Articles about Security

Santander, the fifth largest bank in Europe and the 16th largest in the world, has been leaking sensitive company data due to a misconfiguration on one of its websites.

Security analysts at CyberNews discovered that Santander's Belgian branch, Santander Consumer Bank, had a misconfiguration in its blog domain that allowed for its files to be indexed.

Continue reading →

As part of its 90-day security focus, Zoom has announced that it has acquired Keybase, an app that features end-to-end encryption to secure chats and file sharing. The Keybase team will help to bring the same security to Zoom.

The lack of end-to-end encryption has been one of the many criticisms of Zoom in recent months, and the company is keen to address this. However, Zoom says that it will only be bringing an end-to-end encrypted meeting mode to paid accounts and points out that this "privacy over compatibility" option will mean missing out on some features.

Continue reading →

Despite the fact that credential stuffing using stolen passwords is one of the most common ways of breaching systems, new research from Balbix for this year's World Password Day finds that over 99 percent of employees reuse passwords across work accounts, or between work and personal accounts.

In addition the average password is reused not just once, but 2.7 times, and the average user is sharing eight passwords between all their accounts with 7.5 passwords shared between work and personal accounts.

Continue reading →

Researchers at Check Point have uncovered a China-based hacker group that has been targeting multiple national Governments in the APAC region over the past five years, to gather political intelligence and conduct espionage.

Targets include Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei. After infiltrating one government body, the hacker group uses that body’s contacts, documents and servers to launch targeted phishing attacks against new government targets.

Continue reading →

Organizations using software to help their IT and information security teams collaborate and align are three times more confident in the effectiveness of their information security efforts according to a new study.

The report from security automation specialist SaltStack shows that 54 percent of InfoSec leaders say they communicate effectively with IT professionals, but only 45 percent of IT professionals agree.

Continue reading →

New research from VPNpro has found that two of the top 20 premium VPN apps have crucial vulnerabilities that can allow hackers to push fake updates and install malicious programs or steal user data.

The vulnerabilities in PrivateVPN and Betternet, can allow hackers to intercept communications and force the apps to download a fake update. The update may be automatically installed or the user prompted to install it.

Continue reading →

Women are better at cybersecurity and protecting themselves online, new research by password manager app NordPass suggests.

The survey shows that women are more concerned about the potential harm of their personal online accounts being hacked. They also tend to use unique passwords more often than men.

Continue reading →

It seems like it's been a little while since we heard much about Zoom, but we're still in the company's self-imposed 90-day security clean-up operation.

Having already released numerous updates to help lock down the video conferencing software, Zoom is about to release a new update that will help clamp down on the problem of Zoombombing for people with free accounts.

Continue reading →

As organizations move more of their systems to the cloud, they need security solutions that maintain visibility while keeping them safe.

Cybersecurity company ESET is releasing an upgraded version of its Security Management Center for Microsoft Azure, aimed at providing complete, real-time network visibility.

Continue reading →

While organizations continue to invest significant amounts in security controls and assume that this means assets are fully protected, the reality is that a majority of attacks successfully infiltrate production environments without their knowledge.

This is among the findings of a new report from Mandiant Solutions -- the threat intelligence arm of FireEye -- based on real attacks, specific malicious behaviors, and actor-attributed techniques and tactics.

Continue reading →

While network scanners and agent-based security tools are commonplace, they come with significant operational costs, but still offer only partial visibility, leaving the organization vulnerable to breaches.

Orca Security has produced a patent pending SideScanning technology, which is based on reading the workloads' run time block storage out of band, and cross-referencing this with cloud context pulled directly from the cloud vendors' APIs.

Continue reading →

It’s a generally held view that smaller businesses are more vulnerable to cyber threats than larger ones but a new report from Cisco Security suggests this may not actually be the case.

In its 2020 SMB Cybersecurity Report the company reveals that SMBs are maturing and mirroring larger organizations' approaches to a variety of security issues, including data breach disclosure, customer data inquiries, threat hunting and more.

Continue reading →

Ransomware is a business that's thriving in the current climate, but what's behind this and what wider problems do attacks create for businesses?

We had a socially-distanced chat with Chris Morales, head of security analytics at network detection and response specialist Vectra to find out more.

Continue reading →

Researchers from Check Point have found serious vulnerabilities in the widely-used WordPress plugins that are used for large-scale online learning by top academic institutions and major businesses.

By exploiting the flaws in LearnPress, LearnDash and LifterLMS, students, as well as unauthenticated users, can abuse security flaws in order to steal personal information, siphon money and attain teacher privileges on the platform.

Continue reading →

The COVID-19 pandemic is changing the way people work and do business. As governments worldwide impose compulsory community quarantines and lockdowns, many are turning to the internet to continue operating their businesses or doing their jobs. Teleworking is becoming the new normal with everyone expected to observe physical distancing to avoid the pandemic spreading.

Among other systems, payroll is one of the workflows worth examining amidst the changes brought about by the pandemic. As companies adopt remote work arrangements to avoid complete operational shutdown, those that have been manually processing their payroll need to find ways to adjust to the new situation.

Continue reading →