Security

Security researchers have revealed details of a vulnerability in Sudo that could be exploited by an attacker to gain root privileges on a wide range of Linux-based systems.

News of the security flaw was shared by Qualys, and it has been described as "perhaps the most significant sudo vulnerability in recent memory". Worryingly, the heap-based buffer overflow bug has existed for almost a decade. It is known as Baron Samedit, tracked as CVE-2021-3156, and affects various versions of Sudo.

For companies that deal in sensitive information, keeping data secure in the cloud and for remote working is a major challenge.

To help meet this TetherView is launching an innovative managed private cloud service called 'Digital Bunker' which offers a 'one-way-in and one-way-out' private cloud solution for enterprise customers.

Although they are intended to make our lives simpler, the proliferation of connected devices has thrown up new headaches and risks.

New research from RiskRecon and the Cyentia Institute has looked at exposed IoT devices within a dataset of 35,000 organizations and explores the related security problems.

Digital risk protection platform CybelAngel has updated its offering to include asset discovery and monitoring in order to help businesses identify hidden risks.

It can uncover hidden, rogue or obscure devices and services existing outside of the security team's awareness and control. These shadow assets include file servers, cloud databases, connected industrial systems and IoT devices.

Putting a computer online without adequate protection is simply asking for trouble. Even the most tech savvy user can fall victim to viruses, malware and other forms of cyberattack -- so security software is essential these days. In the latest update to its offering in this field, IObit has released Advanced SystemCare Ultimate 14.

With the coronavirus pandemic meaning that more people than ever are working from home, it has never been more important to keep your computer locked down against attack and infection. As well as offering a range of security and protection options for Windows users, the Advanced SystemCare Ultimate suite also provides a range of optimization tools and a selection of handy utilities to make day-to-day computer use easier, more secure and more pleasant.

Companies with small security teams, generally SMEs, face a number of unique challenges which place them at greater risk than their larger enterprise counterparts.

This is among the findings of the 2021 CISO Survey of Small Cyber Security Teams from Cynet which also reveals that all of these companies are outsourcing at least some aspects of security threat mitigation in order to safeguard their IT assets.

There's a famous quote attributed to career criminal William Francis Sutton Jr., when asked why he robbed banks he is said to have replied, "Because that's where the money is."

For today's cybercriminals the motivation to make money is much the same, so the banking and financial services sector is a prime target. We spoke to Paul Prudhomme, cyber threat intelligence advisor at IntSights to find out more about the threats the industry faces and how they can be addressed.

Ransomware made up 81 percent of all financially motivated cyberattacks in 2020, according to a new report from Atlas VPN.

The remainder of attacks comprised a variety of approaches including point-of-sale intrusions, eCommerce attacks, business email compromise, and cryptocurrency mining.

The roll out of vaccines is seen as the light at the end of the tunnel of the COVID-19 crisis, but like any major event it's also an opportunity for scammers and cybercriminals.

Deep learning-powered fraud prevention company Bolster has released a new report which finds that leading indicators foreshadow a raft of COVID-19 vaccine scams.

The number of publicly reported breach events decreased by 48 percent in 2020. However, more than 37 billion records were compromised, an increase of 141 percent.

A report released today by Risk Based Security reveals that this is by far the most records exposed in a single year since the company began reporting in 2005.

It is a few months since Nitro PDF was hit by hackers in a huge data breach. While the stolen data was initially put up for sale, now it has been made available free of charge.

What this means is that a database containing over 77 million user records is now freely available for just about anyone to download. The database weighs in at around 14GB and includes not only names and email addresses, but also passwords.

Hackers responsible for a large-scale phishing campaign unintentionally left over a thousand sets of stolen log-in credentials accessible to the public via a simple Google search.

The error was uncovered by researchers at Check Point. and Otorio. The stolen credentials were stored in designated web pages on compromised servers.

We all know that following a data breach the stolen information is likely to turn up for sale on the dark web. But what's this information worth and how is its value arrived at?

Researchers at consumer website Comparitech have analyzed over 40 dark web marketplaces to find out how much credit card, Paypal, and SSN details are worth to cybercriminals.

A side effect of the pandemic over the last year has been that online shopping has boomed. But a new study from Veracode reveals that 76 percent of apps in the retail and hospitality sector contain flaws, with 26 percent having high-severity issues that require urgent attention.

Compared to other industries, however, retail and hospitality ranks second-best for overall fix rate with half of flaws remediated in just 125 days, nearly one month faster than the next-fastest sector. While this may seem lengthy, half of flaws across all industries remain unfixed for much longer and some may never be fixed at all.

As we move into 2021, CISOs continue to have to deal with securely connecting a remote workforce while addressing other pressing initiatives to protect their organization from an evolving range of threats.

Continuous compromise assessment company Lumu has produced an infographic based on a survey of cybersecurity leaders across North and Latin America looking at how they plan to prioritize their investments.