Articles about Security

Distributed cloud service company Volterra is launching a new service to encrypt and share public data without the need for passwords and public keys.

VoltShare is available as downloadable software (or an API and SDK) that operates locally on a PC or mobile device to easily encrypt sensitive data for sharing with target recipients through email or via existing collaboration platforms such as Slack, Teams and Dropbox.

Continue reading →

According to a new survey, 79 percent of organizations have experienced an identity-related breach in the last two years, while 94 percent report having had one at some point.

The study from the The Identity Defined Security Alliance (IDSA), based on a survey of over 500 IT security and identity decision makers conducted by Dimensional Research, finds that 66 percent say phishing is the most common cause of identity-related breaches, while 99 percent believe their breaches were preventable.

Continue reading →

While preview builds of Windows 10 do have a tendency to be a little on the buggy side, they offer an opportunity to try out new features and options way before the official release. For anyone concerned about privacy and security an exciting addition to the latest Insider build is DNS over HTTPS (DoH).

The feature keeps web traffic more private by performing DNS lookups over an encrypted HTTPS connection so they are far less susceptible to interception. If you've been keen to try this out, now you can. Here's what you need to do.

Continue reading →

It's not uncommon for enterprises to use a number of different analytics and operations tools as part of their security posture.

Managing these different tools as part of an overall policy, though, can be difficult. Pulse Secure is launching a new suite of secure access solutions for hybrid IT that provides organizations with a simplified, modular and integrated approach to modernize their access productivity, management and control.

Continue reading →

The idea that organizations should have a trusted internal network and an untrusted external one is rapidly giving way to a posture of zero trust across the board.

A new survey of 500 IT security leaders by identity specialist Okta finds a massive 275 percent year-on-year growth in the number of North American organizations that have or plan to have a defined zero trust initiative on the books in the next 12-18 months.

Continue reading →

The first quarter of this year has seen a massive growth in phishing and counterfeit pages, with around a third of them related to COVID-19.

A new report from fraud prevention company Bolster shows that it detected 854,441 confirmed phishing and counterfeit pages and four million suspicious pages, with more than a quarter of a million devoted to COVID-19.

Continue reading →

New research released today from Sepio Systems, a rogue device mitigation firm, reveals a 42 percent jump in the number of devices connected to corporate networks, compared with the pre-COVID-19 period.

Not only has the number of connected devices increased, there are also almost three times the number of different device vendors. This means many unbranded or budget makes of equipment being used that are not commonly found in the enterprise environment.

Continue reading →

While high profile attacks like phishing scams targeting stimulus payments make the headlines, a new report shows they are actually on the decline.

The annual security report from website security specialist SiteLock finds that quiet attack methods, like backdoor files, are more favored among hackers as they become increasingly sophisticated and turn to methods that can go undetected and deliver the biggest payout.

Continue reading →

Researchers at email protection company Armorblox have uncovered a targeted email phishing attack designed to get past Microsoft 365 security.

The attack is a variant of 'PerSwaysion', a recent spate of credential phishing attacks that utilize compromised accounts and leverage Microsoft file-sharing services to lull victims into a false sense of security.

Continue reading →

Security researcher Björn Ruytenberg has revealed details of a vulnerability in the Thunderbolt 3 standard. The security flaw means that it is possible for a hacker with physical access to a computer to copy data even if the files are encrypted and the computer is locked.

The vulnerability affects all systems with Thunderbolt ports that shipped between 2011 and 2020, but some systems that shipped since 2019 have Kernel DMA Protection which means they are only partly at risk. Testing tools are available for both Windows and Linux so you can check to see if your computer is vulnerable.

Continue reading →

The total number of publicly reported breaches in Q1 2020 has decreased by 58 percent compared to the same period last year according to a new report from Risk Based Security.

Despite the number of breaches being down though, the number of records exposed for this quarter soared to 8.4 billion -- a 273 percent increase compared to Q1 2019, and a record for the same period since at least 2005, when detailed reporting began.

Continue reading →

Social engineering is one of the most common approaches taken by cybercriminals in order to steal data or get users to install malware.

But a new generation of payload-less attacks is now starting to emerge. How can businesses protect themselves from these threats? We spoke to Evan Reiser, CEO and co-founder of email security specialist Abnormal Security to find out.

Continue reading →

Santander, the fifth largest bank in Europe and the 16th largest in the world, has been leaking sensitive company data due to a misconfiguration on one of its websites.

Security analysts at CyberNews discovered that Santander's Belgian branch, Santander Consumer Bank, had a misconfiguration in its blog domain that allowed for its files to be indexed.

Continue reading →

As part of its 90-day security focus, Zoom has announced that it has acquired Keybase, an app that features end-to-end encryption to secure chats and file sharing. The Keybase team will help to bring the same security to Zoom.

The lack of end-to-end encryption has been one of the many criticisms of Zoom in recent months, and the company is keen to address this. However, Zoom says that it will only be bringing an end-to-end encrypted meeting mode to paid accounts and points out that this "privacy over compatibility" option will mean missing out on some features.

Continue reading →

Despite the fact that credential stuffing using stolen passwords is one of the most common ways of breaching systems, new research from Balbix for this year's World Password Day finds that over 99 percent of employees reuse passwords across work accounts, or between work and personal accounts.

In addition the average password is reused not just once, but 2.7 times, and the average user is sharing eight passwords between all their accounts with 7.5 passwords shared between work and personal accounts.

Continue reading →