QR code use grows in popularity but poses hidden risks


The use of QR codes has risen during the pandemic as they offer a perfect solution to contactless interaction. But many employees are also using their mobile devices to scan QR codes for personal use, putting themselves and enterprise resources at risk.
A new study from security platform MobileIron shows that 84 percent of people have scanned a QR code before, with 32 percent having done so in the past week and 26 percent in the past month.
Kaspersky says Linux systems are increasingly being targeted by hackers


Hackers are increasingly turning their attention to attacking Linux servers and workstations, according to security researchers from Kaspersky.
While it is Windows systems that have traditionally been in the cross-hairs of attackers, advanced persistent threats (APTs) are now a serious issue in the Linux world. Linux systems are being specifically targeted with an ever-widening selection of malware tools.
Dashlane launches new password health reporting tool for businesses


Good security practices are more important than ever in the current climate, with people working from home using their own devices.
Password management specialist Dashlane is launching a new reporting tool that gives company administrators in-depth visibility into employee password security along with the ability to track improvements over time.
Organized attacks on cloud infrastructure and software supply chain increase


A new threat report from Aqua Security reveals a growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure.
While most attacks uncovered by Team Nautilus, Aqua's cybersecurity research team, were aimed at abusing public cloud compute resources for cryptocurrency mining, the methods used also open the door for higher-value targets that look to exploit security gaps in container software supply chains and runtime environments.
Zoom boosts security with 2FA for all users


After suddenly hitting the big time during the coronavirus pandemic, video conferencing tool found itself the center of attention for both good and bad reasons. While people welcome the app facilitating remote working, Zoom's security and privacy credentials were called in to questions in a series of incidents.
The company subsequently promised to take action to improve things in these areas, and over the summer there have been ongoing updates to Zoom. Now two-factor authentication (2FA) has been made available to all users.
Making the case for Trust in Zero Trust


As WFH continues and bad actors and cyberthreats thrive, it is more critical than ever before for organizations to have a robust cybersecurity strategy in place. The best way to get started? Leverage Zero Trust.
The chief concern security teams have is keeping threats and attacks out of their organizations. This is why CISOs make significant investments in security controls that protect important vectors like the network, data center, cloud, email and endpoint. This defense-in-depth approach is essential to detect and block threats, but they need to be bolstered with Zero Trust capabilities. Why? Simply put, because attacks and breaches continue to occur. In fact, we know that 64 percent of CISOs believe their organization is more likely to experience a data breach due to COVID-19, and an additional 30 percent of CISOs have seen more attacks on their IT systems as a direct result of COVID-19.
Size matters when it comes to cybersecurity


Research from Coalfire Labs based on over 800 penetration tests finds that company size has a direct bearing on how effectively a business is able to fend off would-be attackers.
The study shows large and small companies see more than three times the year-on-year improvement of medium-sized companies. Although mid-size companies hit the cybersecurity sweet spot in 2018, they scrambled to keep up last year, and in 2020, improving only four percent year-on-year in fending off attackers compared to their bigger and smaller counterparts.
Why vishing is the new phishing and how to guard against it [Q&A]


We're all familiar with the menace of phishing but, particularly following the recent Twitter attack, other methods of stealing credentials have been on the rise.
These include 'smishing' (phishing via SMS) and 'vishing' (phishing by voice call). We spoke to Ed Bishop, CTO at email security company Tessian to find out how businesses can identify vishing and smishing attacks, how the attacks work, and how companies can protect their employees.
Hackers could use Windows 10 themes to steal passwords


People like to be individuals, and in the computing arena one way to be a little different is to change the look of Windows by using themes. But a security researcher has warned of a technique that could be exploited by hackers to trick users into divulging their Windows login details when applying a theme.
Malicious theme packs can be used to execute a "pass-the-hash" attack which sends passwords to a remote server. The specially designed themes are easy to create, andthe way the credential stealing attack works will fool many people -- but there are protective measures that can be put in place.
60 percent of emails in May and June were fraudulent


The COVID-19 pandemic has seen a spike in scams, phishing and malware across all platforms and attack vectors. The latest mid-year threat landscape report from Bitdefender shows that in May and June, an average of 60 percent of all received emails were fraudulent.
In addition there’s been a five-fold increase in the number of coronavirus-themed attacks and a 46 percent increase in attacks aimed at home IoT devices.
Remote work puts extra stress on SMB security teams


Smaller businesses are having to do more with less in terms of security, a situation made worse by the coronavirus pandemic.
The annual SMB IT Security Report from Untangle shows that 38 percent of SMBs are allocating $1,000 or less to their IT security budget, compared to 29 percent in 2019 and 27 percent in 2018.
Microsoft releases KB4497165 and KB4558130 microcode updates for Windows 10 to fix Intel security flaws


Earlier in the year, Intel announced that it had completed software validations on fixes for a series of security flaws affecting many of its processors discovered a couple of years ago. Now Microsoft, in conjunction with the chip-maker, released microcode updates for Windows 10 to fix these issues.
The four problems are connected to the now-infamous Spectre and Meltdown flaws from 2018. They relate to problems with the speculative execution function of many chips, and could allow for sensitive data to leak.
Everything you need to know about authentication


The shortcomings of password security are well known. Indeed the death of passwords has been predicted for a long time but they still cling on.
There are a number of alternative authentication methods available, but confusion still reigns about the pros and cons of different approaches. To help cut through the mass of information, identity management company Beyond Identity has put together an infographic looking at alternative authentication methods and the security each provides.
New threat intelligence system helps fight deepfakes


Concern about deepfakes is on the rise and earlier this week Microsoft announced its own video authentication tool ahead of the US elections.
To help counter the threat from increasingly sophisticated cyber attacks, including the use of deepfakes, biometric authentication company iProov is also launching its own Security Operations Centre (iSOC).
Cyberattacks and how they work


Cybercriminals in 2019 managed to expose more than 165 million records of confidential data across 1,365 known breaches.
But how do they get in, how long do they stay and what are they there for? The answers to these questions are in the 2020 Compromise Flashcard produced by compromise assessment company Lumu.
Recent Headlines
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.