Articles about Security

The global market for commercial spyware is currently estimated at around $12 billion, which over the last 10 years has seen 80 countries purchase the technology. Spyware is used for a range of purposes, allowing operators to gain remote access to devices from across the world. Once a device becomes infected, the perpetrator gains complete control of the device, which can mean unfettered access to messages, audio calls, photos, and remote access to cameras and microphones.

What’s worrying is spyware is becoming accessible even to users lacking advanced tech skills. Cheaper, more rudimentary forms of spyware like stalkerware exist. Stalkerware can be particularly intrusive and abusive as it must be physically installed, meaning attackers need direct access to which ever device they try to infiltrate. In this article, we will expose the threat from digital spying and stalking, and how to maximize protection.

Continue reading →

The security of APIs remains a top cybersecurity concern this year, according to a new study, yet there is still a lack of dedicated API security for many companies.

Research from TraceableAI, carried out at this year's RSA conference, finds that though 69 percent of organizations claim to factor APIs into their cybersecurity strategy, 40 percent of companies do not have dedicated professionals or teams for API security.

Continue reading →

Cybersecurity is an emerging career trend and will continue to become increasingly important.

Despite the lucrative pay and significant career growth opportunities, many people are unsure of how to get started. Cybersecurity Career Master Plan is designed by leading industry experts to help you enter the world of cybersecurity with confidence, covering everything from gaining the right certification to tips and tools for finding your first job.

Continue reading →

Whether security leaders oversee a small security team or an enterprise-scale team spread over numerous security operations centers (SOCs), building and maintaining integrations with other tools in the tech stack can be difficult and time-consuming.

The average business integrates approximately 75 different security products and often multiple public, and private cloud services into its technology stacks. Many dynamic factors are at play with integrations, from versioning and version control to the constant evolution of Application Program Interfaces (APIs).

Continue reading →

A new report shows that 2022 saw a 300 percent increase in 'carpet bomb' DDoS attacks compared to 2021. Carpet bomb attacks, also known as spread-spectrum or spray attacks, distribute traffic across large IP address spaces.

Legacy technology, like standard victim-oriented detection and mitigation detection techniques, often fails to accurately identify these attacks, leading to incomplete mitigation or false positives. Legacy solutions can also simply be overwhelmed by the number of IP addresses involved.

Continue reading →

Security professionals all know that they should test their security hardware and software periodically to make sure it's working as intended. Many normal IT activities have unintended consequences that cause security configurations to 'drift' over time and make the organization more vulnerable.

But testing is frequently postponed or ignored because it never becomes a high enough priority. We spoke to Song Pang, SVP of engineering at NetBrain, to find out how automation can be used to detect when security products or network traffic are no longer behaving as intended.

Continue reading →

WhatsApp has long been one of the more secure messaging apps with mass appeal, largely thanks to end-to-end encryption. This has been boosted further by features such as disappearing messages, and now Meta has added Chat Lock.

The company says that the feature "lets you protect your most intimate conversations behind one more layer of security"; what this means in practice is that message can be password or fingerprint protected. But there is more to Chat Lock than this.

Continue reading →

Microsoft has been spotted scanning for malware within password protected zip files stored on its cloud services.

Security researcher Andrew Brandt was among those to notice that Microsoft appears to be bypassing passwords added to zip archives in order to check for malware. While the intentions of the company may be good, the practice raises serious questions about privacy and security.

Continue reading →

It's human nature to have an, 'it can't happen to me' approach to life's mishaps, whether it's being involved in a traffic accident or falling victim to cybercrime.

But of course these things do happen to someone. When it comes to identity theft, Home Security Heroes has taken a more scientific approach to determining how likely you really are to become a victim.

Continue reading →

Quantum computing is something that seems to have been hovering just out of reach for a decade or so -- in fact research into the concept first began back in the 1980s.

More recently quantum has come closer to a commercial reality, with big players like IBM publishing a road map with a clear, detailed plan to scale quantum processors and build the hardware necessary to take advantage of the technology and other big players like Google, Amazon, and Microsoft having since followed suit.

Continue reading →

Web browser Brave has long had a focus on privacy, making it the browser of choice for those with concerns about online tracking and the like. Although Brave may be regarded as one of the most private browsers available, its developers continue to work on new innovations; the latest is Forgetful Browsing.

This new feature makes it possible to always clear cookies and other storage when a site is closed, helping to eliminate the potential for tracking and bringing other benefits. Forgetful Browsing can be enabled on a site-by-site basis, or applied across the board, and it prevents sites from using trackers to identify you, bypasses article viewing limits, and ensures that you are logged out of sites when you leave them.

Continue reading →

Modern IT environments continue to become more and more distributed, driving the growth of endpoints across the enterprise. Some research estimates that enterprises now manage more than 135,000 endpoints and Enterprise Strategy Group estimates that more than 70 percent of employees use more than four devices daily for work. That’s a lot of endpoints. And when you combine this endpoint growth with the fact that 560,000 new pieces of malware are detected every day, how can you not wonder if your organizations is the next target for a ransomware or phishing attack.

Security pros are overwhelmed by endpoints and struggle to find the right mix of solutions and strategies that can effectively secure their organizations. The more diverse they are, the more difficult they are to manage and secure (especially with mobile and IoT device proliferation). Just look at recent attacks against Twitter, Slack, Taco Bell, and more. For many organizations, endpoint security is really hard. This is why their security teams need to constantly assess and adjust their endpoint security strategies.

Continue reading →

Like any new innovation, the metaverse is currently at the center of a 'risk versus reward' debate. Unsurprisingly, the 3D virtual world has received a lot of attention, with McKinsey confirming that more than $120 billion was invested in building out metaverse technology and infrastructure in the first five months of 2022.

Promises of extraordinary use cases, from teaching virtualized university lectures to performing surgeries for patients in other countries -- not to mention the potential cost saving and accessibility benefits -- have garnered curiosity. But while it could be some time until we see mass adoption of the metaverse, the security community is already apprehensive of the evolving security risks.

Continue reading →

A new survey from Delinea of over 2,000 IT security decision makers (ITSDMs) reveals that only 39 percent of respondents think their company's leadership has a sound understanding of cybersecurity's role as a business enabler.

In addition, over a third (36 percent) believe that it is considered important only in terms of compliance and regulatory demands, while 17 percent say it isn't seen as a business priority.

Continue reading →

More than eight in 10 data breaches globally can be attributed to human error.

People are the weakest link in cybersecurity. And this weakness comes from a lack of awareness about our cyber risk and the behaviors that influence it. Many people see cybersecurity as an IT concern. In truth, cybersecurity concerns everyone. When our hospitals get infected with ransomware, we can’t receive care. When our organizations experience a cyberattack, we lose our jobs. Still, we tend to underestimate the importance of cybersecurity to our society and economy.

Continue reading →