Articles about Security

Almost half, of the participants in a new survey say zero trust is critical to their organizational security model, with only two percent of business leaders believing zero trust non-essential for their enterprise security posture.

But the study from Illumio, based on responses from over 460 IT and security professionals, finds that real world adoption is lagging. Of the respondents who find zero trust to be extremely or very important to their security posture, only 19 percent have fully implemented or widely implemented their zero trust plan.

Continue reading →

As reports of major data breaches fill the headlines, it has become impossible for any business, large or small, to ignore the importance of cybersecurity. Most books on the subject, however, are either too specialized for the non-technical professional or too general for positions in the IT trenches.

Thanks to author Nadean Tanner’s wide array of experience from teaching at a University to working for the Department of Defense, the Cybersecurity Blue Team Toolkit strikes the perfect balance of substantive and accessible, making it equally useful to those in IT or management positions across a variety of industries. This handy guide takes a simple and strategic look at best practices and tools available to both cybersecurity management and hands-on professionals, whether they be new to the field or looking to expand their expertise.

Continue reading →

Penetration of a local network takes between 30 minutes to 10 days and in most cases, attack complexity is low, meaning that an attack is within the capabilities of a hacker with basic skills.

Moreover there is at least one easy penetration vector in 71 percent of companies according to the research from Positive Technologies which analyzed the security of corporate information systems and prepared an overview of the most common security flaws and attack methods.

Continue reading →

Email is still the favored attack vector for cybercriminals, with recent research from GreatHorn showing that a third of IT professionals are dealing with attacks every day.

In order to bolster defences the company is launching an update to its security platform offering visibility across the entire email security stack with intelligent phishing detection and response capability.

Continue reading →

As businesses have switched to remote work environments, it has exposed pre-existing security gaps in at-home networks and other vulnerabilities for cybercriminals to take advantage of.

Cybersecurity specialist SonicWall is launching a new solution combing high-performance firewalls, cloud-native management and on-premise threat analysis to deliver cost-effective security for complex business networks.

Continue reading →

The use of security operations centers has become commonplace in larger organizations. But how can businesses unlock their full potential to protect their systems?

We spoke to Matt Walmsley, head of EMEA marketing at network detection and response specialist Vectra AI, to find out.

Continue reading →

The security of public clouds continues to be a major challenge, with 75 percent of respondents to a new survey saying they are 'very' or 'extremely' concerned about it.

The study from Check Point and Cybersecurity Insiders shows 68 percent say their organizations used two or more different public cloud providers, which means that security teams often have to use multiple security tools and management consoles to try to enforce security and compliance across the different environments.

Continue reading →

An unpatched vulnerability in the Windows Print Spooler exists that could be exploited by an attacker to run malicious software with elevated system privileges.

The issue affects Windows 7, Windows 8.x, Windows 10 as well as versions of Windows Server. It is being tracked as CVE-2020-1048 and CVE-2020-1337 and has a severity rating of "Important". Despite having been acknowledged by Microsoft back in May, a working patch is yet to be rolled out.

Continue reading →

Following a five month absence, Emotet has returned to number one spot in the malware charts in the latest Global Threat Index for July from Check Point Research.

Since February 2020, Emotet's activities -- primarily sending waves of malspam campaigns -- started to slow down and eventually stopped, until re-emerging in July. This pattern echoes 2019 when the Emotet botnet ceased activity during the summer months but resumed in September.

Continue reading →

Researchers at Abnormal Security have detected an increase in business email compromise attacks that successfully compromise email accounts despite the use of multi-factor authentication (MFA) and Conditional Access.

This is possible because legacy email protocols, including IMAP, SMTP, MAPI and POP, don't support MFA. In addition many common applications -- such as those used by mobile email clients (for example, iOS Mail for iOS 10 and older) -- don't support modern authentication.

Continue reading →

Cyber exposure company Tenable has published a global industry study, carried out by Forrester Consulting, that reveals the vast majority of organizations (94 percent) have experienced a business-impacting cyberattack in the past 12 months.

Yet despite this only four out of 10 security leaders say they can answer the fundamental question, 'How secure, or at risk, are we?' with a high level of confidence.

Continue reading →

There's been a huge shift to remote working this year, but new data shows that there has also been a 161 percent increase in visits to high-risk apps and websites as personal use of managed devices has nearly doubled.

The study from cloud security company Netskope finds that 64 percent of workers are now remote. Along with this increase in remote work has come an 80 percent increase in the use of collaboration apps as remote workers seek to remain connected with their colleagues

Continue reading →

Anyone who's worked on a help desk or in tech support will know that a high percentage of requests relate to granting access to systems or resetting passwords.

In fact IT personnel expend a full month of work (21 days) each year on mundane identity and access management (IAM) tasks such as resetting passwords and tracking app usage, according to a study by password management company 1Password.

Continue reading →

Malware attacks using machine identities doubled from 2018 to 2019 and have increased eight fold over the last decade.

New threat analysis from machine identity management company Venafi looks at security incidents and third-party reports in the public domain, including high-profile campaigns such as, TrickBot, Skidmap, Kerberods and CryptoSink.

Continue reading →

A new report from email security and cyber resilience company Mimecast, released to coincide with this year's virtual Black Hat conference, reveals that threat actors are motivated by monetary gain more than stealing data or intellectual property.

It also finds that COVID-19 continues to be a major theme in current attacks, especially in certain sectors, and that opportunistic and malware-based campaigns are being launched at volumes never seen before, with manufacturing, retail/wholesale, finance/insurance, and media and publishing being the hardest hit.

Continue reading →