Poor privacy practices increase the chances of a data breach
Companies with the worst privacy practices are 80 percent more likely to experience a data breach according to a new study.
Data privacy platform Osano used its evaluation framework to measure the privacy practices of the top 10,000 websites against 163 different factors to develop an Osano Privacy Score.
The internet is becoming more secure -- but only slowly
New research from security analytics and automation company Rapid7 reveals that the security of the internet overall is improving and the number of insecure services such as SMB, Telnet, rsync, and the core email protocols all decreased from the levels seen in 2019.
However, the National/Industry/Cloud Exposure Report (NICER) shows vulnerabilities and exposures still plague the modern internet even with the increasing adoption of more secure alternatives to insecure protocols, like Secure Shell (SSH) and DNS-over-TLS (DoT).
Cyber crisis simulator aims to improve incident responses
While cyberattacks are played out on technology platforms, it's often the effectiveness -- or otherwise -- of the human response that determines how they impact an organization.
It can be hard to prepare teams to deal with the realities of an attack, but Immersive Labs is looking to change that with the launch of its industry first Cyber Crisis Simulator.
How e-signatures are changing the commercial world [Q&A]
The idea of electronic signatures has been around for a while, but their importance has been highlighted by recent changes brought about by the COVID-19 pandemic, meaning signing documents in person may be difficult.
We spoke to Sameer Hajarnis, practice lead for e-signature at digital fraud prevention specialist OneSpan to find out more about adopting e-signatures in the current business landscape, what businesses need to look for and how these technologies can securely enable efficiencies, improve processes, ensure legal compliance and deliver an improved customer experience.
How to defend against hackers
Why DevOps teams need to take container security seriously [Q&A]
Earlier this year hackers were able to exploit container platform Kubernetes to install cryptomining software in Microsoft Azure.
Fei Huang, chief strategy officer at container security platform NeuVector believes that this should be a wake up call to get the attention of enterprise DevOps and DevSecOps teams. We spoke to him to find out more about the risks and how they can be addressed.
80 percent of companies see more cyberattacks during the pandemic
Since the onset of the COVID-19 crisis earlier this year 80 percent of companies have seen 'slightly to considerably more' cyberattack attempts, breaking down to 88 percent in the US and 74 percent in the UK.
SIEM specialist Exabeam surveyed more that 1,000 IT security professionals at small- to medium-sized enterprises and finds that a third of respondents experienced a successful cyberattack during COVID-19, leading to network downtime for 40 percent of UK companies and 38 percent of US companies.
Check Point works with Zoom to fix 'Vanity URL' vulnerability
Researchers at Check Point have been working with Zoom to to fix a security issue that would have allowed hackers to manipulate organizations’ customizable Zoom 'Vanity URLs'.
The vulnerability would allow attackers to send legitimate-looking meeting invitations, with the aim of inserting malware and stealing data or credentials from unsuspecting victims.
VPN with 'strict no-logs policy' exposed millions of user log files including account passwords
An unprotected database belonging to the VPN service UFO VPN was exposed online for more than two weeks. Contained within the database were more than 20 million logs including user passwords stored in plain text.
User of both UFO VPN free and paid services are affected by the data breach which was discovered by the security research team at Comparitech. Despite the Hong Kong-based VPN provider claiming to have a "strict no-logs policy" and that any data collected is anonymized, Comparitech says that "based on the contents of the database, users' information does not appear to be anonymous at all".
New research provides organizations with a roadmap for cloud security
Organizations often rush into cloud deployments without fully appreciating all of the risks that they can present.
A new report from cybersecurity advisory and assessment services firm Coalfire identifies key considerations, common pitfalls, and practical advice for professionals who have responsibility for enterprise cloud strategy, planning, adoption, and operations.
13 percent of Q1 phishing attacks related to COVID-19
In the first quarter of 2020 phishing attacks increased by 22.5 percent compared to the end of 2019, and 13 percent of all phishing was related to COVID-19.
A new report from Positive Technologies also shows that in Q1 there were 23 very active APT groups whose attacks targeted mostly government agencies, industrial, finance, and medical institutions.
F-Secure uncovers counterfeit Cisco network devices
Finnish cybersecurity company F-Secure has published a report detailing its investigation into a pair of counterfeit Cisco network switches.
The investigation concludes that the counterfeits had been designed to bypass processes that authenticate system components. Two different counterfeit versions of Cisco Catalyst 2960-X series switches were discovered by an IT company after a software update stopped them from working.
SIGRed: Microsoft releases patch for critical, wormable vulnerability in Windows DNS Server
As part of this month's Patch Tuesday, Microsoft has issued a fix for a 17-year-old Windows DNS Server vulnerability. Known as SIGRed and tracked as CVE-2020-1350, the flaw is a serious one that has been assigned a CVSS base score of 10.0.
The vulnerability affects all version of Windows Server and is a wormable remote code execution flaw that requires no user interaction. In addition to issuing a critical patch, Microsoft has also provided details of a workaround for anyone who is unable to deploy the fix immediately
New security platform traces end-to-end cloud app activity
Using complex cloud applications built with microservices and APIs can often expose business logic that threat actors use to infiltrate applications and private data.
A new application security company Traceable is launching today with a platform that traces end-to-end application activity from the user and session all the way through the application code. Traceable's TraceAI machine learning and distributed tracing technology analyzes data to learn normal application behavior and detect any activity that deviates from the norm.
Email impersonation attacks target dispersed workforces
With increased numbers of people working remotely, a new report reveals that cybercriminals are using email impersonation to prey on the sense of urgency of an increasingly distracted and dispersed workforce.
Email security company GreatHorn has collected data from over 640 security, IT and C-suite professionals to gain a better understanding of new threat vectors and attack strategies. It found almost half of respondents (48.7 percent) report seeing impersonations of people such as colleagues, customers or vendors.
Recent Headlines
Most Commented Stories
Windows 12.1 is everything Windows 11 should be -- and the Microsoft operating system we need!
Apple Intelligence will launch in beta and that’s unacceptable for a trillion-dollar company
© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.