Articles about Security

Microsoft releases patch for Windows zero-day flaw found by Google

Microsoft building in California

Last month, security researchers at Google's Project Zero released details of a zero-day vulnerability in Windows that was being actively exploited.

Hacklers were taking advantage of a Windows Kernel Cryptography Driver security flaw (CVE-2020-117087) to gain elevated privileges in Windows 7, 8, and 10, as well as Windows Server 2008 and higher. As part of yesterday's Patch Tuesday release, Microsoft has now issued a fix for the vulnerability.

Continue reading

Europeans don't trust US tech giants with their data

Trust card

A new study reveals that 82 percent of Europeans don't trust US tech giants with their personal files, despite increasing reliance on cloud services due to COVID-19.

The survey of 4,500 people across the UK, France and Germany, conducted by pCloud, one of Europe's fastest-growing file-sharing and cloud storage providers, finds the biggest concerns are personal data being used for commercial gain (51 percent) and the possibility of hacks (43 percent).

Continue reading

Dreaming of an insecure Christmas

Christmas smartphone worker

What do you want for Christmas? How about a coffee maker that can eavesdrop on your conversations, or a fitness tracker that can analyze the tone of your voice?

The fourth-annual Privacy Not Included holiday shopping guide from Mozilla aims to arm shoppers with the information they need to choose gifts that protect the privacy and security of their friends and family while spurring the tech industry to do more to safeguard consumers.

Continue reading

Shift to remote work drives overhaul of enterprise access technology

Access management

This year's massive and sudden shift to remote working has boosted the adoption of cloud technology and the security implications of this transition will reverberate for years to come, according to the latest Trusted Access report from Cisco company Duo Security.

Daily authentications to cloud applications surged 40 percent during the first few months of the pandemic, the bulk of these coming from enterprise and mid-sized organizations looking to ensure secure access to services.

Continue reading

DDoS attacks become smarter and easier to carry out

DDoS attack

Although ransomware has dominated 2020's cyber threat landscape, DDoS attacks haven’t gone away. In fact the year has seen the largest DDoS attack ever recorded, peaking at 2.3 Terabytes per second.

The attack was carried out by deploying hijacked CLDAP (Connection-less Lightweight Directory Access Protocol) web servers and caused three days of downtime for the unnamed targeted business. This is one of the things highlighted in new analysis from Digital Shadows.

Continue reading

Delivering value to a remote workforce: A practical approach

remote work

The overnight switch to remote working triggered by the COVID-19 pandemic has caused an unprecedented amount of change to the usual ways of working. The impact will continue to be felt for the foreseeable future -- and as a result, IT departments’ approach to delivering services to their organizations will need to keep pace with the evolving requirements of this newly remote staff.

To that end, IT needs to embed itself deeper in the organization to understand the unique requirements of every single stakeholder -- be it the C-suite or the manager answering the customer call -- so that those professionals can do their jobs effectively, enabling the business to realize its strategic goals. In practical terms, what does this mean? How can IT departments put these tactics into practice in their enterprises?

Continue reading

Redefining Security post-pandemic: Empowering change control in the new normal

security

Amid the COVID-19 pandemic, remote working has added a new dimension to the security, compliance, and digital transformation demand landscape. Now, more than ever, it is increasingly important for organizations to embed security solutions and processes that reduce complexity and massively increase the automation of killer manual tasks.

Last month, our team at New Net Technologies had the opportunity to host a virtual panel on securing digital transformation and what COVID-19 means for cybersecurity as we continue to navigate the growing remote workforce. The panel, which consisted of several security experts, focused on the topic of redefining security in a post-pandemic world. The session kicked off with the question, 'Have you noticed a more compliant workforce?'.

Continue reading

The rise of the shopping bot and what it means for security teams [Q&A]

Christmas robot

If you've ever tried to order a recently released tech product, like a new game console or the latest hot graphics card only to find it's sold out, you've no doubt felt frustrated. It's even more frustrating when the product then appears on secondary market sites at many times the original price.

What you're seeing here is probably the action of automated shopping bots that scoop up products for resale at a profit. Is this a form of cyber attack or is it just rather shady commercial activity? We spoke to Ameya Talwalker, co-founder of Cequence Security, to find out more about the behavior of these bots and what can be done to curb their activity.

Continue reading

CISOs look for flexibility to manage new security challenges

business security

A new survey of UK CISOs by cybersecurity company F-Secure looks at how IT decision makers are adapting to a fast changing landscape.

With more people working remotely budgets are being moved around to allow businesses to cope with new ways of working and the resulting security vulnerabilities, and 13 percent of respondents say that budgets are going to increase as a direct response to the challenges presented by the pandemic.

Continue reading

Microsoft may have dropped Office 2010 but 0patch will still offer security patches

Microsoft Office 2010 0patch

We have written about the micropatching outfit 0patch several times here on BetaNews. Offering "security patching simplified to the extreme" 0patch has previously offered security fixes for problem with Internet Explorer and Windows 7 either before Microsoft has been able to do so, or after the company has stopped offering support for a particular product.

Now 0patch has done it again, announcing that it has "security adopted" Office 2010. This version of Microsoft's iconic office suite is -- as of October -- no longer officially supported, but 0patch says that it will help keep users secured against vulnerabilities with its micropatches.

Continue reading

Getting real about ransomware [Q&A]

Ransomware sign

For every high-profile ransomware incident in the headlines, there are many more that never get reported. Particularly among small- and medium-sized businesses, often with small IT and cybersecurity teams, a ransomware attack can be an existential problem.

To understand how companies should respond when they discover they're in the grip of a ransomware threat actor, we spoke with Kurtis Minder, CEO and co-founder of GroupSense, which helps companies navigate through these attacks to get their businesses back online.

Continue reading

Network access to over 7,000 organizations for sale on hacker forums

hack money

Hackers have breached 7,500 organizations and are selling network access on multiple Russian hacker forums.

An investigation by CyberNews.com reveals compromised networks located in the USA, Canada, and Australia which include educational, entertainment and bar industry organizations.

Continue reading

Hackers exploit business VoIP system vulnerability

VoIP

Researchers at Check Point have uncovered a fraud operation targeting more than 1,200 business VoIP phone systems worldwide.

Hackers are exploiting vulnerabilities in the popular Sangoma and Asterisk VoIP phone systems to gain control of the system. They then seek to monetize that access by selling auto-generated calls and forcing systems to call premium numbers owned by the hackers to collect revenues, without the targeted business being aware.

Continue reading

Consumers overconfident of their connected device security

WiFi hotspot

A new study from the National Cyber Security Alliance (NCSA) into perception and behavior around connected device security reveals that most US consumers are confident that the connected devices they own are secure.

However, the survey of 1,000 respondents in two age groups (500 aged 18-34 and 500 aged 50-75) reveals this confidence may be misplaced, along with some interesting generation gaps.

Continue reading

Google issues patches for two serious Chrome zero-day vulnerabilities

Cartoon Chrome logo

Google's Project Zero is very quick to point out security flaws in other company's products, but the search giant is far from being perfect itself. Two recently discovered zero-day vulnerabilities in Chrome have just been fixed with a new patch.

CVE-2020-16009 and CVE-2020-16010 are remote code-execution and heap-based buffer overflow flaws respectively and affect both the desktop and Android versions of Google's web browser.

Continue reading

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.