Articles about Security

Researchers at Cybereason have detected a new campaign targeting US taxpayers with documents that purport to contain tax-related content.

These deliver NetWire and Remcos -- two powerful and popular RATs which can allow attackers to take control of the victims' machines and steal sensitive information. The malicious documents used are roughly 7MB in size, which allows them to evade traditional AV mechanisms and heuristic detection.

Continue reading →

New research from network detection and response company Vectra AI shows that 88 percent of companies have accelerated their cloud and digital transformation projects due to COVID-19.

But it also finds that 71 percent of Microsoft Office 365 deployments have suffered an account takeover of a legitimate user's account, not just once, but on average seven times in the last year.

Continue reading →

Cybercriminals are using more sophisticated ransomware tactics and more dangerous variants, like Ryuk, to earn an easy payday. This has seen a 62 percent increase globally and a 158 percent spike in North America since 2019.

The latest Cyber Threat Report from SonicWall highlights how COVID-19 has provided threat actors with opportunities for more powerful, aggressive and numerous attacks, thriving on the fear and uncertainty of remote and mobile work forces navigating corporate networks from home.

Continue reading →

Microsoft Active Directory (AD) is used by 90 percent of enterprises as the primary source of trust for identity and access, but it's also exploited in many cyberattacks.

Since AD is rarely safeguarded effectively, attackers have come to depend on weak configurations to identify attack paths, access privileged credentials and get a foothold in target networks.

Continue reading →

The latest Quarterly Threat Insights Report from HP shows that 29 percent of malware captured between October and December 2020 was previously unknown, due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection.

In addition 88 percent of malware was delivered by email into users' inboxes, in many cases having bypassed gateway filters. It took 8.8 days, on average, for threats to become known by hash to antivirus engines, giving hackers over a week’s head-start on their campaigns.

Continue reading →

German cybersecurity company Avira is launching a new security for Mac product with free as well as premium versions, developed from the ground up on Apple’s latest tech stack.

The all-in-one solution blocks and removes threats, enables worry-free browsing, shopping and payment through real-time protection, and protects data with VPN encryption.

Continue reading →

Public key infrastructure (PKI) and digital certificates are essential to achieving zero trust architecture according to 96 percent of North American enterprises.

However, only 39 percent use PKI as part of their zero trust security strategy today according to a survey from Pulse Research and PKI as-a-Service (PKIaaS) company Keyfactor.

Continue reading →

Technology providers that are transparent and proactive in helping organizations manage their cybersecurity risk are more likely to win business according to a new study from Intel.

The results show 73 percent of respondents say their organization is more likely to purchase technologies and services from technology providers that are proactive about finding, mitigating and communicating security vulnerabilities, while 48 percent say their technology providers don’t offer this capability.

Continue reading →

Developers are under increasing pressure to create real-time products that make the most of a wide range of digital resources.

This means that DevOps teams have to cope with information drawn from all sorts of different sources. But how can they ensure they are getting an accurate picture?

Continue reading →

Linux-based operating systems are generally recognized as being far more secure than the likes of Windows and macOS -- but that's not to say they're without their flaws. Illustrating precisely this is the discovery of no fewer than three vulnerabilities in the Linux kernel that could be exploited to gain root access to a system.

That researchers from cybersecurity firm GRIMM managed to find so many vulnerabilities in the Linux kernel is one thing, the fact that they have lain there undetected for 15 years is quite another.

Continue reading →

One of the frameworks that has received greater attention since the acceleration of digital transformation is Secure Access Services Edge (SASE).

But what does its adoption mean for the security industry and how can enterprises best take advantage of SASE? We spoke to Mary Blackowiak, senior product marketing manager at AT&T Cybersecurity, to discover more.

Continue reading →

In a new report into DNS security, Cisco Umbrella, which processes 620 billion DNS requests daily, finds that from January to December 2020 cryptomining generated the most DNS traffic out of any individual threat category with 69 percent of organizations discovering cryptomining connections.

In addition nearly 90 percent of organizations had at least one user attempt to connect to a phishing site, peaking drastically in the second half of the year.

Continue reading →

As mobile device usage continues to grow within enterprises the security risk increases too. Mobile browsers get patched less often and other threats come from phishing and malicious document downloads.

To combat these problems Menlo Security is extending its cloud-based Secure Web Gateway (SWG) to include web isolation for mobile devices.

Continue reading →

New research from Tenable's Security Response Team finds that third-party attacks accounted for over a quarter of breaches disclosed over the past year.

More worrying is that a breach of a single company linked back to 61 healthcare customers. The research reveals the impact of third-party attacks, how hard the healthcare sector has been hit by cyberattacks and just how rampant ransomware has been during Covid-19.

Continue reading →

A new report from Akamai looks at the technology shifts and usage patterns of 2020 noting a 30 percent jump in internet traffic thanks to COVID-19 lockdowns.

It also highlights criminals taking advantage worldwide, targeting all business sectors and industries, including information technology and security.

Continue reading →