Articles about Security

While network scanners and agent-based security tools are commonplace, they come with significant operational costs, but still offer only partial visibility, leaving the organization vulnerable to breaches.

Orca Security has produced a patent pending SideScanning technology, which is based on reading the workloads' run time block storage out of band, and cross-referencing this with cloud context pulled directly from the cloud vendors' APIs.

Continue reading →

It’s a generally held view that smaller businesses are more vulnerable to cyber threats than larger ones but a new report from Cisco Security suggests this may not actually be the case.

In its 2020 SMB Cybersecurity Report the company reveals that SMBs are maturing and mirroring larger organizations' approaches to a variety of security issues, including data breach disclosure, customer data inquiries, threat hunting and more.

Continue reading →

Ransomware is a business that's thriving in the current climate, but what's behind this and what wider problems do attacks create for businesses?

We had a socially-distanced chat with Chris Morales, head of security analytics at network detection and response specialist Vectra to find out more.

Continue reading →

Researchers from Check Point have found serious vulnerabilities in the widely-used WordPress plugins that are used for large-scale online learning by top academic institutions and major businesses.

By exploiting the flaws in LearnPress, LearnDash and LifterLMS, students, as well as unauthenticated users, can abuse security flaws in order to steal personal information, siphon money and attain teacher privileges on the platform.

Continue reading →

The COVID-19 pandemic is changing the way people work and do business. As governments worldwide impose compulsory community quarantines and lockdowns, many are turning to the internet to continue operating their businesses or doing their jobs. Teleworking is becoming the new normal with everyone expected to observe physical distancing to avoid the pandemic spreading.

Among other systems, payroll is one of the workflows worth examining amidst the changes brought about by the pandemic. As companies adopt remote work arrangements to avoid complete operational shutdown, those that have been manually processing their payroll need to find ways to adjust to the new situation.

Continue reading →

Traditional penetration testing solutions often fail to provide the rapid, reliable and fully integrated security testing that fits with businesses' go-to-market timelines.

Crowdsourced security company Bugcrowd is looking to change this with the launch of its Classic Pen Test, powered by the Bugcrowd platform and focused on providing customers with on-demand access to methodology-driven pen testing at a fixed price.

Continue reading →

Following the discovery of an SQL injection vulnerability in its XG Firewall product, Sophos has released an emergency patch to protect users against hackers.

The vulnerability affects both physical and virtual XG Firewall units, and signs of attacks were first noticed last week. Attackers exploiting the vulnerability on unpatched firewalls would be able to access all local usernames and hashed passwords of any local user accounts, including local device admins, user portal accounts, and accounts used for remote access.

Continue reading →

Researchers at Check Point have discovered a new variant of Android malware called Black Rose Lucy that, when downloaded, encrypts files on the infected device and displays a ransom note in the browser claiming to be an official message from the FBI.

First discovered by Check Point in September 2018, Lucy is a Malware-as-a-Service dropper that originated in Russia and downloads and installs new threats with ransomware capabilities.

Continue reading →

As attackers become more sophisticated, perimeter defenses are becoming less effective at protecting networks. Particularly so as endpoints may roam from network to network or utilize resources in cloud data centers that are not under direct corporate control.

To give IT security analysts increased visibility into what is happening at their network endpoints, security-as-a-service company Cygilant is launching a new endpoint security solution.

Continue reading →

More than 16,000 COVID-19 related domains have been registered since January and while some are legitimate many have been set up to serve malware, create phishing pages, or scam site visitors.

And malicious domains aren't just a problem during the current pandemic, they're a growing issue across the internet. This is not helped by privacy rules which mean it's become harder for security researchers to use Whois to see who owns a domain.

Continue reading →

A security flaw in Microsoft Teams made it possible for attackers to take over accounts just by getting a victim to view a GIF. The vulnerability stemmed from the way in which Teams handles images and could allow for account takeovers and data theft.

Security firm CyberArk discovered the issue over a month ago and then worked with the Microsoft Security Research Center under Coordinated Vulnerability Disclosure to get the vulnerability fixed. With COVID-19 leading to a huge increase in the number of people working remotely and relying on the likes of Zoom and Teams, the prospect of such an easily exploitable vulnerability is concerning.

Continue reading →

Well known for its endpoint protection and malware removal solutions, Malwarebytes is now moving into the online privacy space with the launch of its own VPN.

Malwarebytes Privacy aims to offer best-in-class encryption without compromising on performance. It doesn't log the user's online activities and it offers a choice of virtual servers from over 30 countries in order to protect their real location.

Continue reading →

The ever changing landscape of cybersecurity means it can be hard for any one organization to stay on top of all the latest threats.

To address this problem, Trustwave is expanding its cybersecurity collaboration platform to help businesses around the world meet security challenges.

Continue reading →

It is a little while since Proton Technologies announced that ProtonVPN was being open sourced to help build trust in the service. Now the company has done the same for the Android version of ProtonMail, and this means that all ProtonMail and ProtonVPN apps are now open source

Just as with ProtonVPN, the open sourcing of ProtonMail opens it up not only to the scrutiny of anyone who cares to trawl through the source code, but it has also been subjected to a third-party security audit.

Continue reading →

Researchers at Check Point have revealed how a sophisticated cybercrime gang managed to trick three UK private equity firms to steal hundreds of thousands of pounds.

The gang, named 'The Florentine Banker,' got away with over £500,000 following a complex business email compromise (BEC) attack.

Continue reading →