Articles about Security

Half of first-time security analysts working in Security Operations Centers (SOCs) plan to leave after just three months in the job, according to a study from SIRP Labs.

None of them plan to remain in their current role for longer than 18 months, and of all the 250 security analysts interviewed nearly half (48 percent) are considering leaving their role, within 11 months. The average amount of time spent in the same post is just 30 months.

Continue reading →

Open source software has become commonplace in all sorts of environments. But its very nature means that those responsible for their users' or organization's security need to be able to understand and verify its security.

Today The Linux Foundation is announcing the formation of the Open Source Security Foundation (OpenSSF). This is a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community with targeted initiatives and best practices.

Continue reading →

Businesses were already facing increasingly complex security environments thanks to cloud use and digital transformation projects, and with the advent of COVID-19 things have become more difficult still.

Breach and attack simulation specialist AttackIQ is launching its new Security Optimization Platform to equip cybersecurity leaders with better insights and help them make better decisions and improve business outcomes.

Continue reading →

Mobile devices have become an extension of our everyday lives, but if they are used to access business networks they could be exposing sensitive information to risk.

A new report from Gigamon reveals that most mobile devices run an average of 60-90 applications, facilitating access to email, SaaS-based solutions, cloud storage, social networks, games, news feeds and more.

Continue reading →

If you’re at all familiar with genealogy then you'll likely know both Ancestry and Family Tree Maker -- they an integral part of the pastime. Unfortunately, independent review site WizCase recently discovered an open and unencrypted ElasticSearch server that belonged to Software MacKiev, the owners of Family Tree Maker.

The leak exposed thousands of records including email addresses, user locations, and other sensitive personal information. FTM was owned by Ancestry.com until 2016 when Software MacKiev took it over, and the software is still used to upload databases to the Ancestry online trees.

Continue reading →

Charities handle billions in funds every year and hold financial and personal information that cybercriminals increasingly see as a tempting target. Yet, according to the UK's Charity Commission only 58 percent of charities think they are at risk from cybercrime.

But for a sector, whose success is built on its reputation and the goodwill of its supporters, the loss of any sensitive information or fraud through phishing attempts can be devastating.

Continue reading →

A serious vulnerability dubbed BootHole has been discovered in the GRUB2 bootloader. Millions of systems run the risk of being exposed to hackers -- primarily those running Linux, but Windows is also affected. Discovered by security researchers at Eclypsium, the BootHole vulnerability has been assigned CVE-2020-10713 ("GRUB2: crafted grub.cfg file can lead to arbitrary code execution during boot process") and a CVSS rating of 8.2.

The flaw can be exploited to gain arbitrary code execution during the boot process, even when Secure Boot is enabled and virtually all Linux distributions are affected. But more than this, the vulnerability also leaves Windows systems that make use of Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority open to attack.

Continue reading →

It's important for security teams to be able to respond quickly and effectively to threats and part of being able to do that is having good intelligence.

With this in mind, Netenrich is launching two new tools, Knowledge Now (KNOW), a free global threat intelligence tool, and Attack Surface Intelligence (ASI) combine to deliver rich, actionable context for faster, more proactive response to known and emerging cyber threats.

Continue reading →

We've been talking about the cybersecurity skills gap for more than a decade, but new research from the Information Systems Security Association (ISSA)  and independent industry analyst firm Enterprise Strategy Group (ESG) reveals it's not going away.

The shortage has impacted 70 percent of organizations, with consequences including increasing workloads, unfilled open job vacancies and an inability to learn or use cybersecurity technologies to their full potential.

Continue reading →

If you have tried to install the Windows cleanup utility CCleaner recently, you may have noticed that Microsoft Defender springs into action warning you that it is a potentially unwanted application (PUA).

This is not the first time Piriform CCleaner has got on the wrong side of Microsoft -- it was previously blocked from being mentioned in the Microsoft Community forums. The Avast-owned software has been popular with people seeking to tidy up and optimize Windows 10 for a number of years, so what's going on and why does Microsoft flag it up as a PUA?

Continue reading →

Researchers at password manager NordPass have identified a total of 9,517 unsecured databases containing 10,463,315,645 entries with such data as emails, passwords, and phone numbers.

The databases are found across 20 different countries, with China being at the top of the list -- the country has nearly 4,000 exposed databases. This means that potentially more than 2.6 billion users could have had their accounts breached.

Continue reading →

Digital transformation combined with a shift to more remote working has presented considerable challenges for enterprises when it comes to securing their systems.

One of the technologies being increasingly used to enable remote access is Secure Access Services Edge (SASE). We spoke to Anurag Kahol, CTO and co-founder of cloud security company Bitglass to find out more about SASE and how it can help businesses deliver their transformation projects.

Continue reading →

As more organizations move their operations to the cloud and networks become more fragmented, ensuring safe, secure access to systems becomes more difficult.

Secure access specialist Pulse Secure is launching a new Pulse Zero Trust Access (PZTA) solution. A cloud-based, multi-tenant secure access platform that enables organizations to provide users with easy, anywhere access to multi-cloud and data center applications.

Continue reading →

A new survey of over 300 security professionals reveals that 93 percent feel they lack the tools to detect known security threats, and 92 percent say they are still in need of appropriate preventative solutions to close current security gaps.

The study from security operations center specialist LogRhythm also finds that 75 percent of security professionals now experience more work stress than they did just two years ago.

Continue reading →

Secure Access Service Edge (SASE) technology is increasingly being used to enable secure and fast cloud adoption, helping ensure both users and devices have safe cloud access to applications, data and services from anywhere.

Cybersecurity company Forcepoint is entering this market with a new suite of SASE solutions, including a Cloud Security Gateway and zero trust Private Access features.

Continue reading →