Security

It seems like it's been a little while since we heard much about Zoom, but we're still in the company's self-imposed 90-day security clean-up operation.

Having already released numerous updates to help lock down the video conferencing software, Zoom is about to release a new update that will help clamp down on the problem of Zoombombing for people with free accounts.

As organizations move more of their systems to the cloud, they need security solutions that maintain visibility while keeping them safe.

Cybersecurity company ESET is releasing an upgraded version of its Security Management Center for Microsoft Azure, aimed at providing complete, real-time network visibility.

While organizations continue to invest significant amounts in security controls and assume that this means assets are fully protected, the reality is that a majority of attacks successfully infiltrate production environments without their knowledge.

This is among the findings of a new report from Mandiant Solutions -- the threat intelligence arm of FireEye -- based on real attacks, specific malicious behaviors, and actor-attributed techniques and tactics.

While network scanners and agent-based security tools are commonplace, they come with significant operational costs, but still offer only partial visibility, leaving the organization vulnerable to breaches.

Orca Security has produced a patent pending SideScanning technology, which is based on reading the workloads' run time block storage out of band, and cross-referencing this with cloud context pulled directly from the cloud vendors' APIs.

It’s a generally held view that smaller businesses are more vulnerable to cyber threats than larger ones but a new report from Cisco Security suggests this may not actually be the case.

In its 2020 SMB Cybersecurity Report the company reveals that SMBs are maturing and mirroring larger organizations' approaches to a variety of security issues, including data breach disclosure, customer data inquiries, threat hunting and more.

Ransomware is a business that's thriving in the current climate, but what's behind this and what wider problems do attacks create for businesses?

We had a socially-distanced chat with Chris Morales, head of security analytics at network detection and response specialist Vectra to find out more.

Researchers from Check Point have found serious vulnerabilities in the widely-used WordPress plugins that are used for large-scale online learning by top academic institutions and major businesses.

By exploiting the flaws in LearnPress, LearnDash and LifterLMS, students, as well as unauthenticated users, can abuse security flaws in order to steal personal information, siphon money and attain teacher privileges on the platform.

The COVID-19 pandemic is changing the way people work and do business. As governments worldwide impose compulsory community quarantines and lockdowns, many are turning to the internet to continue operating their businesses or doing their jobs. Teleworking is becoming the new normal with everyone expected to observe physical distancing to avoid the pandemic spreading.

Among other systems, payroll is one of the workflows worth examining amidst the changes brought about by the pandemic. As companies adopt remote work arrangements to avoid complete operational shutdown, those that have been manually processing their payroll need to find ways to adjust to the new situation.

Traditional penetration testing solutions often fail to provide the rapid, reliable and fully integrated security testing that fits with businesses' go-to-market timelines.

Crowdsourced security company Bugcrowd is looking to change this with the launch of its Classic Pen Test, powered by the Bugcrowd platform and focused on providing customers with on-demand access to methodology-driven pen testing at a fixed price.

Following the discovery of an SQL injection vulnerability in its XG Firewall product, Sophos has released an emergency patch to protect users against hackers.

The vulnerability affects both physical and virtual XG Firewall units, and signs of attacks were first noticed last week. Attackers exploiting the vulnerability on unpatched firewalls would be able to access all local usernames and hashed passwords of any local user accounts, including local device admins, user portal accounts, and accounts used for remote access.

Researchers at Check Point have discovered a new variant of Android malware called Black Rose Lucy that, when downloaded, encrypts files on the infected device and displays a ransom note in the browser claiming to be an official message from the FBI.

First discovered by Check Point in September 2018, Lucy is a Malware-as-a-Service dropper that originated in Russia and downloads and installs new threats with ransomware capabilities.

As attackers become more sophisticated, perimeter defenses are becoming less effective at protecting networks. Particularly so as endpoints may roam from network to network or utilize resources in cloud data centers that are not under direct corporate control.

To give IT security analysts increased visibility into what is happening at their network endpoints, security-as-a-service company Cygilant is launching a new endpoint security solution.

More than 16,000 COVID-19 related domains have been registered since January and while some are legitimate many have been set up to serve malware, create phishing pages, or scam site visitors.

And malicious domains aren't just a problem during the current pandemic, they're a growing issue across the internet. This is not helped by privacy rules which mean it's become harder for security researchers to use Whois to see who owns a domain.

A security flaw in Microsoft Teams made it possible for attackers to take over accounts just by getting a victim to view a GIF. The vulnerability stemmed from the way in which Teams handles images and could allow for account takeovers and data theft.

Security firm CyberArk discovered the issue over a month ago and then worked with the Microsoft Security Research Center under Coordinated Vulnerability Disclosure to get the vulnerability fixed. With COVID-19 leading to a huge increase in the number of people working remotely and relying on the likes of Zoom and Teams, the prospect of such an easily exploitable vulnerability is concerning.

Well known for its endpoint protection and malware removal solutions, Malwarebytes is now moving into the online privacy space with the launch of its own VPN.

Malwarebytes Privacy aims to offer best-in-class encryption without compromising on performance. It doesn't log the user's online activities and it offers a choice of virtual servers from over 30 countries in order to protect their real location.