Articles about Security

Swap-unwanted-stuff-for-free site Freecycle has acknowledged a security breach that took place at the end of last month. Hackers were able to access a wealth of data including usernames, User IDs, email addresses and passwords.

The organization says that it has notified the "appropriate US authorities" of the incident, as well as the Information Commissioner's Offier (ICO) in the UK. Few details of what happened have been revealed, but Freecycle is advising all members to change their account passwords as a security measure.  

Continue reading →

Hot on the heels of a reminder about the end of support for Windows 11 21H2, Microsoft has reminded everyone that Windows will soon have TLS 1.0 and TLS 1.1 disabled.

Transport Layer Security (TLS) has been around for a number of years, with TLS 1.0 not only dating back to 1999, but having been superseded by far more secure versions. TLS 1.2 and TLS 1.2 are now very much the norm, so Microsoft is following others in the industry by dropping 1.0 and 1.1.

Continue reading →

Cybersecurity can, at times, feel like a thankless and invisible task. The punishment for a mistake is immediate and ruthless, the reward for success next to non-existent, because how do you recognize the absence of a breach? But this isn’t a new scenario; the IT industry has dealt with this outlook for decades. The job of an IT department is to be invisible, but when something does go wrong all eyes are inevitably on them to fix it.

In a threat landscape where there exists a constant push to innovate, adapt and breach, there are only three possible outcomes for the IT industry: defeat, indefinite struggle, or complete structural collapse.

Continue reading →

There are many reasons for wanting to share passwords, and it is surprising -- and also a source of irritation -- that doing so is not easier. But Google is looking to change this by introducing a dedicated password sharing option to Chrome.

Users of the browser will soon be able to use the Password Manager function of the browser to quickly share login details with others. To start with, it appears that Google will limit sharing to people you have added to your Google Family Group, but it is possible that this will be opened up further in future.

Continue reading →

Following on from the Meltdown flaw and other related vulnerabilities, a more recent security issue was discovered in the form of Downfall. Tracked as CVE-2022-40982, exploitation of the flaw is known as a transient execution attack and it affects Intel CPUs.

Microsoft has not only acknowledged that the problem exists, but has now provided details of mitigation techniques that can be used. In security advisory KB5029778, the company gives instructions for users of Windows 10, Windows 11 and Windows Server.

Continue reading →

Google is introducing what it is referring to as "stronger protection for additional sensitive actions taken in Gmail".

It's a security measure that builds on safeguards added to Google Workspace accounts last year. It means you will start to see "Verify it's you" warnings when you try to do certain things with your Gmail account, requiring user verification before particular settings can be changed.

Continue reading →

Security is vital for digital communication, and that's why the likes of Telegram and WhatsApp's end-to-end encryption (E2EE) is so important and popular. Meta has long been keen to expand this security feature to its various other messaging platforms, and now the Facebook-owner has announced that it is implementing E2EE for all Messenger users.

The company points out that this is currently a test phase, so while more and more people will see immediate security enhancements, the rollout will not be complete until the end of the year.

Continue reading →

Users of the archiving utility WinRAR are being advised to update their software as soon as possible following the discovery of a serious Remote Code Execution vulnerability.

Tracked as CVE-2023-40477, the security flaw was discovered back in June and it allows malicious code to run when opening a RAR archive. Two months on, the issue has been fixed, but users of the software will have to ensure that they have the latest update installed to guarantee protection.

Continue reading →

Financial services firms deploy an increasingly complicated mix of technologies, systems, applications, and processes to serve customers and partners and to solve organizational challenges. Focused heavily on consumer hyper-personalization, banks are evolving more and more digital assets and services to meet and exceed growing customer experience expectations. 

As a result, the modern banking environment is heavily reliant on APIs to the point that they are now indispensable. APIs allow financial banks to connect with their ecosystem, while inspiring innovative developers to create new products, improve existing services, and work more efficiently. 

Continue reading →

A few months back, we learned of Microsoft's new Windows Backup app. At the time it was only made available to users of Windows 11 signed up as Insiders on the Dev channel.

Now this handy utility is making its way to Windows 10 as well. For now, it is included in the build pushed to the Release Preview Channel last week, but this means it won't be long until Window 10 users have access to an official backup tool from Microsoft which is about more than just safeguarding files.

Continue reading →

Despite their weaknesses, many organizations continue to rely on a fundamentally flawed traditional security approach that exposes their systems, their data, their users, and their customers to significant risk. Yes, I’m talking here about passwords.

While password practices may have remained a security staple over the decades, the proliferation of digital services offers rich pickings for cybercriminals. Using various methods to gain access to digital accounts, cyber criminals typically target passwords to conduct an attack or account takeover. That’s because passwords are easy to steal and share.

Continue reading →

We can all agree that the effective detection and diagnosis of security threats is a fundamental component of cyber resilience. After all, you cannot protect yourself against what you can’t see, right? With organizations rapidly bolstering their security programs and allocating significant investments to advanced technologies to increase visibility into threats and exposures, many have made notable strides in their ability to expedite the detection of abnormal behavior within their environments. However, this hasn’t come without a cost.  

Monitoring and threat analysis capabilities are deployed widely across most modern organization's technical infrastructure. Everything ranging from firewalls to email filtering and credential scanning. And the laundry list is proliferating as attackers leverage other weaknesses to spy on and steal data. This is where we begin to encounter challenges. Wading through these alerts, diagnostic analysis and remediation insights has caused a great deal of strain on cyber efficiency and security teams.

Continue reading →

Google has announced that it will release security updates for Chrome on a weekly basis, doubling the speed with which fixes are delivered to the stable channel.

This will not change the release schedule for significant new versions of Chrome, but it means that users of the browser can enjoy greater security. Google's change in pace is designed to reduce the "patch gap", with the company saying that it treats "all critical and high severity bugs as if they will be exploited".

Continue reading →

Navigating the complexities of today’s digital landscape, it's clear that cyber security can no longer be the sole accountability and responsibility of one person -- the CISO. As cyber threats evolve, becoming more frequent and sophisticated, a single individual can't feasibly manage it all. As a result, and at some point in the future, we may dare to consider that the traditional CISO role might eventually become obsolete as business units become secure-by-design.

We need to pivot. Rather than placing the weight of managing an organization's entire security on the shoulders of one person, we need to integrate cyber security throughout every layer of our operations. This means moving towards a world where every business unit and every employee in an organization understands and owns their role in maintaining cyber security.

Continue reading →

Microsoft has released a large new cumulative update for Windows 11 in the form of the KB5029263 update.

As this release fixes a series of security issues in the operating system, everyone running Windows 11 22H2 should install it as soon as possible. KB5029263 is a mandatory update so it will be installed automatically -- eventually -- but it is important enough to justify taking manual action to ensure you have it immediately.

Continue reading →