Articles about Security

Since the onset of the COVID-19 crisis earlier this year 80 percent of companies have seen 'slightly to considerably more' cyberattack attempts, breaking down to 88 percent in the US and 74 percent in the UK.

SIEM specialist Exabeam surveyed more that 1,000 IT security professionals at small- to medium-sized enterprises and finds that a third of respondents experienced a successful cyberattack during COVID-19, leading to network downtime for 40 percent of UK companies and 38 percent of US companies.

Continue reading →

Researchers at Check Point have been working with Zoom to to fix a security issue that would have allowed hackers to manipulate organizations’ customizable Zoom 'Vanity URLs'.

The vulnerability would allow attackers to send legitimate-looking meeting invitations, with the aim of inserting malware and stealing data or credentials from unsuspecting victims.

Continue reading →

An unprotected database belonging to the VPN service UFO VPN was exposed online for more than two weeks. Contained within the database were more than 20 million logs including user passwords stored in plain text.

User of both UFO VPN free and paid services are affected by the data breach which was discovered by the security research team at Comparitech. Despite the Hong Kong-based VPN provider claiming to have a "strict no-logs policy" and that any data collected is anonymized, Comparitech says that "based on the contents of the database, users' information does not appear to be anonymous at all".

Continue reading →

Organizations often rush into cloud deployments without fully appreciating all of the risks that they can present.

A new report from cybersecurity advisory and assessment services firm Coalfire identifies key considerations, common pitfalls, and practical advice for professionals who have responsibility for enterprise cloud strategy, planning, adoption, and operations.

Continue reading →

In the first quarter of 2020 phishing attacks increased by 22.5 percent compared to the end of 2019, and 13 percent of all phishing was related to COVID-19.

A new report from Positive Technologies also shows that in Q1 there were 23 very active APT groups whose attacks targeted mostly government agencies, industrial, finance, and medical institutions.

Continue reading →

Finnish cybersecurity company F-Secure has published a report detailing its investigation into a pair of counterfeit Cisco network switches.

The investigation concludes that the counterfeits had been designed to bypass processes that authenticate system components. Two different counterfeit versions of Cisco Catalyst 2960-X series switches were discovered by an IT company after a software update stopped them from working.

Continue reading →

As part of this month's Patch Tuesday, Microsoft has issued a fix for a 17-year-old Windows DNS Server vulnerability. Known as SIGRed and tracked as CVE-2020-1350, the flaw is a serious one that has been assigned a CVSS base score of 10.0.

The vulnerability affects all version of Windows Server and is a wormable remote code execution flaw that requires no user interaction. In addition to issuing a critical patch, Microsoft has also provided details of a workaround for anyone who is unable to deploy the fix immediately

Continue reading →

Using complex cloud applications built with microservices and APIs can often expose business logic that threat actors use to infiltrate applications and private data.

A new application security company Traceable is launching today with a platform that traces end-to-end application activity from the user and session all the way through the application code. Traceable's TraceAI machine learning and distributed tracing technology analyzes data to learn normal application behavior and detect any activity that deviates from the norm.

Continue reading →

With increased numbers of people working remotely, a new report reveals that cybercriminals are using email impersonation to prey on the sense of urgency of an increasingly distracted and dispersed workforce.

Email security company GreatHorn has collected data from over 640 security, IT and C-suite professionals to gain a better understanding of new threat vectors and attack strategies. It found almost half of respondents (48.7 percent) report seeing impersonations of people such as colleagues, customers or vendors.

Continue reading →

New research from the UK's Chartered Institute of Information Security (CIISec) shows that overwork and burnout remain major problems for the IT security sector.

The study of almost 450 cybersecurity professionals shows that 54 percent of respondents have either left a job due to overwork or burnout, or have worked with someone who has.

Continue reading →

Vulnerability management specialist RiskSense is launching a new version of its platform that harmonizes threat analysis, prioritization and risk scoring across both network-based assets and applications.

RiskSense aggregates and normalizes outputs from multiple data sources including SAST, DAST, open source software, containers, pen testing and bug bounty programs. This approach enables organizations to easily pinpoint and fix vulnerabilities in their attack surface regardless of where they arise.

Continue reading →

Microsoft has revealed details of a new platform security technology which the company says will prevent data corruption attacks.

Kernel Data Protection (KDP) works by marking sections of kernel memory as read-only, so there is no way it can be tampered with. The technology comes in response to the fact that increasing numbers of attackers are using data corruption techniques to bypass security, gain additional privileges, and more.

Continue reading →

As companies accelerate their digital transformation programs, many move data into the cloud without all the security controls necessary to protect both their organization and customers’ data. This leaves them vulnerable to cyberattacks and without evidence of compliance with data protection regulations

Cybersecurity specialist Imperva is launching a new SaaS Cloud Data Security product that gives businesses visibility and compliance oversight for data hosted in a database-as-a-service (DbaaS).

Continue reading →

According to a new study, 70 percent of security teams have seen more than double the volume of security alerts in the past five years. These high volumes of reports cause problems for IT security teams with 83 percent saying their security staff experience 'alert fatigue'.

The survey conducted by Dimensional Research on behalf of continuous intelligence specialist Sumo Logic also shows that while automation is helpful it isn't a complete solution.

Continue reading →

A new survey released today by security software firm NetMotion reveals that 47 percent of organizations believe remote work has exposed their organization to high or extreme security risk.

Of these 62 percent are most concerned that workers will visit malicious URLs that could compromise networks and devices, while 45 percent are worried about workers accessing inappropriate content.

Continue reading →