Articles about Security

Consumer loyalty programs in the retail, hospitality and travel industries rely on gathering information about their users. For criminals this can offer everything they need to get started in a number of crime-related ventures, from account takeovers, to straight-up identity theft.

A new report from Akamai reveals more than 63 billion credential stuffing attacks on the commerce category -- comprising the retail, travel, and hospitality industries -- over the last two years, 90 percent of them against retailers.

Continue reading →

As we approach 2021, there’s a new technology revolution underway. Yes, software is king -- but our data is siloed in applications. In order to achieve the next rung of technology innovation, we must take a Data-Centric and API-first approach to software development to allow for better connections between your ecosystems of tools.

The breed of software solutions that emerge in this coming decade will disabuse themselves of the dreaded, empty promise of the 'single pane of glass'. They will prioritize development for the API and reduce the reliance on UI for data management.

Continue reading →

The COVID-19 pandemic has led many enterprises to fast-track their adoption of remote work technologies and many have turned to SaaS as a way to enable this.

But this has put new pressure on security teams. A new survey from SaaS security specialist AppOmni finds that of over 200 IT security specialists 90 percent have recently received additional responsibilities and two-thirds have less time to effectively manage and secure SaaS applications.

Continue reading →

In a new study 90 percent of participants report that cybersecurity technology is not as effective as it should be when it comes to protecting organizations from cyber risk.

However, the report from Debate Security, an independent organization bringing together industry experts to debate how the cyber market can be improved, shows considerable disagreement on evaluating cybersecurity technology efficacy and performance, with not a single common definition named by respondents.

Continue reading →

As we head towards a COVID Christmas it's likely that many more people will be doing their holiday shopping online.

But while this is good news for online retailers it's also an opportunity for fraudsters. This year has already seen a surge in attacks on eCommerce sites and there are certain to be more to come. We spoke to Satnam Narang, staff research engineer at Tenable to find out more about the latest vulnerabilities and how businesses can protect themselves.

Continue reading →

Some nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms.

This is one of the findings of Accenture's latest Cyber Threatscape Report. Analysts have seen attackers using a combination of off-the-shelf tooling -- including 'living off the land' tools, shared hosting infrastructure and publicly developed exploit code -- and open source penetration testing tools to carry out cyberattacks and hide their tracks.

Continue reading →

Unbeknownst to Windows 10 users until now, a security vulnerability existed in Windows Setup, the process with runs when installing Feature Updates for the operating system.

The vulnerability (CVE-2020-16908) made it possible for a locally authenticated attacker to run arbitrary code with elevated system privileges. This flaw could be exploited to install software, create new user accounts, or interfere with data.

Continue reading →

Linux-based operating systems are generally considered to be more secure than the likes of Windows, but that does not mean they are completely without security issues. Google security researcher have issued a warning about a series of "zero-click" vulnerabilities in the Linux Bluetooth stack.

Dubbed BleedingTooth, the collection of security flaw could allow for remote code execution attacks. The issue affects Linux kernel 4.8 and higher, and can be found in the open-source BlueZ protocol stack. It has been assigned CVE-2020-12351 and a CVSS score of 8.3.

Continue reading →

Securing enterprise networks used to be a matter of simply defending the perimeter, but in the new normal world of much higher levels of remote access, things have become more complicated.

One of the technologies being used increasingly by businesses is Secure Access Service Edge (SASE). We spoke to Mike Wood, chief marketing officer of Versa Networks, to discover more about SASE and what it can deliver.

Continue reading →

The General Data Protection Regulation (GDPR) came into force in the EU in May 2018 with the aim of giving individuals greater protection over how businesses use their data.

But the COVID-19 pandemic has thrown up new challenges and remaining compliant with the regulations in an age of remote working is one of them. We spoke to Brendan Kiely, managing director and co-founder of secure remote working specialist ThinScale Technology to discuss the implications of GDPR and the 'new normal'.

Continue reading →

New research from Exabeam reveals that while 88 percent of cybersecurity professionals believe automation will make their jobs easier, younger staffers are more concerned that the technology will replace their roles.

The 2020 Cybersecurity Salary, Skills and Stress Survey, an annual survey of security practitioners finds overall satisfaction levels continue a three-year positive trend, with 96 percent of respondents indicating they are happy with their role and responsibilities and 87 percent pleased with salary and earnings.

Continue reading →

APIs have become an important mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, using back end data and logic to create new and innovative offerings.

But in order to use them safely they need to be secured and that means understanding what APIs there are in your environment, what their function is and what their traffic profile looks like.

Continue reading →

Virtual appliances are an inexpensive and relatively easy way for software vendors to distribute their wares for customers to deploy in public and private cloud environments, but new research shows appliances often have exploitable and fixable vulnerabilities, or are running on outdated or unsupported operating systems.

The Orca Security research study found 401,571 total vulnerabilities in scanning 2,218 virtual appliance images from 540 software vendors. This means less than eight percent of virtual appliances were free of known vulnerabilities.

Continue reading →

Targeting of SaaS user accounts was one of the fastest-growing problems for organizations, even before COVID-19 forced a rapid shift to remote work, but a new report shows cybercriminals are using built-in Office 365 services in their attacks.

The study from network detection and response company Vectra, based on four million monitored Office 365 accounts, shows that 71 percent of of those surveyed had seen suspicious Office 365 Power Automate behaviors.

Continue reading →

According to a new report, 71 percent of healthcare organizations are now more concerened about insider threats than they were before the pandemic.

The study from Netwrix shows that pre-pandemic, these organizations were mostly concerned about employees accidentally sharing sensitive data (88 percent) and rogue admins (80 percent). Today they are worried about phishing (87 percent), admin mistakes (71 percent) and data theft by employees (71 percent).

Continue reading →