Articles about Security

The use of QR codes has risen during the pandemic as they offer a perfect solution to contactless interaction. But many employees are also using their mobile devices to scan QR codes for personal use, putting themselves and enterprise resources at risk.

A new study from security platform MobileIron shows that 84 percent of people have scanned a QR code before, with 32 percent having done so in the past week and 26 percent in the past month.

Continue reading →

Hackers are increasingly turning their attention to attacking Linux servers and workstations, according to security researchers from Kaspersky.

While it is Windows systems that have traditionally been in the cross-hairs of attackers, advanced persistent threats (APTs) are now a serious issue in the Linux world. Linux systems are being specifically targeted with an ever-widening selection of malware tools.

Continue reading →

Good security practices are more important than ever in the current climate, with people working from home using their own devices.

Password management specialist Dashlane is launching a new reporting tool that gives company administrators in-depth visibility into employee password security along with the ability to track improvements over time.

Continue reading →

A new threat report from Aqua Security reveals a growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure.

While most attacks uncovered by Team Nautilus, Aqua's cybersecurity research team, were aimed at abusing public cloud compute resources for cryptocurrency mining, the methods used also open the door for higher-value targets that look to exploit security gaps in container software supply chains and runtime environments.

Continue reading →

After suddenly hitting the big time during the coronavirus pandemic, video conferencing tool found itself the center of attention for both good and bad reasons. While people welcome the app facilitating remote working, Zoom's security and privacy credentials were called in to questions in a series of incidents.

The company subsequently promised to take action to improve things in these areas, and over the summer there have been ongoing updates to Zoom. Now two-factor authentication (2FA) has been made available to all users.

Continue reading →

As WFH continues and bad actors and cyberthreats thrive, it is more critical than ever before for organizations to have a robust cybersecurity strategy in place. The best way to get started? Leverage Zero Trust.

The chief concern security teams have is keeping threats and attacks out of their organizations. This is why CISOs make significant investments in security controls that protect important vectors like the network, data center, cloud, email and endpoint. This defense-in-depth approach is essential to detect and block threats, but they need to be bolstered with Zero Trust capabilities. Why? Simply put, because attacks and breaches continue to occur. In fact, we know that 64 percent of CISOs believe their organization is more likely to experience a data breach due to COVID-19, and an additional 30 percent of CISOs have seen more attacks on their IT systems as a direct result of COVID-19.

Continue reading →

Research from Coalfire Labs based on over 800 penetration tests finds that company size has a direct bearing on how effectively a business is able to fend off would-be attackers.

The study shows large and small companies see more than three times the year-on-year improvement of medium-sized companies. Although mid-size companies hit the cybersecurity sweet spot in 2018, they scrambled to keep up last year, and in 2020, improving only four percent year-on-year in fending off attackers compared to their bigger and smaller counterparts.

Continue reading →

We're all familiar with the menace of phishing but, particularly following the recent Twitter attack, other methods of stealing credentials have been on the rise.

These include 'smishing' (phishing via SMS) and 'vishing' (phishing by voice call). We spoke to Ed Bishop, CTO at email security company Tessian to find out how businesses can identify vishing and smishing attacks, how the attacks work, and how companies can protect their employees.

Continue reading →

People like to be individuals, and in the computing arena one way to be a little different is to change the look of Windows by using themes. But a security researcher has warned of a technique that could be exploited by hackers to trick users into divulging their Windows login details when applying a theme.

Malicious theme packs can be used to execute a "pass-the-hash" attack which sends passwords to a remote server. The specially designed themes are easy to create, andthe way the credential stealing attack works will fool many people -- but there are protective measures that can be put in place.

Continue reading →

The COVID-19 pandemic has seen a spike in scams, phishing and malware across all platforms and attack vectors. The latest mid-year threat landscape report from Bitdefender shows that in May and June, an average of 60 percent of all received emails were fraudulent.

In addition there’s been a five-fold increase in the number of coronavirus-themed attacks and a 46 percent increase in attacks aimed at home IoT devices.

Continue reading →

Smaller businesses are having to do more with less in terms of security, a situation made worse by the coronavirus pandemic.

The annual SMB IT Security Report from Untangle shows that 38 percent of SMBs are allocating $1,000 or less to their IT security budget, compared to 29 percent in 2019 and 27 percent in 2018.

Continue reading →

Earlier in the year, Intel announced that it had completed software validations on fixes for a series of security flaws affecting many of its processors discovered a couple of years ago. Now Microsoft, in conjunction with the chip-maker, released microcode updates for Windows 10 to fix these issues.

The four problems are connected to the now-infamous Spectre and Meltdown flaws from 2018. They relate to problems with the speculative execution function of many chips, and could allow for sensitive data to leak.

Continue reading →

The shortcomings of password security are well known. Indeed the death of passwords has been predicted for a long time but they still cling on.

There are a number of alternative authentication methods available, but confusion still reigns about the pros and cons of different approaches. To help cut through the mass of information, identity management company Beyond Identity has put together an infographic looking at alternative authentication methods and the security each provides.

Continue reading →

Concern about deepfakes is on the rise and earlier this week Microsoft announced its own video authentication tool ahead of the US elections.

To help counter the threat from increasingly sophisticated cyber attacks, including the use of deepfakes, biometric authentication company iProov is also launching its own Security Operations Centre (iSOC).

Continue reading →

Cybercriminals in 2019 managed to expose more than 165 million records of confidential data across 1,365 known breaches.

But how do they get in, how long do they stay and what are they there for? The answers to these questions are in the 2020 Compromise Flashcard produced by compromise assessment company Lumu.

Continue reading →