Articles about Security

Earlier in the year, Intel announced that it had completed software validations on fixes for a series of security flaws affecting many of its processors discovered a couple of years ago. Now Microsoft, in conjunction with the chip-maker, released microcode updates for Windows 10 to fix these issues.

The four problems are connected to the now-infamous Spectre and Meltdown flaws from 2018. They relate to problems with the speculative execution function of many chips, and could allow for sensitive data to leak.

Continue reading →

The shortcomings of password security are well known. Indeed the death of passwords has been predicted for a long time but they still cling on.

There are a number of alternative authentication methods available, but confusion still reigns about the pros and cons of different approaches. To help cut through the mass of information, identity management company Beyond Identity has put together an infographic looking at alternative authentication methods and the security each provides.

Continue reading →

Concern about deepfakes is on the rise and earlier this week Microsoft announced its own video authentication tool ahead of the US elections.

To help counter the threat from increasingly sophisticated cyber attacks, including the use of deepfakes, biometric authentication company iProov is also launching its own Security Operations Centre (iSOC).

Continue reading →

Cybercriminals in 2019 managed to expose more than 165 million records of confidential data across 1,365 known breaches.

But how do they get in, how long do they stay and what are they there for? The answers to these questions are in the 2020 Compromise Flashcard produced by compromise assessment company Lumu.

Continue reading →

During the pandemic, video conferencing app Zoom found itself at the center of several security and privacy issues. In response it has boosted its security program, including aggregating reports from Bugcrowd.

But what's driving organizations like Zoom choose crowdsourced security approaches? We spoke to Ashish Gupta, CEO of Bugcrowd to find out.

Continue reading →

New research finds that 33 percent of companies within the digital supply chain expose common network services such as data storage, remote access and network administration to the internet.

The study from RiskRecon and the Cyentia Institute also finds that organizations that expose unsafe services to the internet exhibit more critical security findings.

Continue reading →

A new survey from Bitglass reveals that 61 percent of organizations reported at least one insider attack over the last 12 months, with 22 percent reporting at least six separate attacks.

With a whole range of changes happening at the moment securing against insider threats has become increasingly challenging. Most organizations say they can't guarantee that they can detect insider threats from personal devices (82 percent) or the cloud (50 percent), while 81 percent find it difficult to assess the impact of insider attacks.

Continue reading →

As of September 1st, all publicly trusted TLS certificates must have a lifespan of 398 days or less -- roughly half the previous life.

According to security experts from Venafi, a provider of machine identity management, this latest change is an indication that machine identity lifetimes will continue to shrink.

Continue reading →

In yet another example of cybercriminals exploiting world events, the frequency of phishing threats has risen considerably since the start of the pandemic, with companies experiencing an average of 1,185 attacks every month.

New research from GreatHorn reveals that more than half (53 percent) of over 300 IT professionals surveyed by Cybersecurity Insiders say they had witnessed an increase in phishing activity since the start of the COVID-19 pandemic.

Continue reading →

Account takeover attacks and online fraud of all types have skyrocketed during the pandemic as consumers have shifted almost all of their most important transactions to digital channels.

We spoke to David Vergara, senior director of security product marketing anti-fraud and digital identity solutions company OneSpan, to discover more about the emerging technologies that banks are beginning to use in the fight against fraud, including artificial intelligence, real-time risk analytics and behavioral biometrics.

Continue reading →

Many books discuss the technical underpinnings and complex configurations necessary for cybersecurity -- but they fail to address the everyday steps that boards, managers, and employees can take to prevent attacks. The Cybersecurity Playbook is the step-by-step guide to protecting your organization from unknown threats and integrating good security habits into everyday business situations.

This book provides clear guidance on how to identify weaknesses, assess possible threats, and implement effective policies. Recognizing that an organization’s security is only as strong as its weakest link, this book offers specific strategies for employees at every level.

Continue reading →

With 11,121 vulnerabilities disclosed during the first half of 2020, as the year progresses the total is expected to exceed that of 2019.

Although the number of vulnerabilities disclosed in the first half of 2020 decreased by 8.2 percent compared to the same period in 2019 due to the impact of COVID-19, but the Q2 vulnerability report from Risk Based Security does suggest some signs of a return to 'normal' levels.

Continue reading →

The Qbot trojan first appeared in 2008 as banking and credential theft malware, evolving over the years to deliver ransomware attacks, making it something of a Swiss Army knife of the malware world.

Researchers at Check Point have now uncovered a further evolution that allows Qbot to hijack legitimate email conversations from an infected user's Outlook email client, and then spam itself out using those hijacked emails to increase its chances of tricking other users into getting infected.

Continue reading →

Personal data management software specialist Dataguise is launching a new system that enables organizations to report the impact of a data breach faster and more accurately than ever before.

GDPR requires reporting of breaches within 72 hours of becoming aware, and notifying affected individuals without delay. Dataguise is able to extrapolate the number of unique data elements in a data set quickly, with greater than 90 percent accuracy, using a patent-pending approach based on neural network technologies.

Continue reading →

Researchers at cloud security platform Armorblox have uncovered a phishing attack that seeks to steal Office 365 login credentials.

So far, so predictable. The clever twist here though is that the initial page victims are taken to via the email link is hosted on cloud file sharing service Box, followed by a credential phishing page that resembles the Office 365 login portal.

Continue reading →