Articles about Security

Google reins in the madness and brings some sanity to Chrome's address bar

Cartoon Chrome logo

Over the years Google has made sweeping changes to Chrome, introducing all manner of features and options. The constant stream of Beta, Dev and Canary builds of the browser are proof of the constant development that is going on, and some of the work has been rather controversial.

One move that was widely opposed was the decision to stop showing full URL of a web page in the address bar (or Omnibar if you want to use Google's nomenclature). Introduced almost a year ago, Google said the experiment was an attempt to help people spot spoofed URLs, but it caused widespread annoyance and confusion. Now the company has seen sense and is opting to show full addresses once again.

Continue reading

How deep learning can deliver improved cybersecurity [Q&A]

Traditional cybersecurity isn't necessarily bad at detecting attacks, the trouble is it often does so after they have occurred.

A better approach is to spot potential attacks and block them before they can do any damage. One possible way of doing this is via 'deep learning' allowing technology to identify the difference between good and bad.

Continue reading

The need for speed: Why faster threat detection is imperative for today's enterprise

Speedometer

Cyberattacks are happening more frequently and with greater sophistication. As a result, rapid threat detection and response is critical to finding threat actors and minimizing their impact on the enterprise. This task is easier said than done. Information security teams are understaffed and the digital infrastructures they must protect continue to increase in complexity. Time is also of the essence.

Every passing second dangerously prolongs a threat actor’s presence within the network, creating additional backdoors, pilfering critical data and assets, and increasing their chances of absconding with the crown jewels. In those especially urgent moments, when the security team is literally all hands-on deck, there isn’t time to run queries through a number of different tools and wait for results to come back. Security teams need real-time insights they can act upon quickly.

Continue reading

Update Chrome now, it has a zero-day exploit

Zero Day

We’re much more used to security flaws now after years of being conditioned to hearing about them from various sources. Some software makers handle vulnerabilities better than others of course, but remember, software is inherently complicated and it’s being written by flawed humans so mistakes are inevitable. 

Today Sergei Glazunov of Google Project Zero reports on a new flaw in Google Chrome, the sixth zero-day affecting the browser this year. Very little information has been released on the vulnerability, but from what we can learn it seems to be in the Javascript engine that powers Chrome. 

Continue reading

42 percent feel more vulnerable to cyberattacks when working at home

home working security

A new report from hardware authentication company Yubico finds 42 percent of UK employees say they feel more vulnerable to cyber threats while working from home, with 39 percent feeling unsupported by IT.

The study of over 3,000 people in the UK, France and Germany also reveals that 54 percent of all employees use the same passwords across multiple work accounts. In addition 22 percent of respondents still keep track of passwords by writing them down, including 41 percent of business owners and 32 percent of C-level executives.

Continue reading

Socially engineered email attacks prove to be more effective

Social Rngineering

The latest quarterly threat report from Abnormal Security shows that increasingly sophisticated and novel socially engineered email attacks that bypass legacy defenses are driving 50 percent higher engagement than traditional email attacks such as credential phishing.

The report also shows that between the first week of July 2020 and the first week of April 2021, the percentage of companies across industries getting hit with vendor email compromise (VEC) attacks increased nearly 120 percent.

Continue reading

Claroty launches zero-infrastructure security for industrial enterprises

refinery industry

As recent attacks have shown, industrial networks need protection. But it needs to work in a way that doesn't add burdens of infrastructure, complexity and steep learning curves.

Claroty is addressing this with the release of Claroty Edge, a new addition to The Claroty Platform that delivers visibility into industrial networks without requiring network changes, using sensors, or having any physical footprint.

Continue reading

Username and password breaches increase by 450 percent

credential hacker

A new report from identity specialist ForgeRock reveals a massive 450 percent surge in breaches containing usernames and passwords globally.

The report also finds that unauthorized access was the leading cause of breaches for the third consecutive year, increasing year-on-year for the past two years, and accounting for 43 percent of all breaches in 2020.

Continue reading

The challenges of securing the modern enterprise [Q&A]

business security

In recent months there have been many high profile attacks using ransomware and other techniques, against businesses.

But why has there been an apparent upsurge in attacks and what should enterprises be doing to keep them selves safe? We talked to Lynx Software Technologies' vice president of product management, Pavan Singh to find out.

Continue reading

Why enterprises need to prepare for more insider threats [Q&A]

insider threat

Insider threats are a growing problem. In its 2021 predictions, Forrester believes that insider incidents will be the cause of 33 percent of data breaches in 2021, up from 25 percent in 2020.

But what does this mean in practical terms for businesses and how can they protect themselves? We spoke to Anurag Kahol, CTO of cloud security specialist Bitglass, to find out.

Continue reading

The most destructive cybersecurity threats in 2021

With companies relying more on technology, such as web applications, third-party solutions, and cloud computing than ever before, corporate cybersecurity has had to become the backbone of modern businesses. In the presence of remote work environments where IoT security has never been more vulnerable, companies need to effectively and quickly adapt to the rapidly evolving methods and techniques that hackers are beginning to employ.

Business vulnerabilities like a weak human firewall could lead to an increased susceptibility to a variety of cybersecurity attacks, such as ransomware and DDOS attacks. But despite all of these challenges, comprehensive and reliable cybersecurity solutions are very much achievable when approached correctly. In order to protect yourself against contemporary security threats, however, one must first understand the threats and risks they are trying to prevent and mitigate.

Continue reading

Microservices, containers, and Kubernetes have created security blind spots

A new study released today from Dynatrace finds that CISOs are increasingly concerned that rising adoption of cloud-native architectures and DevSecOps practices may have broken traditional approaches to application security.

The research finds that 89 percent of CISOs believe microservices, containers, and Kubernetes have created application security blind spots. While 71 percent admit they are not fully confident code is free of vulnerabilities before going live in production.

Continue reading

Industrial sector attacks jump 91 percent

Cooling towers

A new report from cybersecurity specialist Positive Technologies reveals a reveals a 91 percent jump in attacks on industrial companies and a 54 percent rise in malware-related attacks last year compared to 2019.

The total number of incidents grew by 51 percent compared to 2019. Seven out of 10 attacks were targeted and the most popular targets were government institutions (19 percent), industrial companies (12 percent) and medical institutions (nine percent).

Continue reading

US Amazon customers have a week to opt out of Sidewalk -- here's why you should

You've probably heard of Amazon Sidewalk, the company's home networking system. In fact Sidewalk is a bit more than that, it involves devices like Echo speakers and Ring doorbells becoming part of 'mesh networks'.

These networks will, says Amazon, simplify the process of setting up new devices, keep them online even when out of range of home Wi-Fi, and extend the range of tracking devices. However, customers have only a week to opt out if they don't want their devices to be enrolled in Sidewalk.

Continue reading

Banking fraud rises by more than 150 percent

password theft

A new report from financial crime management platform Feedzai shows that all banking fraud -- combining internet, telephone, and branch attacks -- grew by 159 percent in the first quarter of 2021 compared to the end of 2020.

Based on analysis of over 12 billion global banking transactions from January to March 2021 the study shows online banking made up 96 percent of all banking transactions and accounted for 93 percent of all fraud attempts.

Continue reading

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.