Articles about Security

Enterprise security leaders think traditional methods aren't meeting modern threats

DevSecOps

A new study of 200 IT security decision makers working at organisations with more than 1,000 employees in the UK reveals that 89 percent think traditional approaches don't protect against modern threats.

The report from threat detection and response company Vectra also finds that 76 percent say they have bought tools that failed to live up to their promise, the top three reasons being poor integration, failure to detect modern attacks, and lack of visibility.

Continue reading

Software developers at biggest risk of cybersecurity breaches

security breach

Software development companies are among the most at risk from breaches, according to new research from cybersecurity firm Foxtech.

The research used cyber risk scores, calculated using publicly available information and an analysis of a wide range of cyber security indicators, as an indicator of how high or low the risk of a potential cybersecurity breach is for a company.

Continue reading

New report identifies malicious activity 'hotspots'

Network security

Threats like phishing and spam are often linked to specific domains, understanding how to spot these can help to strengthen threat intelligence.

Domain name and DNS-based predictive threat intelligence company DomainTools has used its database of more than 380 million currently-registered domains to identify which are likely to constitute threats.

Continue reading

Meta explains why it is taking so long to bring end-to-end encryption to Facebook Messenger and Instagram -- and what it is doing in the meantime

Meta Facebook Instagram WhatsApp logos

Meta recently announced that the protection, privacy and security offered by end-to-end encryption will not be coming to Facebook Messenger or Instagram until some time in 2023. Until then, anyone looking to send secure messages through Meta's platform will have to turn to WhatsApp.

What was not made particularly clear at the time of the announcement, however, is just why there is such a delay. Now Meta has opened up and revealed some of the thinking behind holding back on the roll-out of end-to-end encryption across all of its messaging services.

Continue reading

Why remote workforces need better strategies for security and data protection [Q&A]

The last couple of years have seen businesses undergo a major shift to remote and hybrid working, largely driven by the pandemic. But this same period has also seen record numbers of data breaches.

Often these attacks begin with phishing to get hold of credentials which can then put both in-house and cloud systems at risk.

Continue reading

Get 'Linux Security Fundamentals' ($24 value) FREE for a limited time

Linux Security Fundamentals provides basic foundational concepts of securing a Linux environment.

The focus of this book is the digital self-defense of an individual user. This includes a general understanding of major threats against individual computing systems, networks, services and identity as well as approaches to prevent and mitigate them.

This book is useful for anyone considering a career as a Linux administrator or for those administrators who need to learn more about Linux security issues. Topics include:

Continue reading

Google cloud hacks mostly used for illegal cryptomining

Cryptojacking

New data from AtlasVPN shows that 86 percent of hacked Google Cloud accounts are used for illegal cryptomining.

Besides cryptojacking, other uses of compromised accounts include conducting port scanning of other targets on the Internet, occurring 10 percent of the time after a Google Cloud compromise.

Continue reading

Malware gets more sophisticated and is more likely to demand a ransom

malware alert

New analysis of more than 200,000 malware samples by Picus Security, a pioneer of Breach and Attack Simulation (BAS) technology, looks at attacker behavior over the last 12 months.

The 2021 Red Report highlights the top 10 most widely seen attack techniques and demonstrates how cybercriminals have shifted towards ransomware over the last year.

Continue reading

International Computer Security Day seeks to raise awareness

It seems like a while since we've had a day dedicated to some aspect of the tech world, so if you're looking for something to celebrate in the lull between Thanksgiving and Christmas you'll be pleased to hear that today is International Computer Security Day.

This is designed to create greater awareness of computer security issues and encourage people to secure the personal information stored on their computers.

Continue reading

Vulnerabilities found in HP multi-function printers

Researchers at F-Secure have discovered vulnerabilities in more than 150 HP multifunction printer (MFP) products. These could allow attackers to seize control of vulnerable devices, steal information, and further infiltrate networks to inflict other types of damage.

HP has issued patches to address the vulnerabilities which include exposed physical access port vulnerabilities (CVE-2021-39237) and font parsing vulnerabilities (CVE-2021-39238).

Continue reading

Zoom boosts security with automatic updates for Windows and macOS -- but Linux users miss out

Angled Zoom logo

Many things have come as a result of the COVID-19 pandemic, and the increased usage of video messaging and video conferencing tools is one interesting phenomenon. At the start of coronavirus-related lockdowns and periods of working from home, Zoom rocketed in popularity -- but the service soon found its security practices under close scrutiny and in receipt of strong criticism.

In the intervening month, Zoom did a lot of work to improve not only its images, but also the security of its platform and safety of its users. Continuing this trend, the company has launched a new automatic update feature for the Windows and macOS versions of the Zoom client.

Continue reading

Telehealth takes off but security concerns persist

While 91 percent of medical organizations have already implemented telehealth capabilities, 52 percent of respondents have experienced cases where patients refused to use the services due to security concerns.

This is the key finding of a new research study by Kaspersky which also shows the pandemic has had a major effect with 44 percent of organizations implementing telehealth after COVID-19 hit.

Continue reading

0patch beats Microsoft to fix serious local privilege escalation vulnerability in Windows

Laptop plaster

Once again, micro-patching firm 0patch has beaten Microsoft to the punch, releasing an unofficial patch for a zero-day vulnerability in Windows.

This time around we're talking about CVE-2021-24084, a local privilege escalation (LPE) zero-day vulnerability in Windows' Mobile Device Management service. The flaw affects Windows 10 version 1809 and later, and Microsoft is yet to release an official patch of its own. Not wanting to leave systems at risk of attack, 0patch stepped in to help out users by offering up a free fix.

Continue reading

CronRAT is a new Linux malware set to strike on February 31st

CronRAT

Yes, you did read the headline correctly; security researchers have discovered a stealthy new remote access trojan (RAT) designed to attack Linux systems. Named CronRAT, the malware hides as a scheduled task and is configured to run on a non-existent date – February 31st.

Researchers from Sansec warn that CronRAT "enables server-side Magecart data theft which bypasses browser-based security solutions". This is something that is particularly concerning this Black Friday.

Continue reading

45 percent of Brits don't trust tech companies to safeguard their data

A survey of 2,000 UK adults, reveals that 45 percent don't trust big tech companies to safeguard their personal data.

The study from NexGen Cloud finds 66 percent concerned about how tech giants are able to collect and use their personal information. In addition only 24 percent of individuals believe big tech firms have their best interests at heart.

Continue reading

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.