Articles about Security

The pandemic-driven switch to remote working has brought more threats, but overall cybersecurity posture has remained strong, according to a new report.

The study from security orchestration, automation and response company Siemplify attributes this to greater investment in security automation technologies and reliance on managed security service providers.

Continue reading →

A new survey of container security from NeuVector shows that 63 percent of respondents would curtail or restrain security measures in order to maintain faster production.

There's also a lack of consensus on who is responsible for securing container environments with 42 percent saying security teams, 30 percent development, and 28 percent operations. This is despite 32 percent saying security is their organization's single most important priority as they roll out containers and Kubernetes initiatives.

Continue reading →

Canonical is making Ubuntu Core 20, a minimal, containerized version of Ubuntu 20.04 LTS for IoT devices and embedded systems, generally available from today.

It improves device security with secure boot, full disk encryption, and secure device recovery and builds on the Ubuntu application ecosystem in order to create ultra-secure smart things.

Continue reading →

A trojanized version of OpenSSH software is being used to steal SSH credentials from high performance computing (HPC) clusters, reports security firm ESET. The Linux malware has been dubbed Kobalos, and is described as "small, yet complex" and "tricksy".

Despite its diminutive size, the Kobalos backdoor is hitting some major targets including government systems in the US, universities in Europe, and a major ISP in Asia. Security experts report that while the multiplatform backdoor works on Linux, FreeBSD and Solaris, "there are also artifacts indicating that variants of this malware may exist for AIX and even Windows".

Continue reading →

The shift to more remote work has boosted companies 'move to cloud' options and that has shone a spotlight on the need for identity governance and administration (IGA) and privileged access management (PAM) solutions.

Identity-centric security firm One Identity is launching a new software-as-a-service identity platform that offers full IGA and PAM capabilities and allows organizations to implement a zero trust model.

Continue reading →

Most organizations have a severe lack of visibility into remote endpoints according to a new report, which poses additional risks as more people work from home.

In addition, few have a way to stop ransomware from spreading throughout their network after an initial breach, according to the study from zero trust specialist Illumio.

Continue reading →

Law enforcement authorities in the Netherlands, Germany, the US, the UK, France, Lithuania, Canada and Ukraine have collaborated to disrupt Emotet, one of the most significant botnets of the past decade.

The effort, coordinated by Europol the joint European policing agency, gained control of the Emotet infrastructure and took it down from the inside. Infected machines of victims have been redirected towards this law enforcement-controlled infrastructure.

Continue reading →

Depending on who you talk to today is either Data Privacy Day or Data Protection Day. But whatever you want to call it the idea is to focus attention on the importance of best practices for looking after sensitive information.

In the current environment with distributed workforces and more transactions taking place online, this is more important than ever. We've rounded up opinions from some leading industry figures on the current state of data privacy and what can still be improved.

Continue reading →

Every year, cybersecurity becomes a bigger issue for businesses large and small. While computer experts and regular people are getting better at protecting their data, hackers and digital criminals are keeping up every step of the way.

A well-informed and bad-intentioned hacker could cause your business serious harm, engaging in such nefarious behavior as freezing your accounts, demanding a ransom, and stealing your customers’ sensitive personal data. In order to avoid these catastrophes, you need to do everything you can to beef up your cybersecurity operations. These days, failing to take these threats seriously is simply asking for trouble. Here are seven essential cybersecurity tips that can benefit any small business owner.

Continue reading →

Security operations centers have become a key part of threat handling for many enterprises, but it's the human element that is key to success, according to a new report.

The SOC Skills Survey from training platform Cyberbit reveals that just 33 percent of respondents feel that HR understands the requirements needed to work in a cybersecurity team.

Continue reading →

Phishing is nothing new, but the COVID-19 pandemic has seen an increase in attacks around the world as cybercriminals seek to exploit the opportunities offered.

Mobile security company Zimperium has produced an infographic looking at phishing trends with a particular emphasis on the mobile sector.

Continue reading →

Security researchers have revealed details of a vulnerability in Sudo that could be exploited by an attacker to gain root privileges on a wide range of Linux-based systems.

News of the security flaw was shared by Qualys, and it has been described as "perhaps the most significant sudo vulnerability in recent memory". Worryingly, the heap-based buffer overflow bug has existed for almost a decade. It is known as Baron Samedit, tracked as CVE-2021-3156, and affects various versions of Sudo.

Continue reading →

For companies that deal in sensitive information, keeping data secure in the cloud and for remote working is a major challenge.

To help meet this TetherView is launching an innovative managed private cloud service called 'Digital Bunker' which offers a 'one-way-in and one-way-out' private cloud solution for enterprise customers.

Continue reading →

Although they are intended to make our lives simpler, the proliferation of connected devices has thrown up new headaches and risks.

New research from RiskRecon and the Cyentia Institute has looked at exposed IoT devices within a dataset of 35,000 organizations and explores the related security problems.

Continue reading →

Digital risk protection platform CybelAngel has updated its offering to include asset discovery and monitoring in order to help businesses identify hidden risks.

It can uncover hidden, rogue or obscure devices and services existing outside of the security team's awareness and control. These shadow assets include file servers, cloud databases, connected industrial systems and IoT devices.

Continue reading →