Articles about Security

Although reports of data breaches are down 52 percent in the first half of this year, the number of records exposed over the same period has soared to 27 billion.

The latest Data Breach Report from Risk Based Security shows 2,037 publicly reported breaches from January to June, a 52 percent decrease compared to the first six months of 2019 and 19 percent below the same time period for 2018.

Continue reading →

As systems move to the cloud, organizations are faced with the problem of safely managing access for third-parties and vendors.

Specialist in this field SecureLink is launching a new version of its SecureLink for Enterprises platform, introducing features to expand vendor privileged access management (VPAM) capabilities to the cloud and strengthen reporting.

Continue reading →

Keeping enterprise systems secure used to be a relatively simple matter of defending the network perimeter. But in recent times the increased sophistication of attacks, a shift to more remote working, and demands for more sophisticated identity management mean things are much more complex.

We spoke to Greg Keller, CTO of directory-as-a-service company JumpCloud  who believes that the answer is to move the security perimeter to the user, wherever they are located.

Continue reading →

The NSA has issued a warning about a new round of cyberattacks by Russia. This time, the GRU (Główny Zarząd Wywiadowczy, the Russian General Staff Main Intelligence Directorate) is targeting Linux machines.

To orchestrate the attacks, the GRU is using a malware suite called Drovorub. The suite is made up of four modules and uses a variety of techniques to hide itself and evade detection.

Continue reading →

Almost half, of the participants in a new survey say zero trust is critical to their organizational security model, with only two percent of business leaders believing zero trust non-essential for their enterprise security posture.

But the study from Illumio, based on responses from over 460 IT and security professionals, finds that real world adoption is lagging. Of the respondents who find zero trust to be extremely or very important to their security posture, only 19 percent have fully implemented or widely implemented their zero trust plan.

Continue reading →

As reports of major data breaches fill the headlines, it has become impossible for any business, large or small, to ignore the importance of cybersecurity. Most books on the subject, however, are either too specialized for the non-technical professional or too general for positions in the IT trenches.

Thanks to author Nadean Tanner’s wide array of experience from teaching at a University to working for the Department of Defense, the Cybersecurity Blue Team Toolkit strikes the perfect balance of substantive and accessible, making it equally useful to those in IT or management positions across a variety of industries. This handy guide takes a simple and strategic look at best practices and tools available to both cybersecurity management and hands-on professionals, whether they be new to the field or looking to expand their expertise.

Continue reading →

Penetration of a local network takes between 30 minutes to 10 days and in most cases, attack complexity is low, meaning that an attack is within the capabilities of a hacker with basic skills.

Moreover there is at least one easy penetration vector in 71 percent of companies according to the research from Positive Technologies which analyzed the security of corporate information systems and prepared an overview of the most common security flaws and attack methods.

Continue reading →

Email is still the favored attack vector for cybercriminals, with recent research from GreatHorn showing that a third of IT professionals are dealing with attacks every day.

In order to bolster defences the company is launching an update to its security platform offering visibility across the entire email security stack with intelligent phishing detection and response capability.

Continue reading →

As businesses have switched to remote work environments, it has exposed pre-existing security gaps in at-home networks and other vulnerabilities for cybercriminals to take advantage of.

Cybersecurity specialist SonicWall is launching a new solution combing high-performance firewalls, cloud-native management and on-premise threat analysis to deliver cost-effective security for complex business networks.

Continue reading →

The use of security operations centers has become commonplace in larger organizations. But how can businesses unlock their full potential to protect their systems?

We spoke to Matt Walmsley, head of EMEA marketing at network detection and response specialist Vectra AI, to find out.

Continue reading →

The security of public clouds continues to be a major challenge, with 75 percent of respondents to a new survey saying they are 'very' or 'extremely' concerned about it.

The study from Check Point and Cybersecurity Insiders shows 68 percent say their organizations used two or more different public cloud providers, which means that security teams often have to use multiple security tools and management consoles to try to enforce security and compliance across the different environments.

Continue reading →

An unpatched vulnerability in the Windows Print Spooler exists that could be exploited by an attacker to run malicious software with elevated system privileges.

The issue affects Windows 7, Windows 8.x, Windows 10 as well as versions of Windows Server. It is being tracked as CVE-2020-1048 and CVE-2020-1337 and has a severity rating of "Important". Despite having been acknowledged by Microsoft back in May, a working patch is yet to be rolled out.

Continue reading →

Following a five month absence, Emotet has returned to number one spot in the malware charts in the latest Global Threat Index for July from Check Point Research.

Since February 2020, Emotet's activities -- primarily sending waves of malspam campaigns -- started to slow down and eventually stopped, until re-emerging in July. This pattern echoes 2019 when the Emotet botnet ceased activity during the summer months but resumed in September.

Continue reading →

Researchers at Abnormal Security have detected an increase in business email compromise attacks that successfully compromise email accounts despite the use of multi-factor authentication (MFA) and Conditional Access.

This is possible because legacy email protocols, including IMAP, SMTP, MAPI and POP, don't support MFA. In addition many common applications -- such as those used by mobile email clients (for example, iOS Mail for iOS 10 and older) -- don't support modern authentication.

Continue reading →

Cyber exposure company Tenable has published a global industry study, carried out by Forrester Consulting, that reveals the vast majority of organizations (94 percent) have experienced a business-impacting cyberattack in the past 12 months.

Yet despite this only four out of 10 security leaders say they can answer the fundamental question, 'How secure, or at risk, are we?' with a high level of confidence.

Continue reading →