Articles about Security

Whenever there's any kind of major news story that sparks public interest it's usually good for cyber criminals as they seek to exploit people's fears for their own gains.

The latest coronavirus (COVID-19) pandemic is no exception. The UK's National Cyber Security Centre has identified a number of attacks on a COVID-19 theme, these include bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected.

Continue reading →

What gets CISOs out of bed in the morning is knowing that they are keeping their organizations safe, according to a new study from privileged access management company Thycotic.

The study of more than 550 IT security decision-makers globally finds being the 'business bodyguard' and the knowledge that they are keeping their organization safe is the top motivator (29 percent), closely followed by being the upholder of ethics (25 percent).

Continue reading →

While we're all being encouraged to sing 'Happy Birthday' as we wash our hands to ward off the COVID-19 virus, you might like to know that you can sing it to the Dark Web, which turns 20 this month.

To mark the occasion digital risk management company Groupsense hasn't baked a cake but it has produced an infographic of the Dark Web's timeline.

Continue reading →

Earlier this week, Microsoft inadvertently released details of a critical vulnerability in the SMBv3 protocol in Windows 10 and Windows Server. While there was no fix available at the time, the company did provide suggestions about how to mitigate against attacks.

With the information out in the wild, Microsoft was under pressure to get a patch released to customers -- and now it has managed to produce such a fix. KB4551762 is an emergency patch for the CVE-2020-0796 vulnerability, and users are advised to install it as soon as possible.

Continue reading →

Open source components are the building bricks of many of today's software applications, but this puts them under increased scrutiny with regard to security.

Open source management specialist WhiteSource has released a new report which shows that disclosed open source software vulnerabilities in 2019 skyrocketed to over 6000, up almost 50 percent.

Continue reading →

Just in case you weren't worried enough by the coronavirus, a new survey of almost 500 security professionals released today by Venafi reveals that 88 percent of them believe the world is in a permanent state of cyber war.

In addition 90 percent are concerned that the most significant damage will be inflicted on digital infrastructure with the most vulnerable industries being those that are undergoing rapid digital transformation and are essential to daily life.

Continue reading →

Does the cybersecurity industry have an issue with gender bias? A new report from Tessian based on a survey of 200 female cybersecurity professionals in both the US and UK suggests that it does.

According to the results 82 percent of female cybersecurity professionals in the US believe that cybersecurity has a gender bias problem, compared with 49 percent of those in the UK.

Continue reading →

Patch Tuesday is supposed to be the day Microsoft issues bug-fixing updates for Windows and other software, but this week things were a little different. In addition to the usual patches, the company also inadvertently revealed the existence of a critical vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol -- one for which there is currently no patch.

It seems that Microsoft had intended to issue a patch to the vulnerability (CVE-2020-0796) yesterday, and therefore referenced it in the introductory text for the Patch Tuesday release, but then changed its mind -- perhaps because the patch was not ready. Two cybersecurity firms also published brief details of the security flaw, and while Microsoft is still yet to issue a patch, the company has provided details of workarounds.

Continue reading →

Even though there are many different tools now available, IT and security teams are increasingly losing touch with their asset base.

A new study from Enterprise Strategy Group, commissioned by asset management platform Axonius reveals that an ever-increasing number of end-user devices, rapid cloud adoption, and a growth in IoT devices are leading to increased complexity and risk and decreased visibility.

Continue reading →

Both the NSA and a cybersecurity firm have reminded the tech world of the existence of a remote code execution vulnerability in Microsoft Exchange Server.

Although Microsoft issued a patch for CVE-2020-0688 last month, numerous state-sponsors hacking groups have been spotted exploiting the vulnerability. There was an uptick in exploitation after a technical report of the details of the vulnerability were published by a security researcher.

Continue reading →

If you thought that Kilos were just a metric measure of weight, then we've got news for you. It's also the name of a dark web search engine that's becoming the Google of the internet underworld.

Thought to have evolved from an earlier search engine Grams -- see what they did there? -- Kilos clearly imitates Google's look and feel. Researchers at Digital Shadows believe that since going live towards the end of 2019 Kilos has indexed more platforms and added more search functionalities than Grams ever did.

Continue reading →

When I started my 10-year career in IT, it was common in smaller companies to see IT departments managing physical security. IT teams knew when new staff were onboarded and offboarded, and access control was just another task to add to their processes. While larger organizations had IT departments as well, they also may have leaned more on a facilities department or even dedicated physical security staff.

Since then, the worlds of physical security and IT have converged. While some of this system has stayed the same, there’s been one major change: regardless of who’s in charge of managing physical security, IT is involved by either owning the system or individual parts of it -- tasks like network or server provisioning, database management, backups and firmware upgrades. Enterprises are starting to understand this convergence and that they must take a more active role in security and where it fits in the organization’s overall strategy. Teams responsible for security -- both physical security and IT -- will face increased calls to work together and address their companies’ ever-evolving security needs.

Continue reading →

Vulnerability researchers were able to hijack a series of subdomains belonging to Microsoft after the company was found to be employing poor DNS practices.

Subdomains including mybrowser.microsoft.com and identityhelp.microsoft.com were among ten hijacked by a team of security researchers from Vullnerability. In all, more than 670 Microsoft subdomains were found to be at risk of being taken over.

Continue reading →

A new report from Kaspersky shows 61 percent of companies globally have implemented IoT applications as the technology benefits businesses with savings, new income streams and increased production efficiency.

But 28 percent of organizations have experienced cybersecurity incidents targeted at connected devices, highlighting the need to protect IoT technology.

Continue reading →

DMARC (Domain-based Message Authentication, Reporting and Conformance) is a vendor-neutral authentication protocol that allows email domain owners to protect their domains from unauthorized use or spoofing.

A new report from anti-phishing specialist Valimail reveals that as of January 2020, nearly a million (933,973) domains have published DMARC records -- an increase of 70 percent compared to last year, and more than 180 percent growth in the last two years.

Continue reading →