With a never-ending supply of new security threats presenting themselves every day, it can be tough for IT departments to keep up.
While perimeter security continues to be important, the sheer volume of novel attacks means that, eventually, an attack will bypass defenses and gain a foothold in the interior. To harden the network interior, best practice now calls for microsegmentation to achieve a zero trust environment, but that’s not easy to do.
Market data firm Statista projects that by 2025, there will be 75 billion IoT devices in use. Smart devices are now found throughout most commercial offices, yet a lack of security could make them ticking time bombs. IoT devices often come with security shortcomings, and it can be difficult to detect when someone has exploited one of their vulnerabilities.
Why are IoT devices dangerous? It's not a single issue; rather, it's intrinsic to the way that the technology itself works.
A new study from Censornet into the challenges facing cyber security professionals shows that 79 percent think their companies are suffering from a lack of resources, both in terms of people and technology, and 72 percent have considered leaving their jobs for this reason.
The survey also finds that security professionals are not being helped by their security solutions. 65 percent want more technology but the average number of security products used is already 33 and 57 percent report they are suffering from alert overload.
Bad actors have been seeking opportunities to take advantage of unsophisticated netizens or unprotected organizations since the dawn of the World Wide Web, but today’s bad actors are in a class by themselves. Nation-state actors, often operating through a vast network of well-funded proxies, strive to exert influence, threaten stability, and sow discord through the mechanisms of cyberspace. Hacktivist organizations seek to undermine, damage or discredit organizations whose agendas and politics they oppose.
They may not be as well funded as nation-state actors, but they are populated by technically sophisticated people who have bought into a cause -- and when these people work together, they can pose serious threats to those with whom they disagree.
Exploit developer SandboxEscaper reveals Windows 10 Task Scheduler zero-day -- and says there are more to come
Well-known security researcher and revealer of exploits SandboxEscaper has released details of a Windows 10 zero-day that affects Task Scheduler. This is far from being the first time we've heard from SandboxEscaper, and this time around the exploit could enable an attacker to gain full control of Windows 10 or Windows Server files.
The researcher has previously revealed details of numerous other security vulnerabilities in Windows, and promises: "I have four more unpatched bugs where that one came from". Furthermore, she says: "I'm donating all my work to enemies of the US".
The number of DDoS attacks during the first quarter of 2019 increased by 84 percent compared with the previous quarter according to a new report from Kaspersky Lab.
This reverses last year's trend of declining DDoS attacks as attackers shifted their attention to other sources of income, such as crypto-mining.
Half of security professionals who adopt a more traditional or reactive approach to their data protection and security don't believe they will reach their digital transformation goals in the next five years.
This is among the findings of a report from data protection company TITUS which conversely finds that nine out of 10 security professionals deploying a strategic approach believe their current efforts will address digital transformation needs within five years and that their organization would achieve its digital transformation goals in the same timescale.
As businesses move towards hybrid IT environments they increasingly face threats, gaps and investment challenges to keep their systems secure.
The study from secure access specialist Pulse Secure surveyed enterprises with 1000+ employees in the US, UK, Germany, Austria and Switzerland and finds that while they are taking advantage of cloud computing, all enterprises have on-going data center dependencies.
New research from storage and data management company Portworx shows 87 percent of IT professionals are now running container technologies, with 90 percent of those running in production.
In addition seven out of 10 are running at least 40 percent of their application portfolio in containers -- an increase from two years ago, when just 67 percent of teams were running container technologies in production.
With age verification checks for users of adult sites in the UK set to come into force this summer, cyber security company F-Secure says that the new rules could increase the risk of identity theft and other cyber crimes.
Under the new laws, British internet users will be required to verify their age in order to access adult content websites. This could be by sharing personal information such as passport, driving license, phone number or credit card details with third-party age verification platforms, or by buying a 'porn pass' at a store.
If you're not in the habit of keeping up to date with the latest version of the Linux kernel, now might be a good time to think about doing so. Systems based on versions of the kernel older than 5.0.8 suffer from a severe flaw in the implementation of RDS over TCP.
Left unpatched, the flaw could enable an attacker to compromise a system. The National Vulnerability Database entry says: "There is a race condition leading to a use-after-free, related to net namespace cleanup".
Google is recalling the Bluetooth Low Energy (BLE) version of its Titan Security Key, and is offering free replacements to owners.
The recall comes after the company became aware of a security issue which could allow a nearby hacker to hijack the security device. Google says that the security issue only affects the Bluetooth versions of the 2FA device sold in the US.
Donald Trump has declared a national emergency to fight "foreign adversaries" which he says are "increasingly creating and exploiting vulnerabilities in information and communications technology".
An executive order means that US companies are banned from buying and using foreign telecoms equipment which is deemed to be a threat to national security. Huawei and 70 affiliates have also been added to the US Commerce Department’s "Entity List" meaning that special approval would be needed to purchase such equipment, and also for companies deemed to pose a threat to buy US-made hardware.
People are becoming more aware of the need to protect their data online, not just because of the rate of cybercriminal activity, but also because large organizations are frequently being careless with the data they hold.
A new survey of 1,000 people from OpenVPN reveals that four out of five people are expecting Facebook to face at least one more data privacy issue in the next year. In addition 71 percent say recent scandals have somewhat or severely negatively affected their view on Facebook, while 37 percent trust tech giants less now because they don’t think the companies have properly addressed the data privacy problems.
A new study finds that 46 percent of organizations which store customer personally identifiable information (PII) in the cloud are considering moving it back on premises due to data security concerns.
The research from information security software company Netwrix also shows that of the 50 percent of organizations that store customer data in the cloud, 39 percent had security incidents in the past year and more than 50 percent of those couldn’t diagnose the problem.