Articles about Security

With a shift to remote working many more businesses are embracing BYOD, but a new report from Bitglass suggests that security arrangements are failing to keep pace.

In the study, 69 percent of respondents say that employees at their companies are allowed to use personal devices to perform their work, while 26 percent also enable BYOD for contractors, 21 percent for partners, and some even for customers, and suppliers.

Continue reading →

New research from risk prevention specialist Digital Shadows finds there are more than 15 billion sets of usernames and passwords in circulation in cybercriminal marketplaces -- the equivalent of more than two for every person on the planet.

The number of stolen and exposed credentials has risen 300 percent from 2018 as the result of more than 100,000 separate breaches. Of these, more than 5 billion were assessed as 'unique' -- that is not advertised more than once on criminal forums.

Continue reading →

Credential theft via social engineering is a major cause of data breaches, but with a more dispersed workforce it becomes harder to guard against.

Security platform MobileIron is launching a new multi-vector mobile phishing protection solution for iOS and Android devices to help organizations defend themselves.

Continue reading →

Microsoft has revealed a new anti-malware service by the name of Project Freta. The company describes it as a "free service from Microsoft Research for detecting evidence of OS and sensor sabotage, such as rootkits and advanced malware, in memory snapshots of live Linux systems".

Project Freta is cloud-based, and the memory forensics tool was created by the NExT Security Ventures (NSV) team in Microsoft Research.

Continue reading →

New analysis carried out by Kaspersky of attacks on mobile devices has revealed that 14.8 percent of its users who were targeted by malware or adware in 2019 suffered a system partition infection, making the malicious files undeletable.

It also finds that pre-installed default applications have role to play, depending on the brand, the risk of applications that can't be deleted varies from one to five percent in low-cost devices and goes up to 27 percent in extreme cases.

Continue reading →

New research from security management platform Exabeam reveals that 88 percent of UK security practitioners have accelerated their move to the cloud, driven by the need to support a remote workforce.

Significantly, almost half of respondents (44 percent) are now using cloud-based security products to protect their corporate financial information. This is a sharp increase compared to Exabeam's earlier study where just 12 percent were protecting corporate financial information in this way.

Continue reading →

In the first quarter of this year, DDoS attacks rose more than 278 percent compared to Q1 2019 and more than 542 percent compared to the previous quarter.

This is among the findings of the Nexusguard Q1 2020 Threat Report. Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic, causing DDoS attacks to interrupt service for large companies and individuals alike.

Continue reading →

The T2 chip included in more recent Macs helps to boost security in a number of ways. As well as preventing unsigned software from booting, the chip also secures the entire boot process and handles drive encryption.

But T2 chip can also cause headaches for owners of such machines. The security built into the chip forces users to perform some system repairs -- such as the Touch ID sensor -- with Apple rather than a third party. It can also cause huge problems when it comes to data recovery; that is, unless you're using EaseUS Data Recovery Wizard for Mac.

Continue reading →

A new study by machine identity protection specialists Venafi of the opinions of 550 chief information officers (CIOs) from the US, UK, France, Germany and Australia finds that 75 percent name TLS certificates as their top concern.

TLS certificates act as machine identities, safeguarding the flow of sensitive data to trusted machines and, thanks to the acceleration of digital transformation, the number of machine identities is rising.

Continue reading →

In a new survey of over 165 developers, AppSec and DevOps professionals, application security automation company ShiftLeft finds that 96 percent of developers believe the disconnect between developer and security workflows inhibits developer productivity.

When asked to prioritize, application security professionals rank creating developer-friendly security workflows as their top priority, even higher than protecting applications in production environments.

Continue reading →

The Cofense Phishing Defense Center (PDC) has unearthed a new phishing campaign in multiple enterprise email environments protected by Proofpoint and Microsoft that delivers .ics calendar invite attachments containing phishing links in the body.

The researchers assume that the attackers believe putting the URL inside a calendar invite would help the messages to avoid automated analysis.

Continue reading →

Reuse of the same or similar passwords across accounts makes life easier for cybercriminals as they are able to try multiple servers using credentials exposed in breaches -- so called 'credential stuffing'.

Enterprise password manager 1Password is launching a new reporting tool for its users that allows them to swiftly identify compromised accounts and take action to protect the enterprise by alerting users to create new secure passwords.

Continue reading →

European managed security services company Orange Cyberdefense today reveals the findings of its inaugural Security Navigator, which shows a 23 percent decline in the number of recorded malware incidents in 2019.

The total number of security events have, however, increased. The company analysed 263,109 events from data obtained from its 10 CyberSOCs and 16 SOCs. Out of these events it identified 11.17 percent as verified security incidents. This represents a 34.4 percent increase over the previous year's rate of 8.31 percent.

Continue reading →

The UK's Computer Misuse Act came into effect 30 years ago, but security professionals are warning that it is no longer fit for purpose and may even be hindering their efforts.

A coalition of businesses, trade bodies, lawyers and think tanks from across the cybersecurity industry have today taken the unprecedented step of uniting to write a letter to the prime minister urging him to reform the law.

Continue reading →

Open source components are now at the core of many applications and a good deal of infrastructure. But what implications does this have for security?

The Information Security Forum has released a new paper, Deploying Open Source Software: Challenges and Rewards, to help security professionals recognize the benefits and perceived challenges of using open source and set up a program of protective measures to effectively manage it.

Continue reading →