Articles about Security

The Cofense Phishing Defense Center (PDC) has unearthed a new phishing campaign in multiple enterprise email environments protected by Proofpoint and Microsoft that delivers .ics calendar invite attachments containing phishing links in the body.

The researchers assume that the attackers believe putting the URL inside a calendar invite would help the messages to avoid automated analysis.

Continue reading →

Reuse of the same or similar passwords across accounts makes life easier for cybercriminals as they are able to try multiple servers using credentials exposed in breaches -- so called 'credential stuffing'.

Enterprise password manager 1Password is launching a new reporting tool for its users that allows them to swiftly identify compromised accounts and take action to protect the enterprise by alerting users to create new secure passwords.

Continue reading →

European managed security services company Orange Cyberdefense today reveals the findings of its inaugural Security Navigator, which shows a 23 percent decline in the number of recorded malware incidents in 2019.

The total number of security events have, however, increased. The company analysed 263,109 events from data obtained from its 10 CyberSOCs and 16 SOCs. Out of these events it identified 11.17 percent as verified security incidents. This represents a 34.4 percent increase over the previous year's rate of 8.31 percent.

Continue reading →

The UK's Computer Misuse Act came into effect 30 years ago, but security professionals are warning that it is no longer fit for purpose and may even be hindering their efforts.

A coalition of businesses, trade bodies, lawyers and think tanks from across the cybersecurity industry have today taken the unprecedented step of uniting to write a letter to the prime minister urging him to reform the law.

Continue reading →

Open source components are now at the core of many applications and a good deal of infrastructure. But what implications does this have for security?

The Information Security Forum has released a new paper, Deploying Open Source Software: Challenges and Rewards, to help security professionals recognize the benefits and perceived challenges of using open source and set up a program of protective measures to effectively manage it.

Continue reading →

While businesses generally take care to protect desktop and mobile computing devices, the rise in IoT usage has meant that lots of potentially less secure equipment is sneaking onto networks.

Forescout Research Labs has been assessing the risk of over eight million devices across a number of industries via its Forescout Device Cloud, a repository of connected enterprise device data.

Continue reading →

Most businesses now use web and cloud applications to deliver richer web experiences and better outcomes for customers. But the current generation of web security tools are poorly suited to address the frameworks, APIs and cloud microservices that are the underpinnings of these modern apps.

Now though application security firm Data Theorem is launching Web Secure, a full-stack application security analyzer that provides vulnerability analysis for modern web applications from the web-layer down to its embedded APIs and cloud resources.

Continue reading →

A new report from WatchGuard Technologies shows that 67 percent of all malware in the first quarter of this year was delivered via HTTPS, so organizations without security solutions capable of inspecting encrypted traffic will miss two-thirds of incoming threats.

In addition, 72 percent of encrypted malware was classified as zero day (meaning no antivirus signature exists for it, and it will evade signature-based protections). The findings suggest that HTTPS inspection and advanced behavior-based threat detection and response solutions are now requirements for every security-conscious organization.

Continue reading →

Twitter has emailed an unknown number of users to warn them of a security incident that took place some time prior to May 20 this year.

The company says that personal and billing information of people who used the Ads or Analytics pages on the Twitter site may have been affected. Twitter says that the vulnerability has now been addressed, but has emailed users to explain the circumstances of the incident.

Continue reading →

Endpoints are generally the weakest point of a corporate network and the problem is made more acute by the shift to remote working.

Illumio is launching a new endpoint protection solution that reduces the risk of ransomware and malware propagating laterally throughout an organization.

Continue reading →

As technology continues to evolve, software development teams are bombarded with security alerts at an increasing rate, making it almost impossible to address every potential vulnerability.

New research from WhiteSource, an open source security and license compliance management specialist, and CYR3CON, which predicts cybersecurity attacks based on AI-gathered intelligence looks at how development teams prioritize fixing vulnerabilities and compares this to discussions in hacker communities.

Continue reading →

Crowdsourced security platform Bugcrowd has released a new report which shows that 78 percent of hackers on its site say AI-powered cybersecurity solutions alone aren’t enough to outmaneuver cyber attacks over the next decade.

The 2020 Inside the Mind of a Hacker report also reveals that 87 percent say that scanners can’t find as many critical or unknown assets as humans.

Continue reading →

Thanks to the COVID-19 pandemic and extended tax filing deadline for 2020 its likely that people will be submitting their returns over a longer period this year.

New research from information security company Shred-it shows that most Americans file their tax returns online, even though many believe this puts them at greater risk of fraud.

Continue reading →

Very rarely in life is certainty guaranteed. Almost every decision we make is made imperfectly, without complete knowledge and based on a gut-checked risk assessment. When it comes to protecting your organization from phishing attacks, this still rings true. Yet, most email security providers still see through a black-and-white lens and act in terms of absolute certainty. As a result, they effectively protect against the known bad, but let unfamiliar threats slip right through.

Employees at every level of your company are making hundreds of email decisions every day -- open this, delete that, respond to this, leave that for tomorrow. With so much inbox noise, a potential phishing email can infiltrate easily -- and can impact an entire organization profoundly.

Continue reading →

Australia's Prime Minister, Scott Morrison says the country's government and institutions are being targeted by sophisticated cyber attacks.

The attacks are said to be against all levels of governments as well as services and businesses. Although identified as a state-based attack there is no official comment on who might be behind it. Morrison says it's believed to be a state attack, "...because of the scale and nature of the targeting and the trade craft used."

Continue reading →