Suffering a data breach is bad enough, but arguably worse is not knowing how much of your organization's data has been exposed as a result.

Now you can find out thanks to ImmuniWeb launching a free online service to check how bad a company/organisation's exposure is on the Dark Web and hacking resources.

For around two decades now, hackers have exploited the design of the memory management system used by Linux programs in order to take control of a target's computer.

Now though researchers at Check Point have introduced a new security mechanism for Linux users called 'safe-linking' which means attackers will need more than one vulnerability in order to take over the program.

With more and more people expressing concern about privacy and security online, companies have had to start to take notice and deliver tools to help. This is particularly noticeable in the browser market, and with the latest version of Chrome, Google has doubled down on security.

Having tested DNS over HTTPS (DoH) for some time, Google has added enhanced support for DNS lookups over an encrypted HTTPS connection to Chrome 83.  In the Windows, macOS and Linux versions of the browser, Google's implementation of the security feature is called Secure DNS; here's how to use it.

We've already seen that Dark Web marketplaces are seeking to cash in on the COVID-19 pandemic, but new research from Positive Technologies also shows a lot of interest in accessing corporate networks.

In the first quarter of this year the number of postings advertising access to these networks increased by 69 percent compared to the previous quarter. This is likely to pose a significant risk to corporate infrastructure, especially now that many employees are working remotely.

Email compromise via spoofed domains or compromised accounts is a major problem. But a new cloud platform from Abnormal Security tracks the reputations of an organization's vendors and customers, and improves detection accuracy of advanced social engineering attacks.

VendorBase is a global database that gives organizations the ability to see detailed views of all vendors, including profile information, the VendorBase risk assessment score, explanations on risk scores, a timeline view of relevant email communication and security activity for that vendor.

Over 76 percent of CEOs are consistently losing sleep over the fear of becoming the next headline-grabbing security breach, yet less than half of them have a firm cybersecurity strategy in place.

A new study from cybersecurity company Forcepoint in partnership with WSJ Intelligence surveyed 200 senior executives from a range of industries to find the major cybersecurity stresses and areas of disconnect for business and security leaders.

With cybercriminals ever keen to exploit the latest trends to their advantage, it should come as no surprise that the latest research from Trustwave SpiderLabs shows a raft of Dark Web activity based around COVID-19.

Scams range from adverts for supposed vaccines to malicious infection maps. But there's also evidence that Dark Web activities are being hit by the pandemic in much the same way as legitimate businesses.

Budget airline easyJet has fallen victim to a cyberattack in which personal information of 9 million customers was exposed. Included in this personal data were details of travel plans, email addresses and, in some cases, credit card information.

The company is now in the process of contacting all of those who have been affected by the data breach, but says that anyone whose credit card details were stolen by hackers has already been contacted.

Public Key Infrastructure (PKI) is essential to handling the issuing of digital certificates and managing public-key encryption, but it can prove a burden for businesses.

To make the process easier, certificate authority GlobalSign is launching a new automated PKI platform called Atlas.

New research from application security specialist Veracode finds seven in 10 applications have a security flaw in an open source library on initial scan, highlighting how use of open source can introduce flaws, increase risk, and add to security debt.

The study analyzed the component open source libraries across the Veracode platform database of 85,000 applications, accounting for 351,000 unique external libraries. Nearly all modern applications, including those sold commercially, are built using some open source components.

As we wrote about yesterday, with build 19628 Microsoft has added support for DNS over HTTPS to Windows 10. DoH is a great way to increase privacy and security online, and its arrival in Windows 10 has been widely welcomed.

At the moment the feature is only available to Windows Insiders, but it won't be long before it rolls out to everyone. But when you have it up and running, how do you know if DNS over HTTPS is working? Here's how to find out.

Distributed cloud service company Volterra is launching a new service to encrypt and share public data without the need for passwords and public keys.

VoltShare is available as downloadable software (or an API and SDK) that operates locally on a PC or mobile device to easily encrypt sensitive data for sharing with target recipients through email or via existing collaboration platforms such as Slack, Teams and Dropbox.

According to a new survey, 79 percent of organizations have experienced an identity-related breach in the last two years, while 94 percent report having had one at some point.

The study from the The Identity Defined Security Alliance (IDSA), based on a survey of over 500 IT security and identity decision makers conducted by Dimensional Research, finds that 66 percent say phishing is the most common cause of identity-related breaches, while 99 percent believe their breaches were preventable.

While preview builds of Windows 10 do have a tendency to be a little on the buggy side, they offer an opportunity to try out new features and options way before the official release. For anyone concerned about privacy and security an exciting addition to the latest Insider build is DNS over HTTPS (DoH).

The feature keeps web traffic more private by performing DNS lookups over an encrypted HTTPS connection so they are far less susceptible to interception. If you've been keen to try this out, now you can. Here's what you need to do.

It's not uncommon for enterprises to use a number of different analytics and operations tools as part of their security posture.

Managing these different tools as part of an overall policy, though, can be difficult. Pulse Secure is launching a new suite of secure access solutions for hybrid IT that provides organizations with a simplified, modular and integrated approach to modernize their access productivity, management and control.