Articles about Security

They're all likely to be part of your password according to a new survey from security.org which asked 750 Americans to share their password strategies and security habits.

It reveals some worrying trends, 45 percent of Americans are using passwords that are eight characters or less, with only 15 percent using strong password generators.

Continue reading →

The results of a six-month investigation into a botnet that targets a vulnerability in content management systems have been released today by Imperva Research Labs.

The botnet known as 'KashmirBlack' first appeared around November 2019 and is still active. It's managed by a single command and control server and uses more than 60 servers -- mostly innocent surrogates -- as part of its infrastructure.

Continue reading →

Cybersecurity company ESET is launching new versions of its Windows consumer security products offering improved levels of protection.

ESET Internet Security, ESET NOD32 Antivirus and ESET Smart Security Premium get a wide range of security improvements covering malware detection, online banking, password security and smart home support.

Continue reading →

The number of reported machine identity-related cyberattacks grew by 433 percent between 2018 and 2019, according to a new report from Venafi.

Between 2015 and 2019, the number of reported cyberattacks that used machine identities grew by more than 700 percent. Over the same period the number of vulnerabilities involving machine identities grew by 260 percent, increasing by 125 percent between 2018 and 2019.

Continue reading →

The switch to remote working has left many organizations lagging in productivity and revenue due to the deficiency of their remote access solutions.

A new report from Secure Access Service Edge (SASE) provider Perimeter 81 reveals that 19 percent of IT leaders surveyed say they often or always experience network performance and latency issues when using legacy remote access solutions while an additional 43 percent say they sometimes do.

Continue reading →

Two new global studies from network specialist Cisco reveal an increase in consumer concern about data sharing during the pandemic and the security challenges organizations face supporting employees and customers in our remote-first world.

The reports also highlight the opportunities presented by the accelerated transition to a cloud-first, remote world that demands us to be secure, connected and productive from anywhere.

Continue reading →

Consumer loyalty programs in the retail, hospitality and travel industries rely on gathering information about their users. For criminals this can offer everything they need to get started in a number of crime-related ventures, from account takeovers, to straight-up identity theft.

A new report from Akamai reveals more than 63 billion credential stuffing attacks on the commerce category -- comprising the retail, travel, and hospitality industries -- over the last two years, 90 percent of them against retailers.

Continue reading →

As we approach 2021, there’s a new technology revolution underway. Yes, software is king -- but our data is siloed in applications. In order to achieve the next rung of technology innovation, we must take a Data-Centric and API-first approach to software development to allow for better connections between your ecosystems of tools.

The breed of software solutions that emerge in this coming decade will disabuse themselves of the dreaded, empty promise of the 'single pane of glass'. They will prioritize development for the API and reduce the reliance on UI for data management.

Continue reading →

The COVID-19 pandemic has led many enterprises to fast-track their adoption of remote work technologies and many have turned to SaaS as a way to enable this.

But this has put new pressure on security teams. A new survey from SaaS security specialist AppOmni finds that of over 200 IT security specialists 90 percent have recently received additional responsibilities and two-thirds have less time to effectively manage and secure SaaS applications.

Continue reading →

In a new study 90 percent of participants report that cybersecurity technology is not as effective as it should be when it comes to protecting organizations from cyber risk.

However, the report from Debate Security, an independent organization bringing together industry experts to debate how the cyber market can be improved, shows considerable disagreement on evaluating cybersecurity technology efficacy and performance, with not a single common definition named by respondents.

Continue reading →

As we head towards a COVID Christmas it's likely that many more people will be doing their holiday shopping online.

But while this is good news for online retailers it's also an opportunity for fraudsters. This year has already seen a surge in attacks on eCommerce sites and there are certain to be more to come. We spoke to Satnam Narang, staff research engineer at Tenable to find out more about the latest vulnerabilities and how businesses can protect themselves.

Continue reading →

Some nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms.

This is one of the findings of Accenture's latest Cyber Threatscape Report. Analysts have seen attackers using a combination of off-the-shelf tooling -- including 'living off the land' tools, shared hosting infrastructure and publicly developed exploit code -- and open source penetration testing tools to carry out cyberattacks and hide their tracks.

Continue reading →

Unbeknownst to Windows 10 users until now, a security vulnerability existed in Windows Setup, the process with runs when installing Feature Updates for the operating system.

The vulnerability (CVE-2020-16908) made it possible for a locally authenticated attacker to run arbitrary code with elevated system privileges. This flaw could be exploited to install software, create new user accounts, or interfere with data.

Continue reading →

Linux-based operating systems are generally considered to be more secure than the likes of Windows, but that does not mean they are completely without security issues. Google security researcher have issued a warning about a series of "zero-click" vulnerabilities in the Linux Bluetooth stack.

Dubbed BleedingTooth, the collection of security flaw could allow for remote code execution attacks. The issue affects Linux kernel 4.8 and higher, and can be found in the open-source BlueZ protocol stack. It has been assigned CVE-2020-12351 and a CVSS score of 8.3.

Continue reading →

Securing enterprise networks used to be a matter of simply defending the perimeter, but in the new normal world of much higher levels of remote access, things have become more complicated.

One of the technologies being used increasingly by businesses is Secure Access Service Edge (SASE). We spoke to Mike Wood, chief marketing officer of Versa Networks, to discover more about SASE and what it can deliver.

Continue reading →