP vulnerability

Microsoft sign

Microsoft has fixed a critical vulnerability which affects several versions of its operating system including Windows 11 and Windows Server 2022.

The security bug is an HTTP vulnerability which is tracked as CVE-2022-21907 and Microsoft warns it is wormable. The company has issued a fix for the flaw and says that users should prioritize installing it to secure their systems.

Continue reading

New zero trust solution helps guard IT infrastructure

The majority of data breaches are down to compromised credentials that allow privileged access to corporate systems, in particular infrastructure secrets such as API keys, certificates, database passwords and access keys.

Keeper Security is launching a new solution to help businesses in securing these secrets. Keeper Secrets Manager is cloud-based, fully-managed and uses innovative security architecture.

Continue reading

Cybersecurity budgets set to increase in the next year

money lock

A new survey from Kaspersky finds 85 percent of IT decision makers in North America say their cybersecurity budget will increase anywhere up to 50 percent in the next 12 months.

The survey, carried out in October 2021 and targeting 600 IT decision makers in the US and Canada, finds 28 percent of respondents say their company annually invests anywhere from $25K-$50k in cybersecurity.

Continue reading

Microsoft reveals 'powerdir' macOS vulnerability that allows unauthorized user data access

Apple logo and padlock

Microsoft has revealed details of a security vulnerability in macOS that could be exploited to gain unathorized access to user data.

The vulnerability, which has been named 'powerdir' and is being tracked as CVE-2021-30970, involves a logic issue in the Transparency, Consent and Control (TCC) security framework. The security and privacy problem was discovered by the Microsoft 365 Defender Research Team and was reported to Apple is mid-July last year.

Continue reading

Endpoint security products failing against targeted attacks

open digital lock

While most endpoint security products are capable of handling public email and web-based threats, many are unable to provide complete protection against targeted attacks, according to a new report.

Security testing firm SE Labs tested a variety of endpoint security products from different vendors in order to gauge their effectiveness.

Continue reading

Why breach-likelihood will be a game-changer for mandating cyber insurance

According to a Cybersecurity Ventures report, 2021 was predicted to have one cyberattack every 11 seconds and the cumulative cost to repair these post cyber incidents will soar to over $6 trillion in 2022.

As the digital business ecosystem expanded and the attack surface grew in tandem, cybersecurity investments have remained products and services driven. However, this approach only allows enterprises to accept or improve their cyber risk posture. Now, as the costs to manage and mitigate cyber risks rise – the average ransom demand increased by 170 percent from 2020-2021 -- businesses are seeking to 'transfer' their cyber risks through insurance. Last year alone, cyber insurance claim frequency increased by 46 percent for IT services, 53 percent for professional services, and 263 for the industrial industry, according to a report by Coalition.

Continue reading

How control system vulnerabilities can threaten the oil industry [Q&A]

refinery industry

The Colonial Pipeline attack in 2021 highlighted how vulnerable industrial control systems, and in particular energy supplies, can be to cyberattacks.

The oil and gas sector is particularly at risk as it often relies on older devices that don't receive timely firmware updates. We spoke to Mark Kerzner, CEO and co-founder of ElephantScale and Scaia AI who has worked with many oil industry leaders, to find out more about the risks and how they can be addressed.

Continue reading

Malware and ransomware set to be a larger threat over the next year

Firewall

Over half (55 percent) of organizations see malware and ransomware as an 'extreme' threat and 75 percent believe it will get bigger over the next year.

This is among the findings of the 2021 Malware and Ransomware report from Bitglass (which was recently acquired by Forcepoint). A joint venture with Cybersecurity Insiders, the report is based on a survey of hundreds of cybersecurity professionals across industries to better understand how the growing malware and ransomware problem has changed the way they protect their organization.

Continue reading

Google Docs comment flaw exploited by attackers

Phishing

A flaw in the comments feature of Google Docs is allowing attackers to target users with phishing emails.

Security researchers at email security company Avanan have observed what they call, "a new, massive wave of hackers" using the comment feature in Google Docs during December to launch attacks, mainly against Outlook users.

Continue reading

© 1998-2022 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.