Articles about Security

Lack of automation hampers certificate management

Magnified certificare

A new study carried out by Opinium for certificate authority GlobalSign shows that managing digital certificates, especially expirations and renewals, continues to be a challenging process for businesses of all sizes.

The top challenges respondents typically encountered when keeping track of certificates include managing multiple types of certificates (45 percent) and managing large quantities of them (41 percent).

Continue reading

Remote and hybrid working makes preventing phishing harder

home working

A new survey from Egress of 500 IT leaders and 3,000 employees across the US and UK finds that 73 percent of organizations have suffered data breaches caused by phishing attacks in the last year.

In addition 53 percent of IT leaders report an increase in incidents caused by phishing since the widespread adoption of remote working. There are also concerns over future hybrid working, with 50 percent of IT leaders saying it will make it harder to prevent breaches caused by malicious email attacks.

Continue reading

Windows 10 will block Potentially Unwanted Applications by default

Laptop security

Microsoft is making a change to the way so-called Potentially Unwanted Apps (PUAs) are handled by Defender and Edge in Windows 10.

Starting this month, Microsoft Defender and Microsoft Edge on Windows 10 will default to blocking PUAs. Users who want greater control over the apps that can be run on their computer have the option of disabling the setting, but this does mean missing out on an important protective measure.

Continue reading

Robocall bot goes after one-time passwords

robot call center

We're all encouraged to use multi-factor authentication to protect our online accounts. Very often this involves a one-time passcode (OTP) sent via an SMS message.

This makes life harder for the cybercriminals even if they have your password, but the team at CyberNews has uncovered a new robocall bot that aims to trick users into giving up their OTPs.

Continue reading

Initial Access Brokers refine their ransomware-as-a-service model

ransomware key

We've looked before at the phenomenon of Initial Access Brokers, cybercriminals who breach systems and then sell access to the highest bidder.

It seems that during the pandemic IABs have been busy improving their business model. New research from threat intelligence company KELA shows that pricing is often determined by company size and the level of privilege on offer within the compromised network, with $5,400 as the average price for network access, and $1,000 as the median price.

Continue reading

51 percent of cybersecurity professionals experience burnout

workplace stress

The challenges of the last year and a half, along with major cyberattacks, like that on Colonial Pipeline, have had a major impact on security professionals, with 51 percent reporting experiencing extreme stress or burnout.

The latest Global Incident Response Threat Report released today by VMware finds 65 percent saying they've considered leaving their job because of stress.

Continue reading

New variant of PrintNightmare exploit lets any user gain admin privileges in Windows

Printer

The PrintNightmare vulnerability has indeed proved to be something of a nightmare for Microsoft, and it's one that shows no signs of coming to an end. Security researchers have unearthed yet another method of exploiting the Windows print spooler vulnerability, making it possible for anyone to gain administrator privileges.

The latest method involves creating a remote print server and connecting to it. This causes Windows to install a driver which requires loading a DLL with System privileges -- a fact that can be exploited to launch an elevated Command Prompt. Even on a fully patched and updated copy of Windows 10 21H1, the attack works.

Continue reading

Cybersecurity in the new hybrid workplace

Remote working

As more organizations begin to establish plans to return to the physical office, the majority of employees are still expecting to conduct their work in a hybrid environment post-pandemic. Many businesses are navigating what this means for their infrastructure as a hybrid environment brings its own set of challenges for cybersecurity.

At the start of the pandemic, as physical offices closed and employees were sent to work from home, businesses were forced to immediately adapt their infrastructure and security measures. No longer were employees working from desktop computers behind a firewall in the office. Instead, many were on brand new laptops that were purchased at the last minute and deployed with an immature security posture. With an impending hybrid work environment, organizations are starting to evaluate their temporary security measures in lieu of more permanent controls better suited for the organization.

Continue reading

The Olympic Cyber Defense Games: How the Tokyo Olympic Games will fare keeping cyber attacks at bay while the world watches

Thanks to the COVID-19 pandemic, the whole world watched as the International Olympic Committee (IOC) postponed the Tokyo Olympics in 2020. Fast forward a year later and the change in sentiment -- from excitement to weariness -- is palpable in Japan and the rest of the globe. In fact, over 70 percent of the country wanted the IOC to cancel the games outright. And a resurgence of COVID cases throughout the country effectively cripples Japan’s ability to create revenue streams through international tourism and event attendance, resulting in an inevitable hit to its economy. But the IOC insists on pushing forward as the Olympic Games is a symbol of unity and resilience. 

Like the IOC, however, cybercriminals will charge ahead too in their own race to potentially disrupt the Olympic games. Ultimately, it isn’t a matter of "if" they’ll succeed in doing so, but "when" and how much damage will it cause. It takes a collective of lawmakers, government officials, security and IT teams assigned to maintaining the games’ online infrastructure to ensure that proper measures are in place to deter any cyber attacks and disruptions long enough for proceedings to cross the finish line. What sorts of threats does the Tokyo Olympics face; where will those threats stem from; and can previous history lessons effectively inform present day defense tactics?

Continue reading

New software improves ransomware resilience and recovery

ransomware laptop

Ransomware attacks are growing in severity and volume, bringing increasing costs and financial, legal, and other challenges.

Businesses need to be sure they can recover from an attack and data management specialist Zerto aims to provide the means with its latest offering Zerto 9.

Continue reading

Phishing attack spoofs WeTransfer notifications

File transfers

Despite the rise of cloud-based collaboration services it's still common for people to exchange information and documents by email. Of course you still need a way of handling larger attachments.

The latest social engineering attack uncovered by Armorblox spoofs a file-sharing notice from the popular WeTransfer platform that's used by individuals and businesses alike.

Continue reading

43 percent of cloud identities are abandoned and unused

A new analysis of platforms including AWS, Google and Salesforce, involving 200,000 identities and hundreds of millions of cloud assets reveals that 43 percent of all cloud identities sit abandoned and unused.

The report from Varonis points out that this also means they are exposed and vulnerable, making an organization a target for account takeovers.

Continue reading

How security teams can manage data protection post Brexit

EU and UK data-driven businesses no doubt breathed a sigh of relief with the EU recently approving the continued flow of data between the EU and UK.

But the news is just one hurdle as Cyber Security Officers (CSOs) and information security teams both in mainland Europe and the UK consider challenges that lie ahead and prepare to flex as necessary in a new era in data management. Now more than ever, it is the security leaders that work collaboratively with legal and data counterparts who will conquer.

Continue reading

API attack traffic grows more than 300 percent

API

In the past six months overall API traffic has increased 141 percent but in the same time period, API attack traffic has grown by a startling 348 percent.

A new report from Salt Security reveals significant challenges in addressing API security, with all Salt customers experiencing API attacks, security topping the list of API program concerns, and very few respondents feeling confident they can identify and stop API attacks.

Continue reading

Cybersecurity skills crisis impacts more than half of organizations

Vacant chair

The cybersecurity skills crisis has impacted 57 percent of organizations, according to the fifth annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG).

The survey of almost 500 security professionals finds the top effects of the skills shortage include an increasing workload for the cybersecurity team (62 percent), unfilled open job vacancies (38 percent), and high burnout among staff (38 percent).

Continue reading

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.