Articles about Security

Just days after the regular update release date of Patch Tuesday, Microsoft has released an out-of-band patch to address a problem with WPA3 connections in Windows 10.

The KB5001028 update is for Windows 10 version 1909, and it fixes a problem that caused blue screens and stop error 0x7E in nwifi.sys when using a WPA3 connection. Microsoft says that the problems arose after users installed the KB4598298 or KB4601315 updates.

Continue reading →

Many of us will at some point have attached the wrong file to an email or sent an attachment to the wrong person.

This is more than an inconvenience as it could end up exposing sensitive data. But thanks to a new feature from Tessian you may never make an attachment error again.

Continue reading →

Despite a sharp decrease of 19.2 percent observed earlier in the year, vulnerability disclosures in 2020 are expected to exceed 2019's level according to Risk Based Security.

The company's VulnDB team aggregated 23,269 vulnerabilities disclosed during 2020. Despite the initial disruption from COVID-19, the trend of total number of vulnerabilities suggests that business operations and routines have normalized as the gap has closed to 0.98 percent.

Continue reading →

A new study from cybersecurity company Deep Instinct, finds that last year malware increased by 358 percent overall and ransomware increased by 435 percent as compared with 2019.

The report which analyzes millions of attacks taking place across the year finds distribution of the Emotet malware skyrocketed by 4,000 percent, while malware threats attacking Android phones increased by 263 percent.

Continue reading →

Enterprises invest billions annually on SIEM (Security Information and Event Management) software and expect this investment to result in comprehensive threat coverage.

But a new report from AI-powered threat coverage platform CardinalOps shows that on average SIEM deployment rules miss 84 percent of the techniques listed in MITRE ATT&CK.

Continue reading →

Whenever Microsoft releases updates for Windows, the company is always keen for as many people as possible to get the patch installed. But with this month's Patch Tuesday bug fixes, the company is encouraging Windows users even more than usual.

Referring to two Critical security issues and one Important one, all affecting TCP/IP, Microsoft says that "it is essential that customers apply Windows updates to address these vulnerabilities as soon as possible". The CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094 vulnerabilities affect Windows 7 upwards.

Continue reading →

Today is Safer Internet Day, held annually to promote making the internet a safer and better place for all and particularly for children and younger users.

Industry experts have been keen to offer their their views and advice and we've put together a round up of some of the best.

Continue reading →

Detecting and resolving data leakage is a top security challenge for public sector organizations with 24 percent suffering accidental leakage of cloud data.

The 2021 Cloud Data Security Report from Netwrix finds phishing (reported by 39 percent of organizations) to be the most common incident that government agencies experienced in the cloud, followed by accidental data leakage (24 percent) and targeted attacks on infrastructure (22 percent).

Continue reading →

Failure to automate control of physical accounts is a major weak point in enterprise security according to a study released by Thycotic.

Among the findings are that a significant number of enterprises (28 percent) only audit privileged access management (PAM) on a quarterly or annual basis.

Continue reading →

Cybersecurity and risk management company RSA is launching Detect AI, a cloud-native advanced analytics and machine learning solution that provides rapid detection and actionable insights on data captured by the RSA NetWitness Platform.

It employs cloud-scale processing for behavior analytics and uses unsupervised machine-learning to allow it to detect and respond to threats without manual oversight.

Continue reading →

Disclosed vulnerabilities in industrial control systems (ICS) increased 335 percent in the second half of 2020 compared to the first half.

A new report from Claroty also shows that in the same period 71 percent of ICS vulnerabilities disclosed were remotely exploitable through network attack vectors.

Continue reading →

We recently wrote about a serious vulnerability in the sudo tool which could be used to gain root access to Linux systems. Now a security researcher has found that the security flaw also affects macOS Big Sur -- including on new M1 Macs.

The Baron Samedit vulnerability -- or CVE-2021-3156 -- is a heap-based buffer overflow bug that was discovered by cybersecurity firm Qualys. While it was initially thought to only affect Linux systems, researcher Matthew Hickey (who also goes by the name Hacker Fantastic) found that macOS is also vulnerable with only very minor changes needed to the original exploit.

Continue reading →

A new survey of the opinions of more than 7000 business leaders, employees and consumers from across the world shows the role of CISO has hugely expanded in its scope and responsibilities.

However, the study from BT Security also shows that fewer than half of executives and employees could put a name to their CISO. This is despite the fact that 84 percent of executives also say that their organization had suffered from data loss or a security incident in the last two years.

Continue reading →

New research from biometric authentication company iProov highlights that many US banks are falling short in delivering digital convenience to their customers.

The study looks at the range and usability of online services being offered to existing customers. Researchers looked at 39 data points, including how easy it was for a customer to move money, request a new debit card or change personal details online.

Continue reading →

A new report shows that 66 percent of organizations admit slowing the rollout of a new application into production because of API security concerns.

The State of API Security report from Salt Security also reveals that 54 percent of organizations running production APIs have at best only a basic strategy for API security, with 27 percent having no strategy at all.

Continue reading →