Security

Zoom's privacy and security issues have been in the headlines for a number of weeks now, causing concern for lots of users. But many people have no option but to use the software after it has been selected by the company they work for.

If you find that you have to use Zoom, there are steps you can take to ensure your experience is as safe as possible. Security firm Kaspersky has offered up a series of tips to boost your security and privacy on the platform.

Just a quarter (24 percent) of end-of-life equipment is being cleaned up and reused, while 39 percent of organizations physically destroy end-of-life IT equipment according to a new study.

Research from data erasure specialist Blancco Technology Group looks at the issues associated with the corporate sustainability practices that some of the world's largest enterprises are following today.

While many industries are struggling to continue during the lockdown, the cybercrime business is gearing up to exploit the economic stimulus and relief payments being offered around the world.

Researchers at Check Point have seen COVID-19 related cyberattacks rise to an average of 14,000 a day this month, which is six times the average number of daily attacks compared to March.

The unrelenting criticism of Zoom continues, with India being the latest to slap an official ban on the video conferencing tool.

Voicing concerns that Zoom is "not a safe platform", the Indian Cyber Coordination Centre issued an advisory saying that the tool is "not for use by government offices/officials for official purpose". But the country recognizes that many people will want or need to continue using Zoom and the ministry of home affairs has issued a helpful guide to safe use of the service.

We've seen many companies offering free software during the current crisis. Now security and risk analytics company Gurucul is launching two free services to help organizations protect themselves against cyberattacks that target their remote workers and third-party identities.

These deliver the Gurucul Unified Security and Risk Analytics platform as a cloud service with pre-configured and tuned algorithms that can detect unusual and high risk behavior patterns exhibited by remote workers as well as third party identities and devices.

Research into the buying intentions of IT decision makers in the UK has revealed that, despite many organizations (55 percent) putting their buying on hold, 38 percent are still reviewing their digital needs and progressing buying decisions.

The study of 100 top IT decision makers, conducted earlier this month by data-driven consultancy Resonance, finds 67 percent of those actively seeking solutions have increased their urgency to implement them.

Just in case you didn't have enough to worry about at the moment, the Information Security Forum has published its Threat Horizon 2022 report, looking ahead to the cyber challenges of the next two years.

Balancing today's realities with forecasts that push the limits of thinking, the report highlights nine major threats, broken down into three themes, that organizations can expect to face as a result of developments in technology.

Digital risk protection company Terbium Labs has released a trend report on the stolen and fraudulent data of three of the largest multi-good dark web marketplaces, which finds that fraud guides account for 49 percent of the data being sold.

Personal data lags some way behind at at 15.6 percent, followed by non-financial accounts and credentials (12.2 percent), financial accounts and credentials (8.2 percent), fraud tools and templates (eight percent) and payment cards (seven percent).

Containerization is increasingly popular, but its adoption presents challenges when it comes to vulnerability management and protection.

DevOps security specialist NeuVector is launching new features for its platform aimed at enterprise teams.

Both the Windows and macOS versions of Zoom have critical, unpatched security vulnerabilities that could be exploited by hackers to target users and spy on calls and meetings.

Security experts say -- despite not having seen the actual code for the exploits -- that the Windows version of Zoom is affected by an RCE (Remote Code Execution) described as being "perfect for industrial espionage". The zero-days have been offered for sale for $500,000.

With a sudden shift to remote working many companies are faced with lowering quality controls and making short term tactical fixes to support their remote workforce, increasing their exposure to threats and cyberattacks.

Security specialist F-Secure has launched a new offering based on its award-winning managed detection and response (MDR) service, F-Secure Countercept.

With many more people working from home currently the risks to business data from the use of potentially insecure applications is increased.

Kaspersky is launching a new version of its Endpoint Security Cloud, which will enable businesses to control the unauthorized use of potentially insecure applications and sites by employees whilst working from home.

Microsoft's monthly Patch Tuesday security updates are always important, but the ones released this week are particularly important. Not only do the fixes address numerous zero-day vulnerabilities, but the security flaws they fix were being actively exploited.

In all, Microsoft has plugged 113 CVE-numbered vulnerabilities this month. 17 of these are marked as being critical, and 96 as important.

Cybersecurity is important to any enterprise, but it's especially key to those that are delivering critical infrastructure.

But recent research from Nozomi Networks shows that often the development of a holistic security approach is being driven by events such as security breaches.

With greater numbers than ever working remotely due to the coronavirus crisis, there's increased focus on the security risks posed by home networks.

New research from BitSight, based on analysis of over more than 41,000 organizations, reveals that networks used to work from home are 3.5 times more likely to have malware present than the traditional corporate network.