Articles about Security

Amid the COVID-19 pandemic, remote working has added a new dimension to the security, compliance, and digital transformation demand landscape. Now, more than ever, it is increasingly important for organizations to embed security solutions and processes that reduce complexity and massively increase the automation of killer manual tasks.

Last month, our team at New Net Technologies had the opportunity to host a virtual panel on securing digital transformation and what COVID-19 means for cybersecurity as we continue to navigate the growing remote workforce. The panel, which consisted of several security experts, focused on the topic of redefining security in a post-pandemic world. The session kicked off with the question, 'Have you noticed a more compliant workforce?'.

Continue reading →

If you've ever tried to order a recently released tech product, like a new game console or the latest hot graphics card only to find it's sold out, you've no doubt felt frustrated. It's even more frustrating when the product then appears on secondary market sites at many times the original price.

What you're seeing here is probably the action of automated shopping bots that scoop up products for resale at a profit. Is this a form of cyber attack or is it just rather shady commercial activity? We spoke to Ameya Talwalker, co-founder of Cequence Security, to find out more about the behavior of these bots and what can be done to curb their activity.

Continue reading →

A new survey of UK CISOs by cybersecurity company F-Secure looks at how IT decision makers are adapting to a fast changing landscape.

With more people working remotely budgets are being moved around to allow businesses to cope with new ways of working and the resulting security vulnerabilities, and 13 percent of respondents say that budgets are going to increase as a direct response to the challenges presented by the pandemic.

Continue reading →

We have written about the micropatching outfit 0patch several times here on BetaNews. Offering "security patching simplified to the extreme" 0patch has previously offered security fixes for problem with Internet Explorer and Windows 7 either before Microsoft has been able to do so, or after the company has stopped offering support for a particular product.

Now 0patch has done it again, announcing that it has "security adopted" Office 2010. This version of Microsoft's iconic office suite is -- as of October -- no longer officially supported, but 0patch says that it will help keep users secured against vulnerabilities with its micropatches.

Continue reading →

For every high-profile ransomware incident in the headlines, there are many more that never get reported. Particularly among small- and medium-sized businesses, often with small IT and cybersecurity teams, a ransomware attack can be an existential problem.

To understand how companies should respond when they discover they're in the grip of a ransomware threat actor, we spoke with Kurtis Minder, CEO and co-founder of GroupSense, which helps companies navigate through these attacks to get their businesses back online.

Continue reading →

Hackers have breached 7,500 organizations and are selling network access on multiple Russian hacker forums.

An investigation by CyberNews.com reveals compromised networks located in the USA, Canada, and Australia which include educational, entertainment and bar industry organizations.

Continue reading →

Researchers at Check Point have uncovered a fraud operation targeting more than 1,200 business VoIP phone systems worldwide.

Hackers are exploiting vulnerabilities in the popular Sangoma and Asterisk VoIP phone systems to gain control of the system. They then seek to monetize that access by selling auto-generated calls and forcing systems to call premium numbers owned by the hackers to collect revenues, without the targeted business being aware.

Continue reading →

A new study from the National Cyber Security Alliance (NCSA) into perception and behavior around connected device security reveals that most US consumers are confident that the connected devices they own are secure.

However, the survey of 1,000 respondents in two age groups (500 aged 18-34 and 500 aged 50-75) reveals this confidence may be misplaced, along with some interesting generation gaps.

Continue reading →

Google's Project Zero is very quick to point out security flaws in other company's products, but the search giant is far from being perfect itself. Two recently discovered zero-day vulnerabilities in Chrome have just been fixed with a new patch.

CVE-2020-16009 and CVE-2020-16010 are remote code-execution and heap-based buffer overflow flaws respectively and affect both the desktop and Android versions of Google's web browser.

Continue reading →

The latest quarterly threat intelligence report from Kaspersky shows that many actors behind advanced persistent threats (APTs) have continued to diversify their toolsets, at times resorting to extremely tailored and persistent tools.

At the same time though others have reached their goals by the employment of well-known, time-tested attack methods.

Continue reading →

Security issues are frequently exposed by Google's Project Zero; just days ago, security researchers revealed details of an actively exploited Windows Kernel Cryptography Driver security flaw.

Now Project Zero has released details of a serious security flaw in another Microsoft venture -- GitHub. The bug relates to GitHub Actions' workflow commands and is described as being high severity. It was discovered back in July but, as per the standard 90-day disclosure period, details are only just now being made public.

Continue reading →

Digital transformation initiatives often involve closer relationships with other businesses, but these can expose a company to additional risk if the other party's security isn't up to scratch.

New research from CyberGRX, based on data collected from the third parties on its exchange, finds that company size correlates with the maturity of cybersecurity programs, more specifically, as companies get smaller, they have fewer controls in place and less mature programs.

Continue reading →

The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has recently put out a warning concerning a surge in activity from the group behind the Emotet trojan.

Emotet has been around for some time and has mostly been associated with banking trojans, but this year’s upsurge in activity has seen it branch out into other areas.

Continue reading →

October has seen a 71 percent increase in ransomware attacks against the healthcare sector in the US compared to the previous month.

Elsewhere in the world, in EMEA, attacks increased by 36 percent and by 33 percent in the APAC region, according to research from Check Point.

Continue reading →

COVID-19 has caused many industries to experience an economic downturn, but cybersecurity isn't one of them.

Rather, cybersecurity is taking on newfound or heightened importance within many companies, as cybercriminals continue to exploit the global health crisis and associated business disruption to prey on unsuspecting work-from-home employees.

Continue reading →