Articles about Security

Does the cybersecurity industry have an issue with gender bias? A new report from Tessian based on a survey of 200 female cybersecurity professionals in both the US and UK suggests that it does.

According to the results 82 percent of female cybersecurity professionals in the US believe that cybersecurity has a gender bias problem, compared with 49 percent of those in the UK.

Continue reading →

Patch Tuesday is supposed to be the day Microsoft issues bug-fixing updates for Windows and other software, but this week things were a little different. In addition to the usual patches, the company also inadvertently revealed the existence of a critical vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol -- one for which there is currently no patch.

It seems that Microsoft had intended to issue a patch to the vulnerability (CVE-2020-0796) yesterday, and therefore referenced it in the introductory text for the Patch Tuesday release, but then changed its mind -- perhaps because the patch was not ready. Two cybersecurity firms also published brief details of the security flaw, and while Microsoft is still yet to issue a patch, the company has provided details of workarounds.

Continue reading →

Even though there are many different tools now available, IT and security teams are increasingly losing touch with their asset base.

A new study from Enterprise Strategy Group, commissioned by asset management platform Axonius reveals that an ever-increasing number of end-user devices, rapid cloud adoption, and a growth in IoT devices are leading to increased complexity and risk and decreased visibility.

Continue reading →

Both the NSA and a cybersecurity firm have reminded the tech world of the existence of a remote code execution vulnerability in Microsoft Exchange Server.

Although Microsoft issued a patch for CVE-2020-0688 last month, numerous state-sponsors hacking groups have been spotted exploiting the vulnerability. There was an uptick in exploitation after a technical report of the details of the vulnerability were published by a security researcher.

Continue reading →

If you thought that Kilos were just a metric measure of weight, then we've got news for you. It's also the name of a dark web search engine that's becoming the Google of the internet underworld.

Thought to have evolved from an earlier search engine Grams -- see what they did there? -- Kilos clearly imitates Google's look and feel. Researchers at Digital Shadows believe that since going live towards the end of 2019 Kilos has indexed more platforms and added more search functionalities than Grams ever did.

Continue reading →

When I started my 10-year career in IT, it was common in smaller companies to see IT departments managing physical security. IT teams knew when new staff were onboarded and offboarded, and access control was just another task to add to their processes. While larger organizations had IT departments as well, they also may have leaned more on a facilities department or even dedicated physical security staff.

Since then, the worlds of physical security and IT have converged. While some of this system has stayed the same, there’s been one major change: regardless of who’s in charge of managing physical security, IT is involved by either owning the system or individual parts of it -- tasks like network or server provisioning, database management, backups and firmware upgrades. Enterprises are starting to understand this convergence and that they must take a more active role in security and where it fits in the organization’s overall strategy. Teams responsible for security -- both physical security and IT -- will face increased calls to work together and address their companies’ ever-evolving security needs.

Continue reading →

Vulnerability researchers were able to hijack a series of subdomains belonging to Microsoft after the company was found to be employing poor DNS practices.

Subdomains including mybrowser.microsoft.com and identityhelp.microsoft.com were among ten hijacked by a team of security researchers from Vullnerability. In all, more than 670 Microsoft subdomains were found to be at risk of being taken over.

Continue reading →

A new report from Kaspersky shows 61 percent of companies globally have implemented IoT applications as the technology benefits businesses with savings, new income streams and increased production efficiency.

But 28 percent of organizations have experienced cybersecurity incidents targeted at connected devices, highlighting the need to protect IoT technology.

Continue reading →

DMARC (Domain-based Message Authentication, Reporting and Conformance) is a vendor-neutral authentication protocol that allows email domain owners to protect their domains from unauthorized use or spoofing.

A new report from anti-phishing specialist Valimail reveals that as of January 2020, nearly a million (933,973) domains have published DMARC records -- an increase of 70 percent compared to last year, and more than 180 percent growth in the last two years.

Continue reading →

Let's Encrypt has discovered a bug in its Certificate Authority Authorization (CAA) code and will have to revoke millions of certificates today unless customers force a renewal of their certificates.

Any site that fails to renew its certificate will display security warnings to visitors until the problem is rectified. While no specific sites have been mentioned, with up to three million certificates involved, there is a chance that some high-profile sites could be affected.

Continue reading →

Cyber criminals launched a barrage of attacks in 2019, spurred on by botnets of infected IoT devices and by attacker interest in the Eternal Blue vulnerability.

Security company F-Secure's global network of honeypots saw 5.7 billion attacks during the year. For comparison, 2018 saw just over one billion attacks, while 2017 saw 792 million.

Continue reading →

Companies are putting more resources into security technologies to detect and respond quickly to a data breach, but the number of breaches is still increasing according to a new report.

The latest annual corporate preparedness study from Experian, based on research carried out by the Ponemon Institute, shows 68 percent of respondents are putting more resources into security, with 57 percent also reporting that they believe their data breach response plans are 'very' or 'highly' effective, up from 49 percent in 2018.

Continue reading →

An unsecured database has been found online that contains 146 million records about people who have used free Wi-Fi at railway stations in the UK.

The database was discovered by a security researcher on Amazon web services storage. It was found to include personal details such as usernames, dates of birth, email addresses and details of travel arrangements. Network Rail and the service provider C3UK have confirmed the data leak.

Continue reading →

With the switch to the Chromium engine, there's a lot more to like about Microsoft Edge these days. Microsoft is now pushing the browser hard, with the promise of serious speed improvements being used as a lure.

The latest update offers something extra -- protection against potentially unwanted applications (PUA). Microsoft Edge will now step in and block adware, cryptocurrency miners and other unwanted nonsense, particularly when downloading free software. The Microsoft Edge Team explains how to get the most from the protection.

Continue reading →

Despite a surge in app usage, with consumers downloading over 200 billion apps and spending more than $120 billion in app stores worldwide in 2019, Google's new security controls mean blacklisted apps available in the Play store dropped 76.4 percent.

The latest Mobile App Threat Landscape report from RiskIQ shows total blacklisted apps across all stores are down 20 percent.

Continue reading →