Articles about Security

Information Security Handbook is a practical guide that’ll empower you to take effective actions in securing your organization’s assets.

Whether you are an experienced security professional seeking to refine your skills or someone new to the field looking to build a strong foundation, this book is designed to meet you where you are and guide you toward improving your understanding of information security.

Continue reading →

AI is growing in popularity and this trend is only set to continue. This is supported by Gartner which states that approximately 80 percent of enterprises will have used generative artificial intelligence (GenAI) application programming interfaces (APIs) or models by 2026. However, AI is a broad and ubiquitous term, and, in many instances, it covers a range of technologies.

Nevertheless, AI presents breakthroughs in the ability to process logic differently which is attracting attention from businesses and consumers alike who are experimenting with various forms of AI today. At the same time, this technology is attracting similar attention from threat actors who are realising that it could be a weakness in a company’s security while it could also be a tool that helps companies to identify these weaknesses and address them.

Continue reading →

Microsoft has released its first batch of cumulative security updates of 2024, including the KB5034123 update for Windows 11. While the security fixes are a good reason for installing this particular update, there are plenty of other enticements too.

The KB5034123 update addresses various non-security issues including Wi-Fi connectivity problems and a bug that caused Windows to shut down. The update also ushers in new lock screen options thanks to the addition of a "richer weather experience" complete with dynamic, interactive weather updates.

Continue reading →

Cybercrime and data breaches have escalated to alarming levels, with the global estimated cost of cybercrime in the cybersecurity market reaching over $8 Trillion in 2023. Projected to rise by an additional $5.7 trillion (+69.94 percent) by 2028, the urgency for advanced endpoint security solutions has never been more apparent.

Cybercrime and data breaches have become some of the most significant threats individuals and organizations face in the modern business world. As technology continually advances, so do the methods employed by cybercriminals to exploit it. As a result, endpoint security solutions have become a vital tool for businesses and individuals seeking to protect their devices and sensitive data from harm.

Continue reading →

Cloud investment is central to staying competitive in modern business. Gartner estimated that global end-user cloud investment reached nearly $600 billion this year and forecasts a 20 percent increase in spending in 2024. But as investment in and reliance on the cloud increases, so must investment in cloud security.

Expanding cloud usage means an expanding attack surface for threat actors to target. Research from Vanson Bourne, commissioned by Illumio, found that nearly half (47 percent) of all security breaches now start in the cloud.

Continue reading →

Today’s complicated threat landscape leaves security teams grappling with new challenges on a scale never seen. Threat actors are more organized and efficient, leveraging a vast ecosystem of tools and services that cater to experts and beginners alike. In early March, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory warning of the resurgence of Royal ransomware with new compromise and encryption tactics used to target specific industries, including critical infrastructure, healthcare and education.

Cyberattacks are only increasing and growing more destructive, targeting supply chains, third-party software, and operational technology (OT). Gartner predicts that by 2025, threat actors will weaponize OT environments successfully to cause human casualties. This is happening at a time of increased technology adoption led by accelerated digital transformation efforts, hybrid work and the Industrial Internet of Things (IoT) boom, leaving security teams to manage an evolving and growing attack surface and multiplying vulnerabilities.

Continue reading →

Google is in the process of rolling out a trio of important updates to Chrome, kicking off with an improvement to Safety Check. This security feature will now run automatically in the background, allowing for proactive alerts about security issues that need attention.

Other updates include improvements to tab groups that makes it possible to access them on other computers, and enhancements to Memory Saver. But the company also hints at big plans for 2024, with the promise of "smarter and more helpful features" powered its Gemini AI model.

Continue reading →

Cyber Threat Intelligence introduces the history, terminology, and techniques to be applied within cyber security, offering an overview of the current state of cyberattacks and stimulating readers to consider their own issues from a threat intelligence point of view. The author takes a systematic, system-agnostic, and holistic view to generating, collecting, and applying threat intelligence.

The text covers the threat environment, malicious attacks, collecting, generating, and applying intelligence and attribution, as well as legal and ethical considerations.

Continue reading →

Never trust, verify everything! This is the premise on which the "Zero Trust" approach was founded. This model of cybersecurity involves implementing controls designed to ensure that only verified users can access company resources, and from similarly approved devices.

This strategy is increasingly being adopted in response to the challenges faced by small and medium-sized enterprises (SMEs), such as the continued evolution of hybrid working, the use of Bring Your Own Device (BYOD) and the increase and sophistication in cyber-attacks. Whereas previously SMEs thought they weren’t a target, now they are seen as the weaker link from a hackers’ perspective and increasingly they are falling victims to cyber attacks.

Continue reading →

Web applications remain one of the most targeted areas for threat actors. According to Verizon’s Data Breach Investigations Report, web application attacks were behind 26 percent of all successful attacks during the twelve months covered. Yet while the methods for attacking web applications are well known and understood, as evidenced by the work that the Open Web Application Security Project (OWASP) has done on their Top Ten list over the years, many companies still find hardening their applications challenging.

Authorization and access control describe the biggest set of challenges identified by OWASP in their most recent Top 10 list (2021) -- three out of the top five issues were around broken authorization, while broken authentication and improper access to resources were also common problems. The OWASP Top 10 for 2021 also includes attacks that work on unrestricted access to sensitive business flows, which covers areas like creating fake accounts, and server side request forgery where APIs can send resources to the wrong locations.

Continue reading →

Open-source software (OSS) is now so widely used that it is incredibly difficult to find an organization that doesn’t incorporate OSS in some form or another -- whether that be in a standalone open-source product, or more commonly, in the form of OSS packages. Though its usefulness cannot be doubted, the prevalence of this software is exactly what makes it a major target for cyber-attacks.

A prime example of this is Log4j, a popular logging utility used by scores of organizations for recording events such as status reports and errors. In a situation which came to be known as 'Log4shell', a zero-day vulnerability allowed threat actors to compromise systems using malicious code and take control all while remaining undetected. At the time, its impact was described as "enormous" and the implications of its implementation into countless commercial products underlined the inherent vulnerabilities of some open-source technologies when weak points are exposed.

Continue reading →

With the release of the KB5033375 update, Microsoft has delivered not only a series of security patches to Windows 11, but also an important upgrade to Copilot.

The AI-powered digital assistant has proved problematic for many users, and now Microsoft has taken steps to fix things. There are also fixes for lots of non-Copilot related issues, and a power consumption reducing update for Dynamic Lighting.

Continue reading →

The time of the month for Microsoft to release its security updates for Windows has rolled around again. The company has released the KB5033372 update for Windows 10, bringing not only security fixes, but other improvements and new features -- including Copilot.

As the KB5033372 update includes security fixes, it is rolling out to all Windows 10 users automatically. This means that everyone will be given access to a preview version of Microsoft's AI-powered digital assistant.

Continue reading →

With support for Windows 10 coming to an end in under two years, Microsoft has been trying to encourage everyone to upgrade to Windows 11. The reality is that this is not something that all Windows 10 users want to do, and it is not possible for many because of hardware requirements.

Now Microsoft has relented. The company has made a somewhat surprising move in giving all Windows 10 users the chance to pay for Extended Security Updates (ESU) when Windows 10 reaches end of service. Until now, the ESU program has only been available to larger organizations and enterprise customers. In opening it up to home users, Microsoft is effectively admitting that it foresees large numbers of people continuing to stick with Windows 10 -- so the company has decided to try to profit from this fact.

Continue reading →

2023 looks set to be yet another record-breaking year for ransomware attacks. According to Statista, over 72 percent of businesses worldwide have already been affected by ransomware attacks this year, with LockBit3.0 and CI0p Ransomware claiming the bulk of victims last quarter.

The scourge of modern digital businesses everywhere, the proliferation of ransomware shows no sign of slowing down thanks to the rise of ransomware-as-a-service (RaaS) platforms -- so much so that it has become the most prevalent issue confronting organizations today.

Continue reading →