Articles about Security

There are many reasons for wanting to share passwords, and it is surprising -- and also a source of irritation -- that doing so is not easier. But Google is looking to change this by introducing a dedicated password sharing option to Chrome.

Users of the browser will soon be able to use the Password Manager function of the browser to quickly share login details with others. To start with, it appears that Google will limit sharing to people you have added to your Google Family Group, but it is possible that this will be opened up further in future.

Continue reading →

Following on from the Meltdown flaw and other related vulnerabilities, a more recent security issue was discovered in the form of Downfall. Tracked as CVE-2022-40982, exploitation of the flaw is known as a transient execution attack and it affects Intel CPUs.

Microsoft has not only acknowledged that the problem exists, but has now provided details of mitigation techniques that can be used. In security advisory KB5029778, the company gives instructions for users of Windows 10, Windows 11 and Windows Server.

Continue reading →

Google is introducing what it is referring to as "stronger protection for additional sensitive actions taken in Gmail".

It's a security measure that builds on safeguards added to Google Workspace accounts last year. It means you will start to see "Verify it's you" warnings when you try to do certain things with your Gmail account, requiring user verification before particular settings can be changed.

Continue reading →

Security is vital for digital communication, and that's why the likes of Telegram and WhatsApp's end-to-end encryption (E2EE) is so important and popular. Meta has long been keen to expand this security feature to its various other messaging platforms, and now the Facebook-owner has announced that it is implementing E2EE for all Messenger users.

The company points out that this is currently a test phase, so while more and more people will see immediate security enhancements, the rollout will not be complete until the end of the year.

Continue reading →

Users of the archiving utility WinRAR are being advised to update their software as soon as possible following the discovery of a serious Remote Code Execution vulnerability.

Tracked as CVE-2023-40477, the security flaw was discovered back in June and it allows malicious code to run when opening a RAR archive. Two months on, the issue has been fixed, but users of the software will have to ensure that they have the latest update installed to guarantee protection.

Continue reading →

Financial services firms deploy an increasingly complicated mix of technologies, systems, applications, and processes to serve customers and partners and to solve organizational challenges. Focused heavily on consumer hyper-personalization, banks are evolving more and more digital assets and services to meet and exceed growing customer experience expectations. 

As a result, the modern banking environment is heavily reliant on APIs to the point that they are now indispensable. APIs allow financial banks to connect with their ecosystem, while inspiring innovative developers to create new products, improve existing services, and work more efficiently. 

Continue reading →

A few months back, we learned of Microsoft's new Windows Backup app. At the time it was only made available to users of Windows 11 signed up as Insiders on the Dev channel.

Now this handy utility is making its way to Windows 10 as well. For now, it is included in the build pushed to the Release Preview Channel last week, but this means it won't be long until Window 10 users have access to an official backup tool from Microsoft which is about more than just safeguarding files.

Continue reading →

Despite their weaknesses, many organizations continue to rely on a fundamentally flawed traditional security approach that exposes their systems, their data, their users, and their customers to significant risk. Yes, I’m talking here about passwords.

While password practices may have remained a security staple over the decades, the proliferation of digital services offers rich pickings for cybercriminals. Using various methods to gain access to digital accounts, cyber criminals typically target passwords to conduct an attack or account takeover. That’s because passwords are easy to steal and share.

Continue reading →

We can all agree that the effective detection and diagnosis of security threats is a fundamental component of cyber resilience. After all, you cannot protect yourself against what you can’t see, right? With organizations rapidly bolstering their security programs and allocating significant investments to advanced technologies to increase visibility into threats and exposures, many have made notable strides in their ability to expedite the detection of abnormal behavior within their environments. However, this hasn’t come without a cost.  

Monitoring and threat analysis capabilities are deployed widely across most modern organization's technical infrastructure. Everything ranging from firewalls to email filtering and credential scanning. And the laundry list is proliferating as attackers leverage other weaknesses to spy on and steal data. This is where we begin to encounter challenges. Wading through these alerts, diagnostic analysis and remediation insights has caused a great deal of strain on cyber efficiency and security teams.

Continue reading →

Google has announced that it will release security updates for Chrome on a weekly basis, doubling the speed with which fixes are delivered to the stable channel.

This will not change the release schedule for significant new versions of Chrome, but it means that users of the browser can enjoy greater security. Google's change in pace is designed to reduce the "patch gap", with the company saying that it treats "all critical and high severity bugs as if they will be exploited".

Continue reading →

Navigating the complexities of today’s digital landscape, it's clear that cyber security can no longer be the sole accountability and responsibility of one person -- the CISO. As cyber threats evolve, becoming more frequent and sophisticated, a single individual can't feasibly manage it all. As a result, and at some point in the future, we may dare to consider that the traditional CISO role might eventually become obsolete as business units become secure-by-design.

We need to pivot. Rather than placing the weight of managing an organization's entire security on the shoulders of one person, we need to integrate cyber security throughout every layer of our operations. This means moving towards a world where every business unit and every employee in an organization understands and owns their role in maintaining cyber security.

Continue reading →

Microsoft has released a large new cumulative update for Windows 11 in the form of the KB5029263 update.

As this release fixes a series of security issues in the operating system, everyone running Windows 11 22H2 should install it as soon as possible. KB5029263 is a mandatory update so it will be installed automatically -- eventually -- but it is important enough to justify taking manual action to ensure you have it immediately.

Continue reading →

Investigation of information security incidents is the last stage of enterprise protection and one of its most important parts, helping to minimize the damage caused by hackers and build defenses to prevent future incidents. The investigation assists in evaluating the security of the company's IT infrastructure and in formulating recommendations for its enhancement.

Incident investigation is a crucial component of any enterprise's information security framework. Merely monitoring the work of the security tools is not enough, as security incidents are happening all the time. Without a proper response to these incidents, the enterprise, in effect, lacks adequate information security protection.

Continue reading →

No one would dispute that communication is vital, if not the most critical factor, to the success of any organization. But in the now not-so-new remote and hybrid work environment, it is harder than ever before to maintain the same level of communication, collaboration, speed -- and therefore productivity -- that was once available in the office environment.  

As enterprises look to technology to navigate the challenges of remote and hybrid working, providing tools that help employees work in a safe and secure manner is now, more than ever, an enabler of business success. Equipping employees with full-featured mobile messaging and collaboration tools with built-in security, control, and compliance is essential for helping them safely succeed in the digital world of work. 

Continue reading →

In today’s fast-paced development environment, a comprehensive API security testing strategy is no longer a luxury, but a necessity. Testing your APIs for security gaps ensures that your APIs functions are reliable, secure, and perform as expected under different circumstances. It helps to identify issues such as incorrect data formats, missing or inaccurate data, and faults in authentication or authorization.  

Proper API testing can also help to minimize downtime, reduce the risk of errors, and improve the overall quality of the software system. However, it’s important to note that comprehensive API security testing is a discipline in and of itself.

Continue reading →