Articles about Security

Yesterday we wrote about a bug in Windows Defender, seemingly introduced by a recent update. Only affecting Windows 10, the bug causes some virus scans to fail, and in others a somewhat unhelpful message informs users that there were unspecified "items skipped during scan".

The error message goes on to make reference to scanning exclusions as well as network scanning settings, and it is here that a simple solution has been found.

Continue reading →

Microsoft has warned that all versions of Windows feature critical unpatched RCE vulnerabilities. The security problems stem from the Windows Adobe Type Manager Library, and relates to the parsing of fonts.

The company is working on a fix which will be released when the next Patch Tuesday rolls around -- but for Windows 7 users, despite the critical nature of the bugs, it is only those who have paid for an ESU licence that will get the security update. There is a bit of good news, however. While the vulnerability is yet to be patched, there is a workaround available that will do the job for the time being.

Continue reading →

There are a lot of VPN services to choose from these days, and a lot of reasons for wanting to use one. But there is the matter of money to consider. Whether you're strapped for cash, or just want to give a VPN a serious test drive before committing to it, the more generous the free data allowance the better.

hide.me is one of many VPNs that offers a free package, and it has just announced that the data allowance for people on this tier has increased fivefold. The increase to 10GB per month is generous, but the way the free tier works means that you actually get an unlimited amount of VPN traffic for free.

Continue reading →

Microsoft's run of problematic updates for Windows 10 continues. This time an update is causing an issue that could have serious security implications for users -- it has broken Windows Defender.

While the Windows Defender security tool is included in Windows 7 and 8 the problem only affects Windows 10. Many people are finding that when they perform a virus scan, an error message is displayed that reads: "Items skipped during scan. The Windows Defender Antivirus scan skipped an item due to an exclusion or network scanning settings". For others, scans simply fail after a few moments.

Continue reading →

Building security into an application can often be an afterthought for developers, yet building those steps in at an early stage can save companies time and money.

We spoke with Matt Glenn, vice president of product management at Illumio, who shared his insights on why security professionals should be engaging with developers, and why segmentation is becoming a go-to tool for developers to easily implement security into their processes.

Continue reading →

We all know that hackers and cybercriminals are keen to cash in on any opportunity to spread their wares. Researchers at Check Point have uncovered that hackers are using COVID-19 to offer specials and discounts on the dark net.

In similar fashion to Black Friday or Cyber Monday discounts, hackers are using the coronavirus pandemic as a special promotion to sell their malicious goods to hungry cyber attackers.

Continue reading →

Almost 65 percent of security professionals surveyed at the recent RSA conference admit to accessing documents that have nothing to do with their jobs.

The study by risk analytics specialist Gurucul also reveals that nearly one in five (19 percent) of respondents admit to having abused their privileged access to view sensitive data. That number increases to 36 percent among those who've had a poor job performance review.

Continue reading →

Businesses increasingly struggle with the sheer volume of cyber threats that they face. One way of tackling that is a risk-based system that allows analysts to focus on the most pressing issues.

SIRP a Security Orchestration, Automation and Response (SOAR) platform is launching a new security scoring module to provide vital context for security teams and allow them to prioritize risks.

Continue reading →

Researchers at security vendor Check Point have revealed the identity and activities of a hacker whose seven-year career in cybercrime has earned him at least $100,000, and probably much more.

He's single, 25-years-old and living in Benin City, Southern Nigeria. His cybercrime activities have earned him, on average, at least 14 times the national minimum wage in Nigeria and three times the average professional salary in Nigeria every year since 2013.

Continue reading →

Whenever there's any kind of major news story that sparks public interest it's usually good for cyber criminals as they seek to exploit people's fears for their own gains.

The latest coronavirus (COVID-19) pandemic is no exception. The UK's National Cyber Security Centre has identified a number of attacks on a COVID-19 theme, these include bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected.

Continue reading →

What gets CISOs out of bed in the morning is knowing that they are keeping their organizations safe, according to a new study from privileged access management company Thycotic.

The study of more than 550 IT security decision-makers globally finds being the 'business bodyguard' and the knowledge that they are keeping their organization safe is the top motivator (29 percent), closely followed by being the upholder of ethics (25 percent).

Continue reading →

While we're all being encouraged to sing 'Happy Birthday' as we wash our hands to ward off the COVID-19 virus, you might like to know that you can sing it to the Dark Web, which turns 20 this month.

To mark the occasion digital risk management company Groupsense hasn't baked a cake but it has produced an infographic of the Dark Web's timeline.

Continue reading →

Earlier this week, Microsoft inadvertently released details of a critical vulnerability in the SMBv3 protocol in Windows 10 and Windows Server. While there was no fix available at the time, the company did provide suggestions about how to mitigate against attacks.

With the information out in the wild, Microsoft was under pressure to get a patch released to customers -- and now it has managed to produce such a fix. KB4551762 is an emergency patch for the CVE-2020-0796 vulnerability, and users are advised to install it as soon as possible.

Continue reading →

Open source components are the building bricks of many of today's software applications, but this puts them under increased scrutiny with regard to security.

Open source management specialist WhiteSource has released a new report which shows that disclosed open source software vulnerabilities in 2019 skyrocketed to over 6000, up almost 50 percent.

Continue reading →

Just in case you weren't worried enough by the coronavirus, a new survey of almost 500 security professionals released today by Venafi reveals that 88 percent of them believe the world is in a permanent state of cyber war.

In addition 90 percent are concerned that the most significant damage will be inflicted on digital infrastructure with the most vulnerable industries being those that are undergoing rapid digital transformation and are essential to daily life.

Continue reading →