Articles about Security

The average security operations center (SOC) has considerable room for improvement according to a new report from automation and response platform SIRP Labs.

Almost a third (29 percent) of respondents believe missed alerts due to high volumes are a significant, even a serious, problem. In companies of 1,000-2,500 employees the figure rises to 46 percent.

Continue reading →

With bricks and mortar stores largely shut down for much of the first half of 2020, it’s no real surprise to find that cybercriminals have been targeting eCommerce sites.

New research from IntSights looks at how there has been a rise in cybercriminals targeting eCommerce sites using a variety of attack methods, such as skimming attacks, account takeovers and ransomware.

Continue reading →

Just a week ago, we covered the news that user log files from the VPN service UFO VPN had been exposed. A database of user data appeared online despite the company's claims of having a "strict no-logs policy".

But while security experts took steps to lock down the data and restrict access to it by the middle of this month, earlier this week it transpired that a second, newer UFO VPN database had appeared online, containing even more data. This time, however, hackers came to the rescue with a coordinated "Meow" attack.

Continue reading →

The latest Cyber Threat Report from SonicWall shows a 24 percent drop in malware attacks worldwide, while there’s been a 20 percent jump in ransomware globally and a 109 percent spike in the US.

There's also been a 176 percent increase in malicious Microsoft Office file types and a 50 percent rise in IoT malware attacks as cybercriminals seek to use devices as a backdoor to business networks via home workers.

Continue reading →

A report released today by email security firm Tessian reveals that 43 percent of US and UK employees have made mistakes resulting in cybersecurity repercussions for themselves or their company.

A quarter of employees confess to clicking on links in a phishing email at work, with distraction cited as a top reason for falling for a phishing scam by 47 percent of employees. This is closely followed by the fact that the email 'looked legitimate' (43 percent), with 41 percent saying the phishing email looked like it came from a senior executive or a well-known brand.

Continue reading →

According to a new report, 89 percent of security professionals are most concerned about phishing, web and ransomware attacks, but only 48 percent confirm that they have continuous visibility into these risk areas.

The 2020 Cybersecurity 360 Report from Balbix also shows 64 percent of organizations are only, at best, somewhat confident in their security posture, and that the lack of visibility into security is the primary concern for organizations.

Continue reading →

Companies with the worst privacy practices are 80 percent more likely to experience a data breach according to a new study.

Data privacy platform Osano used its evaluation framework to measure the privacy practices of the top 10,000 websites against 163 different factors to develop an Osano Privacy Score.

Continue reading →

New research from security analytics and automation company Rapid7 reveals that the security of the internet overall is improving and the number of insecure services such as SMB, Telnet, rsync, and the core email protocols all decreased from the levels seen in 2019.

However, the National/Industry/Cloud Exposure Report (NICER) shows vulnerabilities and exposures still plague the modern internet even with the increasing adoption of more secure alternatives to insecure protocols, like Secure Shell (SSH) and DNS-over-TLS (DoT).

Continue reading →

While cyberattacks are played out on technology platforms, it's often the effectiveness -- or otherwise -- of the human response that determines how they impact an organization.

It can be hard to prepare teams to deal with the realities of an attack, but Immersive Labs is looking to change that with the launch of its industry first Cyber Crisis Simulator.

Continue reading →

The idea of electronic signatures has been around for a while, but their importance has been highlighted by recent changes brought about by the COVID-19 pandemic, meaning signing documents in person may be difficult.

We spoke to Sameer Hajarnis, practice lead for e-signature at digital fraud prevention specialist OneSpan to find out more about adopting e-signatures in the current business landscape, what businesses need to look for and how these technologies can securely enable efficiencies, improve processes, ensure legal compliance and deliver an improved customer experience.

Continue reading →

As damaging as security threats can be, they’re also easily avoidable when you have the appropriate safeguards in place. For businesses in particular, investing in the right methods is essential.

Here are my top 7 tips for keeping your data secure.

Continue reading →

Earlier this year hackers were able to exploit container platform Kubernetes to install cryptomining software in Microsoft Azure.

Fei Huang, chief strategy officer at container security platform NeuVector believes that this should be a wake up call to get the attention of enterprise DevOps and DevSecOps teams. We spoke to him to find out more about the risks and how they can be addressed.

Continue reading →

Since the onset of the COVID-19 crisis earlier this year 80 percent of companies have seen 'slightly to considerably more' cyberattack attempts, breaking down to 88 percent in the US and 74 percent in the UK.

SIEM specialist Exabeam surveyed more that 1,000 IT security professionals at small- to medium-sized enterprises and finds that a third of respondents experienced a successful cyberattack during COVID-19, leading to network downtime for 40 percent of UK companies and 38 percent of US companies.

Continue reading →

Researchers at Check Point have been working with Zoom to to fix a security issue that would have allowed hackers to manipulate organizations’ customizable Zoom 'Vanity URLs'.

The vulnerability would allow attackers to send legitimate-looking meeting invitations, with the aim of inserting malware and stealing data or credentials from unsuspecting victims.

Continue reading →

An unprotected database belonging to the VPN service UFO VPN was exposed online for more than two weeks. Contained within the database were more than 20 million logs including user passwords stored in plain text.

User of both UFO VPN free and paid services are affected by the data breach which was discovered by the security research team at Comparitech. Despite the Hong Kong-based VPN provider claiming to have a "strict no-logs policy" and that any data collected is anonymized, Comparitech says that "based on the contents of the database, users' information does not appear to be anonymous at all".

Continue reading →