Articles about Security

Microsoft updates its mitigation advice for Exchange Server zero-day vulnerabilities

Microsoft logo on mobile

Since Microsoft acknowledged the existence of two actively exploited zero-day vulnerabilities in Exchange Server, security experts were quick to point out that the company was providing bad advice in response.

The URL blocking recommended by Microsoft was found to be sadly lacking, and hackers could easily bypass it. Now Microsoft has provided updated mitigation advice, as well as providing automated protection options.

Continue reading

Navigating cyber complexities: Top tips from an ethical hacker for Cybersecurity Awareness Month

Business security

October is Cybersecurity Awareness Month, and this year’s overarching theme is "It’s Easy to Stay Safe Online."

While cybersecurity news often centers around massive data breaches and hacks, it can be overwhelming to citizens and consumers who feel powerless against such threats. However, this year’s theme serves as a reminder that we all have a part to play in making the online world a safer place, whether that be at work, home or school. 

Continue reading

A fundamental mechanism that secures the internet has been broken

Resource Public Key Infrastructure -- or RPKI -as it's better known -- is a security framework that is designed to prevent cybercriminals or rogue states from diverting internet traffic.

National research center for Cybersecurity ATHENE says it has found a way to easily bypass this security mechanism, and in a way that means affected network operators are unable to notice.

Continue reading

New exposure management platform helps businesses manage cyber risks

Risk dial

The average enterprise uses more than 130 cybersecurity point solutions, creating siloed data that is hard for security teams to apply in meaningful ways.

To address this problem, Tenable is launching a new exposure management platform, aimed at giving customers a unified view into their organization's assets and vulnerabilities across the whole attack surface.

Continue reading

DDoS attacks get smaller -- but there are more of them

DDoS attacks

The amount of DDoS attacks increased by 75.6 percent compared to the second half of 2021, but the average (0.59 Gbps) and maximum (232.0 Gbps) attack sizes each decreased by 56 percent and 66.8 percent, respectively.

New research from Nexusguard shows that single-vector attacks represented 85 percent of all attacks globally in the first half of this year. Of these User Datagram Protocol (UDP) attacks accounted for 39.6 percent, an increase of 77.5 percent from the first half of 2021, the remainder being HTTPS flood attacks.

Continue reading

New tool helps enterprises measure the effectiveness of their security spending

Lock and money

Spending more money on cybersecurity tools doesn't necessarily mean you're less likely to suffer from a cyberattack. Until now though it's been hard to tell whether what you do spend is actually delivering a good return on investment.

Safe Security is today launching a new Return on Security Investment (ROSI) calculator that enables CISOs and CFOs to quantify the reduction in risk for each dollar invested in cybersecurity.

Continue reading

Four Zero Trust hurdles that organizations are failing to clear

 More than a decade after the concept of Zero Trust was first introduced, it’s become one of the biggest buzzwords in the industry. According to Microsoft, 96 percent of security decision-makers believe Zero Trust is ‘critical’ to their organization’s success, with 76 percent in the process of implementation currently. 

Zero Trust is on the rise because traditional security models that assume everything inside an organization’s network can be trusted is no longer valid. As enterprises manage their data across multiple applications and environments, on-prem or hosted in the cloud, and as users have more access to data at more interfaces, a network’s perimeter becomes porous and less defined. This causes the threat surface to expand as the edge becomes indefensible. This change has seen many organizations embrace Zero Trust principles to improve their security posture.

Continue reading

Hackers can easily bypass mitigation for Microsoft Exchange security vulnerabilities

Microsoft sign

Late last week, Microsoft confirmed the existence of two actively exploited zero-day vulnerabilities in Exchange Server. Tracked as CVE-2022-41082 and CVE-2022-41040, both security flaws are worrying as they are known to be actively exploited.

While it works on a fix, Microsoft offered up instructions to mitigate the vulnerabilities. But it turns out that it is incredibly easy to bypass, with security experts warning that the method used is too specific, rendering it ineffective.

Continue reading

37 percent of companies lose over $100,000 to a cyberattack

money tunnel

Cyberattacks can cause significant harm to businesses, not least financial losses. According to recent findings from the Atlas VPN team, 37 percent of companies lose over $100,000 per cyberattack on average.

Some lose even more, with 22 percent of companies suffering significant losses ranging from $100,000 up to $499,999. Cybercriminals stole even more money, between $500,000 and $999,999, from 11 percent of businesses. Lastly, four percent of companies claim to have lost over $1 million after a successful cyberattack. A worrying two percent of businesses say they don't know their actual losses.

Continue reading

What does cloud native security actually look like? [Q&A]

cloud lock

Cybersecurity is a priority for all enterprises. We regularly see news of data breaches across a wide range of industries, and as workforces increasingly move to a hybrid model the issue becomes more acute.

As businesses undergo digital transformation they need to update not only their tools but also their attitude toward keeping systems secure. We spoke to Pravin Kothari, executive vice president, product and strategy at cloud security company Lookout to find out why in a cloud-native world security needs a different approach.

Continue reading

Five SAP application security trends

SAP logo

Some trends come quickly and disappear from the scene. For example, artificial intelligence was going to be the savior of cybersecurity, but this trend has turned out to be a smokescreen.

Here are five SAP application security trends that are here to stay.

Continue reading

Cyren Hybrid Analyzer improves malware detection without hitting performance

data threat

Undocumented malware only makes up a small proportion of files, yet it presents a high risk of infection. Sandboxing and analyzing everything in order to eliminate risk, however, has a major impact on performance.

To address this Cyren has produced Hybrid Analyzer. Using emulation -- effectively automatically reverse engineering the code contained in a file -- this new offering operates 100 times faster than a malware sandbox and between five and 20 times faster than alternative file analysis solutions.

Continue reading

Microsoft confirms two actively exploited zero-day vulnerabilities in Exchange Server

Microsoft logo on glass building

Microsoft has issued a security notice about two zero-day vulnerabilities with its own Microsoft Exchange Server. Versions 2013, 2016 and 2019 of the software are affected.

One vulnerability (CVE-2022-41082) allows for remote code execution when an attacker has access to PowerShell; the second (CVE-2022-41040) is a Side Request Forgery (SSRF) vulnerability. Both vulnerabilities are being exploited in the wild.

Continue reading

How clean code can help developers prevent vulnerabilities [Q&A]

Every year, thousands of code vulnerabilities are discovered, patched and publicly disclosed to improve security for current and potential users.

But many of these vulnerabilities share common features, so what can developers do to write better code that prevents vulnerabilities from entering their apps and services in the first place? We talked to Johannes Dahse, head of R&D at clean code specialist SonarSource, to find out. 

Continue reading

Less than five percent of Fortune 500 companies are using the latest email standards

Holding email icon

Phishing is one of the most common methods of launching a cyberattack, yet new research from Red Sift shows that only a small percentage of publicly traded companies have fully adopted the latest email standards that could protect them and their customers.

DMARC (Domain-based Message Authentication, Reporting and Conformance) and BIMI (Brand Indicators for Message Identification) help prevent spoofing and allow businesses to display their logo on authenticated emails.

Continue reading

© 1998-2022 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.