Articles about Security

According to a recent Gartner report a third of successful attacks on enterprises will come via shadow It by 2020.

It's therefore more important than ever for organizations to understand the risks and properly assess the attack surface they present. Bugcrowd is launching a new Attack Surface Management (ASM) tool to allow them to do this.

Continue reading →

A focus on fixing new issues while neglecting ageing flaws leads to increasing security debt according to a new report.

The study -- the 10th such report from security testing specialist Veracode -- analyzed more than 85,000 applications across more than 2,300 companies worldwide and finds that fixing vulnerabilities has become just as much a part of the development process as improving functionality.

Continue reading →

As smartwatches take on more and more functions they are more likely to access business and personal data, so focus turns to their security.

Consumer authentication specialist Nok Nok Labs is launching the industry's first FIDO-based authentication solution for smartwatches in the form of its Nok Nok App SDK for Smart Watch.

Continue reading →

Managing user accounts involves a range of tasks from access approvals to user credentials, compliance reviews and the perennially popular password reset.

Identity management company SailPoint is releasing results of its annual Market Pulse survey which finds many IT teams don't have enough time to get everything done and are looking to automate identity tasks.

Continue reading →

With growing consumer awareness of data breaches and the potential for businesses to misuse data, a new survey looks at how this is affecting behavior.

The study from Ping Identity surveyed over 4,000 people around the world and finds 49 percent of respondents are more concerned about protecting their personal information than they were a year ago.

Continue reading →

Microsoft is partnering with PC manufacturers and chip-makers on a new initiative designed to make systems with firmware that cannot be hacked.

Called Secured-core PCs, the systems apply the security best practices of isolation and minimal trust to the firmware layer. This helps to protect systems from low-level interference by malicious code.

Continue reading →

Security firm Avast has revealed that it detected and intercepted suspicious activity on its network. The malicious attack is believed to have been instigated by hackers seeking to target the CCleaner software.

This is not the first time Avast and CCleaner have been targeted, and the company has revealed that an attacker had been trying to gain access to its network through its VPN as long ago as mid-May. The attacks -- dubbed "Abiss" -- continued until the beginning of this month.

Continue reading →

As fingerprints are unique to everyone, they would seem like a decent way to secure your phone. But if you have a Samsung Galaxy S10, it is possible to unlock it with any fingerprint -- all that's needed is a screen protector.

With a cheap screen protector over the in-screen fingerprint reader, phones can be unlocked using any fingerprint, not just those registered to the device. Samsung has acknowledged the issue and promises that a fix is incoming.

Continue reading →

Yubico, a company best known for its hardware security keys, launched a new application for Microsoft's Windows operating system this week called Yubico Login.

The free software adds another layer of security to the local login process on Windows machines to better protect the system from unauthorized access.

Continue reading →

As if avoiding phishing, fake phone calls, and questionable emails wasn’t already a daily challenge to protecting personal data, "trustworthy" websites are now effective vehicles for launching malware, and no device is safe. In today’s digital world, the security of the internet has become a tricky task, especially considering nearly half of the world’s most popular websites are risky places to visit.

Consider this: the web browser serves as one of the primary conduits for delivering malware, so how can organizations protect their assets and users? Taking extreme measures, some enterprises have entertained the idea of using tablets or iPads to keep high-risk users safe from malware. But given the recent iPhone and iOS hacks, mobile devices have proven to be just as susceptible to attacks. For instance, Google's Project Zero security team recently revealed that iOS security was breached after websites in the wild had found a number of vulnerabilities. Not only were they able to break through layers of security, hackers were able to take full control of the device.

Continue reading →

There has been a lot of scrutiny on patches issued by Microsoft recently, but now Adobe is vying for attention by releasing patches for a slew of programs, fixing literally dozens of bugs.

Adobe Acrobat and Reader have received patches for no fewer than 45 critical vulnerabilities, as well as an additional 21 less serious issues. There are also patches for Adobe Experience Manager, Adobe Experience Manager Forms and Adobe Download Manager.

Continue reading →

Many data breaches involve some form of compromised credentials and the problem is made worse where accounts have privileged access.

ManageEngine, the enterprise IT division of Zoho, is launching a new product called PAM360, a complete solution to prevent the exploitation of accounts with privileged access.

Continue reading →

Wasted technology spend accounts for 30 percent of all IT spending according to the latest State of Tech Spend report from Flexera.

The average IT spend is 8.2 percent of revenue, but larger businesses (with more than 10,000 employees) this rises to 9.3 percent of revenue. 56 percent of respondents expect to increase their spending

Continue reading →

Endpoints are generally the part of any network that is most vulnerable to attack, but as the number and diversity of devices expands, defending the endpoint effectively is a major challenge.

Symantec is aiming to make life easier with the launch of Endpoint Security Complete, offering organizations a single solution for protection, detection and response, as well as new attack surface reduction and breach assessment and prevention capabilities.

Continue reading →

New research released by AttackIQ based on a study by the Ponemon Institute reveals some worrying trends on the level of accountability for IT security and a lack of confidence in determining the effectiveness of security technologies.

Ponemon surveyed over 570 IT and IT security practitioners in the US and finds 63 percent of survey respondents say their IT security leadership doesn't report to the board on a regular basis, and 40 percent say they don't report to the board at all.

Continue reading →