Articles about Security

Some nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms.

This is one of the findings of Accenture's latest Cyber Threatscape Report. Analysts have seen attackers using a combination of off-the-shelf tooling -- including 'living off the land' tools, shared hosting infrastructure and publicly developed exploit code -- and open source penetration testing tools to carry out cyberattacks and hide their tracks.

Continue reading →

Unbeknownst to Windows 10 users until now, a security vulnerability existed in Windows Setup, the process with runs when installing Feature Updates for the operating system.

The vulnerability (CVE-2020-16908) made it possible for a locally authenticated attacker to run arbitrary code with elevated system privileges. This flaw could be exploited to install software, create new user accounts, or interfere with data.

Continue reading →

Linux-based operating systems are generally considered to be more secure than the likes of Windows, but that does not mean they are completely without security issues. Google security researcher have issued a warning about a series of "zero-click" vulnerabilities in the Linux Bluetooth stack.

Dubbed BleedingTooth, the collection of security flaw could allow for remote code execution attacks. The issue affects Linux kernel 4.8 and higher, and can be found in the open-source BlueZ protocol stack. It has been assigned CVE-2020-12351 and a CVSS score of 8.3.

Continue reading →

Securing enterprise networks used to be a matter of simply defending the perimeter, but in the new normal world of much higher levels of remote access, things have become more complicated.

One of the technologies being used increasingly by businesses is Secure Access Service Edge (SASE). We spoke to Mike Wood, chief marketing officer of Versa Networks, to discover more about SASE and what it can deliver.

Continue reading →

The General Data Protection Regulation (GDPR) came into force in the EU in May 2018 with the aim of giving individuals greater protection over how businesses use their data.

But the COVID-19 pandemic has thrown up new challenges and remaining compliant with the regulations in an age of remote working is one of them. We spoke to Brendan Kiely, managing director and co-founder of secure remote working specialist ThinScale Technology to discuss the implications of GDPR and the 'new normal'.

Continue reading →

New research from Exabeam reveals that while 88 percent of cybersecurity professionals believe automation will make their jobs easier, younger staffers are more concerned that the technology will replace their roles.

The 2020 Cybersecurity Salary, Skills and Stress Survey, an annual survey of security practitioners finds overall satisfaction levels continue a three-year positive trend, with 96 percent of respondents indicating they are happy with their role and responsibilities and 87 percent pleased with salary and earnings.

Continue reading →

APIs have become an important mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, using back end data and logic to create new and innovative offerings.

But in order to use them safely they need to be secured and that means understanding what APIs there are in your environment, what their function is and what their traffic profile looks like.

Continue reading →

Virtual appliances are an inexpensive and relatively easy way for software vendors to distribute their wares for customers to deploy in public and private cloud environments, but new research shows appliances often have exploitable and fixable vulnerabilities, or are running on outdated or unsupported operating systems.

The Orca Security research study found 401,571 total vulnerabilities in scanning 2,218 virtual appliance images from 540 software vendors. This means less than eight percent of virtual appliances were free of known vulnerabilities.

Continue reading →

Targeting of SaaS user accounts was one of the fastest-growing problems for organizations, even before COVID-19 forced a rapid shift to remote work, but a new report shows cybercriminals are using built-in Office 365 services in their attacks.

The study from network detection and response company Vectra, based on four million monitored Office 365 accounts, shows that 71 percent of of those surveyed had seen suspicious Office 365 Power Automate behaviors.

Continue reading →

According to a new report, 71 percent of healthcare organizations are now more concerened about insider threats than they were before the pandemic.

The study from Netwrix shows that pre-pandemic, these organizations were mostly concerned about employees accidentally sharing sensitive data (88 percent) and rogue admins (80 percent). Today they are worried about phishing (87 percent), admin mistakes (71 percent) and data theft by employees (71 percent).

Continue reading →

We reported earlier this week that ransomware attacks have increased dramatically in the last year and it's undoubtedly a growing problem.

In order to demonstrate just how big an issue it's become, Lumu, which helps businesses measure their compromise exposure, has produced an infographic detailing the cost and extent of ransomware.

Continue reading →

The latest annual Cybersecurity Report Card from threat intelligence specialist DomainTools shows security breaches among those surveyed have remained essentially unchanged from last year's report at 16 percent.

Yet almost 60 percent of organizations detected a moderate to a dramatic increase in cyber attacks during and following the pandemic, which points to a rise in the overall breach prevention success rate.

Continue reading →

A new report from Thycotic reveals that 58 percent of IT security decision makers say their organizations plan to add more security budget in the next 12 months, and almost three out of five believe that in the next financial year they will have more security budget because of COVID-19.

More than three quarters (77 percent) of respondents have received boardroom investment for new security projects either in response to a cyber incident in their organization (49 percent) or through fear of audit failure (28 percent).

Continue reading →

With phishing and social engineering attacks on the increase it's usually the case that the weakest link in the security chain is now the human one.

Cybersecurity company ESET clearly thinks so because for the first time it's launching its own Cybersecurity Awareness Training, a new online offering designed to educate workforces on how to recognize phishing, avoid scams and understand internet best practices.

Continue reading →

The risk of cyberattack and loss of data is very real for all companies and it's something that's starting to be a concern for investors too.

New research from security ratings company BitSight and Solactive, a German index engineering firm, shows that company's cybersecurity performance is an indicator of its business performance.

Continue reading →