Security

Cloud misconfigurations are one of the major causes of data breaches and the problem has become worse thanks to the dash for remote working.

While cloud is undoubtedly the right choice for businesses looking to expand their infrastructure to keep pace with DevOps demands and embrace support for remote working, many enterprises are falling short of providing adequate Cloud Security Posture Management (CSPM).

Although most web browsers now automatically switch you to the secure HTTPS (Hyper Text Transfer Protocol Secure) version of a website if you try to go to a non-secure HTTP address, the EFF (Electronic Frontier Foundation) offers another option.

Its HTTPS Everywhere add-on has been protecting users for over a decade now, and automatically sends your browser to the secure version of a site if it exists. Thanks to a new partnership with privacy-focused search engine DuckDuckGo, the tool is about to get even better at redirecting users.

Avast Antivirus 2021 has just received its April update, and it's an important one. In addition to the usual array of bug fixes and improvements, there are also some serious changes and additions to enjoy. Chief among these are big improvements to scanning, helping to boost the overall performance of the software.

There have also been changes to the way notifications work in the app. While you, of course, want to be made aware of things that need your attention, an overload of notifications can be annoying. And it is with this in mind that the latest version of the app will no longer show you pop-up messages when you have the antivirus tool open. But it does not end there.

CISOs are facing a battle to secure their organizations against an increasing volume of attacks by well-armed criminals and are facing a rising ‘security debt’ in doing so.

But a new report from cyber security provider F-Secure in conjunction with Omnisperience finds security teams are turning away increasing volume of attacks and preventing more of them from becoming breaches or compromises.

Human-operated cyberattacks use effective techniques to gain a beachhead within an organization, blending in with normal user behavior to help them go undetected.

Active defense specialist Illusive is launching a new endpoint security offering integrated with Microsoft Defender that provides complete detection coverage and faster ability to contain human-operated attack campaigns.

New data from Imperva Research Labs sees the highest percentage of bad bot traffic (25.6 percent) since the company began reporting traffic in 2014.

At the same time traffic from humans fell by 5.7 percent. More than 40 percent of all web traffic requests originated from a bot last year, suggesting the growing scale and widespread impact of bots in daily life.

While spending on cloud services is high with over half of respondents to a new survey spending $10 million or more, 32 percent say they are doing less than they need to, or nothing at all, to ensure the security of their cloud resources.

The study carried out by Osterman Research for Sonrai Security finds respondents have an average of 7,750 identities with access to sensitive cloud data. Overpriviledged identities are ranked a high risk by 41 percent of respondents, just below bad actors/cybercriminals at 46 percent.

The latest Mandiant M-Trends report from intelligence-led security company FireEye finds that businesses are getting better at dealing with cyber intrusions.

The median dwell time -- the time between the start of a cyber intrusion and when it’s identified -- has come down from over a year in 2011 to just 24 days in 2020 and has more than halved from 2019's median dwell time of 56 days.

Every dog has its day as the saying goes and it's increasingly the case that every aspect of information technology has one too -- a day that is, not a dog.

Today is Identity Management Day, created by the The National Cybersecurity Alliance and the Identity Defined Security Alliance. It's the first one so you can forgive the lack of greetings cards and themed balloons in the shops but there is plenty of industry comment.

As more and more data moves outside the network perimeter into SaaS applications, this can become a blind spot for security teams trying to control access.

To address the issue DoControl is launching a fully automated SaaS data access platform, providing data access monitoring, orchestration, and remediation across major SaaS apps, including Google Drive, Box, Microsoft OneDrive, Salesforce, and others.

Traditional cybersecurity solutions throw up lots of information, making it hard for businesses to identify the threats that they should be prioritizing.

To help security teams focus on the issues that matter most, Randori is launching a 'Target Temptation Engine' that aims to offer defenders the attacker's perspective.

In early March, Microsoft disclosed that Chinese hackers had exploited software vulnerabilities in Microsoft Exchange on-premises servers to gain access to the email accounts of thousands of Microsoft customers.

While these companies are now laser-focused on deploying patches and other security measures to remediate the vulnerabilities in their email software, Josh Douglas, VP of product management -- threat intelligence at Mimecast, believes these technical fixes will only go so far.

A new survey of more than 400 IT security practitioners across North America and Europe reveals that 60 percent think COVID-induced remote work conditions have created data security issues within their organizations.

In addition the study, from encrypted USB drive company Apricorn, shows 38 percent say that data control during the pandemic has been very hard to manage. Surprisingly 20 percent of these security professionals admit that their work devices have been used by other members of their household.

Managed service providers (MSPs) are a prime target for cybercriminals as they offer a gateway to the networks of the organizations that they manage, allowing attackers to go after many businesses from one place.

A new report from Perch Security looks at major MSP-related security events and trends from 2020 and makes predictions for 2021 with contributions from MSPs, partners, and security experts.

There's been a major increase in cloud adoption because of COVID-19, but there's also widespread misconception surrounding responsibility for backup and recovery of data in the cloud and a lack of confidence in the security of data held by public cloud service providers.

A new report from Arcserve company StorageCraft shows 47 percent of respondents accelerated adoption of cloud services for data management, 59 percent confirmed increased use of cloud backup services, 56 percent increased the use of the cloud for IT infrastructure (IaaS), and 39 percent increasingly rely on cloud services for data recovery.