Articles about Security

Many books discuss the technical underpinnings and complex configurations necessary for cybersecurity -- but they fail to address the everyday steps that boards, managers, and employees can take to prevent attacks. The Cybersecurity Playbook is the step-by-step guide to protecting your organization from unknown threats and integrating good security habits into everyday business situations.

This book provides clear guidance on how to identify weaknesses, assess possible threats, and implement effective policies. Recognizing that an organization’s security is only as strong as its weakest link, this book offers specific strategies for employees at every level.

Continue reading →

With 11,121 vulnerabilities disclosed during the first half of 2020, as the year progresses the total is expected to exceed that of 2019.

Although the number of vulnerabilities disclosed in the first half of 2020 decreased by 8.2 percent compared to the same period in 2019 due to the impact of COVID-19, but the Q2 vulnerability report from Risk Based Security does suggest some signs of a return to 'normal' levels.

Continue reading →

The Qbot trojan first appeared in 2008 as banking and credential theft malware, evolving over the years to deliver ransomware attacks, making it something of a Swiss Army knife of the malware world.

Researchers at Check Point have now uncovered a further evolution that allows Qbot to hijack legitimate email conversations from an infected user's Outlook email client, and then spam itself out using those hijacked emails to increase its chances of tricking other users into getting infected.

Continue reading →

Personal data management software specialist Dataguise is launching a new system that enables organizations to report the impact of a data breach faster and more accurately than ever before.

GDPR requires reporting of breaches within 72 hours of becoming aware, and notifying affected individuals without delay. Dataguise is able to extrapolate the number of unique data elements in a data set quickly, with greater than 90 percent accuracy, using a patent-pending approach based on neural network technologies.

Continue reading →

Researchers at cloud security platform Armorblox have uncovered a phishing attack that seeks to steal Office 365 login credentials.

So far, so predictable. The clever twist here though is that the initial page victims are taken to via the email link is hosted on cloud file sharing service Box, followed by a credential phishing page that resembles the Office 365 login portal.

Continue reading →

Phishing is a problem that shows no signs of going away and indeed the COVID-19 pandemic has seen a new raft of malware and fraudulent emails seeking to trick the unwary.

Edison Software is launching a new AI-based email security subscription plan that can be added to the Edison Mail iOS app to help combat the threat.

Continue reading →

Researchers at F-Secure have uncovered a targeted, advanced attack on a cryptocurrency organization which they have linked to the Lazarus Group, and believe is part of a global, and financially motivated, hacking campaign.

Lazarus has been linked to the now infamous WannaCry attacks of 2017. This latest report identifies the tactics, techniques, and procedures (TTPs) used during the attack, such as spearphishing via a service (in this case, using LinkedIn to send a fake job offer tailored to the recipient’s profile).

Continue reading →

Botnet and exploit activity have increased over the course 2020's second quarter by 29 percent and 13 percent respectively, representing more than 17,000 botnet and 187,000 exploit attacks a day.

The latest Quarterly Threat Landscape Report from managed security services provider Nuspire also reveals a shift in tactics as attackers pivot away from COVID-19 themes, instead using other prominent media themes like the upcoming US election and exploiting the Black Lives Matter movement.

Continue reading →

We’ve covered Spydish on BetaNews before. The tool is great if you want to boost your privacy and security in Windows 10.

Today Belim, the program’s developer, announces that Spydish has undergone a name change, becoming Privatezilla, and that’s not all. The program is also becoming open source. In order to achieve this, some important changes have been made, which includes replacing certain features.

Continue reading →

The Windows Defender tool that is built into Windows 10 offers protection against a range of malware, but it is not something that everyone wants running on their computer. In a recent update, Microsoft has removed the option of disabling Defender via the registry.

Previously, it was possible to enable the DisableAntiSpyware key in the registry to switch off Windows Defender -- for whatever reason you may want to. But now the setting is ignored, meaning anyone wanting to avoid Windows Defender will have to find another way to do so.

Continue reading →

New research into insider threats from security automation platform Securonix shows that 60 percent of data exfiltration incidents are carried out by employees identified as 'flight risk', in other words that are about to leave the business.

We spoke to Shareth Ben, director of insider threat and cyber threat analytics with Securonix, to find out more about insider threats, flight risks and how companies can protect themselves.

Continue reading →

A new study from cybersecurity and data analytics firm, CybSafe shows that one in fours UK office workers are relying on unauthorized personal devices to work from home.

The study of 600 workers also shows that one in 10 share their work devices with others in their household, and that 65 percent of workers have not received any remote working security training in the last 6 months.

Continue reading →

Since organizations have shifted to a work from home model, the potential for cyberattacks and breaches has increased. In fact, since the start of the pandemic, 20 percent of respondents say they faced a security breach as a result of a remote worker.

New research from Malwarebytes shows that this in turn has led to higher costs, with 24 percent of respondents saying they paid unexpected expenses to address a cybersecurity breach or malware attack following shelter-in-place orders.

Continue reading →

More than half of UK businesses are turning to outsourced partners for cyber security services, according to research commissioned by digital risk protection company Skurio.

Lack of in-house expertise is a key issue for organizations, in particular when it comes to digital risk protection -- the ability to monitor risks, threats and breaches outside their network -- with 80 percent of respondents saying that their teams lack skills and knowledge in this area.

Continue reading →

Microsoft has released an out of band security update that addresses two separate Windows Remote Access Elevation of Privilege vulnerabilities.

KB4578013 fixes the CVE-2020-1530 and CVE-2020-1537 issues relating to Windows Remote Access' handling of memory and file operation respectively. Microsoft had already issued a patch for Windows 10 earlier this month, but the new patch is aimed at people running Windows 8.1, RT 8.1, and Server 2012 R2.

Continue reading →