Articles about Security

Public Key Infrastructure (PKI) is essential to handling the issuing of digital certificates and managing public-key encryption, but it can prove a burden for businesses.

To make the process easier, certificate authority GlobalSign is launching a new automated PKI platform called Atlas.

Continue reading →

New research from application security specialist Veracode finds seven in 10 applications have a security flaw in an open source library on initial scan, highlighting how use of open source can introduce flaws, increase risk, and add to security debt.

The study analyzed the component open source libraries across the Veracode platform database of 85,000 applications, accounting for 351,000 unique external libraries. Nearly all modern applications, including those sold commercially, are built using some open source components.

Continue reading →

As we wrote about yesterday, with build 19628 Microsoft has added support for DNS over HTTPS to Windows 10. DoH is a great way to increase privacy and security online, and its arrival in Windows 10 has been widely welcomed.

At the moment the feature is only available to Windows Insiders, but it won't be long before it rolls out to everyone. But when you have it up and running, how do you know if DNS over HTTPS is working? Here's how to find out.

Continue reading →

Distributed cloud service company Volterra is launching a new service to encrypt and share public data without the need for passwords and public keys.

VoltShare is available as downloadable software (or an API and SDK) that operates locally on a PC or mobile device to easily encrypt sensitive data for sharing with target recipients through email or via existing collaboration platforms such as Slack, Teams and Dropbox.

Continue reading →

According to a new survey, 79 percent of organizations have experienced an identity-related breach in the last two years, while 94 percent report having had one at some point.

The study from the The Identity Defined Security Alliance (IDSA), based on a survey of over 500 IT security and identity decision makers conducted by Dimensional Research, finds that 66 percent say phishing is the most common cause of identity-related breaches, while 99 percent believe their breaches were preventable.

Continue reading →

While preview builds of Windows 10 do have a tendency to be a little on the buggy side, they offer an opportunity to try out new features and options way before the official release. For anyone concerned about privacy and security an exciting addition to the latest Insider build is DNS over HTTPS (DoH).

The feature keeps web traffic more private by performing DNS lookups over an encrypted HTTPS connection so they are far less susceptible to interception. If you've been keen to try this out, now you can. Here's what you need to do.

Continue reading →

It's not uncommon for enterprises to use a number of different analytics and operations tools as part of their security posture.

Managing these different tools as part of an overall policy, though, can be difficult. Pulse Secure is launching a new suite of secure access solutions for hybrid IT that provides organizations with a simplified, modular and integrated approach to modernize their access productivity, management and control.

Continue reading →

The idea that organizations should have a trusted internal network and an untrusted external one is rapidly giving way to a posture of zero trust across the board.

A new survey of 500 IT security leaders by identity specialist Okta finds a massive 275 percent year-on-year growth in the number of North American organizations that have or plan to have a defined zero trust initiative on the books in the next 12-18 months.

Continue reading →

The first quarter of this year has seen a massive growth in phishing and counterfeit pages, with around a third of them related to COVID-19.

A new report from fraud prevention company Bolster shows that it detected 854,441 confirmed phishing and counterfeit pages and four million suspicious pages, with more than a quarter of a million devoted to COVID-19.

Continue reading →

New research released today from Sepio Systems, a rogue device mitigation firm, reveals a 42 percent jump in the number of devices connected to corporate networks, compared with the pre-COVID-19 period.

Not only has the number of connected devices increased, there are also almost three times the number of different device vendors. This means many unbranded or budget makes of equipment being used that are not commonly found in the enterprise environment.

Continue reading →

While high profile attacks like phishing scams targeting stimulus payments make the headlines, a new report shows they are actually on the decline.

The annual security report from website security specialist SiteLock finds that quiet attack methods, like backdoor files, are more favored among hackers as they become increasingly sophisticated and turn to methods that can go undetected and deliver the biggest payout.

Continue reading →

Researchers at email protection company Armorblox have uncovered a targeted email phishing attack designed to get past Microsoft 365 security.

The attack is a variant of 'PerSwaysion', a recent spate of credential phishing attacks that utilize compromised accounts and leverage Microsoft file-sharing services to lull victims into a false sense of security.

Continue reading →

Security researcher Björn Ruytenberg has revealed details of a vulnerability in the Thunderbolt 3 standard. The security flaw means that it is possible for a hacker with physical access to a computer to copy data even if the files are encrypted and the computer is locked.

The vulnerability affects all systems with Thunderbolt ports that shipped between 2011 and 2020, but some systems that shipped since 2019 have Kernel DMA Protection which means they are only partly at risk. Testing tools are available for both Windows and Linux so you can check to see if your computer is vulnerable.

Continue reading →

The total number of publicly reported breaches in Q1 2020 has decreased by 58 percent compared to the same period last year according to a new report from Risk Based Security.

Despite the number of breaches being down though, the number of records exposed for this quarter soared to 8.4 billion -- a 273 percent increase compared to Q1 2019, and a record for the same period since at least 2005, when detailed reporting began.

Continue reading →

Social engineering is one of the most common approaches taken by cybercriminals in order to steal data or get users to install malware.

But a new generation of payload-less attacks is now starting to emerge. How can businesses protect themselves from these threats? We spoke to Evan Reiser, CEO and co-founder of email security specialist Abnormal Security to find out.

Continue reading →