Articles about Security

Information security often focuses on what's going on within the enterprise perimeter, but as businesses invest more in executive communication programs, there are risks which are sometimes overlooked.

According to a new survey from SafeGuard Cyber oversight of executive social media use is lacking, record-keeping is often manual, and the responsibility for risk management isn't clear.

Continue reading →

As more work has moved online the security security issues surrounding collaboration and video conferencing applications have been thrown into the spotlight.

StrikeForce Technologies is launching a new desktop privacy protection suite called PrivacyLok, designed to address the problem by preventing unwanted applications from accessing sensitive data while protecting users from a range of threats.

Continue reading →

The supply chain attack involving SolarWinds software last year has caused ripples throughout the cybersecurity industry, not least because it went undetected for nine months.

The attack was able to bypass traditional email security by exploiting trusted communications routes between vendors and customers. A worrying new report from Abnormal Security shows that this technique is becoming a mainstream attack vector.

Continue reading →

Greater emphasis on emotional intelligence and other skills required to work with different stakeholders is placing new demands on Chief Information Security Officers (CISOs) according to a new study.

But it's also creating opportunities for CISOs to become leaders of their organizations, according to the report from cyber security provider F-Secure, in conjunction with Omnisperience.

Continue reading →

Almost 75 percent of security analysts are worried about missing out on alerts according to a new study carried out by IDC for FireEye.

The research, which surveyed 300 IT security managers and security analysts in the US, also shows that nearly half of the alerts security analysts receive are false positives, and almost a third get ignored.

Continue reading →

The pandemic-driven shift to remote working has led cybercriminals to ditch many of their old tactics, and put a new emphasis on gathering intelligence and exploiting and preying on fears with targeted and sophisticated attacks.

The latest State of Malware report from Malwarebytes has found a major shift in the devices targeted and strategies deployed by cybercriminals.

Continue reading →

Just days after the regular update release date of Patch Tuesday, Microsoft has released an out-of-band patch to address a problem with WPA3 connections in Windows 10.

The KB5001028 update is for Windows 10 version 1909, and it fixes a problem that caused blue screens and stop error 0x7E in nwifi.sys when using a WPA3 connection. Microsoft says that the problems arose after users installed the KB4598298 or KB4601315 updates.

Continue reading →

Many of us will at some point have attached the wrong file to an email or sent an attachment to the wrong person.

This is more than an inconvenience as it could end up exposing sensitive data. But thanks to a new feature from Tessian you may never make an attachment error again.

Continue reading →

Despite a sharp decrease of 19.2 percent observed earlier in the year, vulnerability disclosures in 2020 are expected to exceed 2019's level according to Risk Based Security.

The company's VulnDB team aggregated 23,269 vulnerabilities disclosed during 2020. Despite the initial disruption from COVID-19, the trend of total number of vulnerabilities suggests that business operations and routines have normalized as the gap has closed to 0.98 percent.

Continue reading →

A new study from cybersecurity company Deep Instinct, finds that last year malware increased by 358 percent overall and ransomware increased by 435 percent as compared with 2019.

The report which analyzes millions of attacks taking place across the year finds distribution of the Emotet malware skyrocketed by 4,000 percent, while malware threats attacking Android phones increased by 263 percent.

Continue reading →

Enterprises invest billions annually on SIEM (Security Information and Event Management) software and expect this investment to result in comprehensive threat coverage.

But a new report from AI-powered threat coverage platform CardinalOps shows that on average SIEM deployment rules miss 84 percent of the techniques listed in MITRE ATT&CK.

Continue reading →

Whenever Microsoft releases updates for Windows, the company is always keen for as many people as possible to get the patch installed. But with this month's Patch Tuesday bug fixes, the company is encouraging Windows users even more than usual.

Referring to two Critical security issues and one Important one, all affecting TCP/IP, Microsoft says that "it is essential that customers apply Windows updates to address these vulnerabilities as soon as possible". The CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094 vulnerabilities affect Windows 7 upwards.

Continue reading →

Today is Safer Internet Day, held annually to promote making the internet a safer and better place for all and particularly for children and younger users.

Industry experts have been keen to offer their their views and advice and we've put together a round up of some of the best.

Continue reading →

Detecting and resolving data leakage is a top security challenge for public sector organizations with 24 percent suffering accidental leakage of cloud data.

The 2021 Cloud Data Security Report from Netwrix finds phishing (reported by 39 percent of organizations) to be the most common incident that government agencies experienced in the cloud, followed by accidental data leakage (24 percent) and targeted attacks on infrastructure (22 percent).

Continue reading →

Failure to automate control of physical accounts is a major weak point in enterprise security according to a study released by Thycotic.

Among the findings are that a significant number of enterprises (28 percent) only audit privileged access management (PAM) on a quarterly or annual basis.

Continue reading →