Articles about Security

Users of Chrome are being urged to update their browsers as Google is rolling out a patch for two serious zero-day vulnerabilities, one of which is already being actively exploited.

The Chrome security team says that both vulnerabilities are use-after-free security issues which can be used to exploit arbitrary code. One vulnerability exists in an audio component of the browser, while the other can be found in the PDFium library. The Windows, macOS and Linux versions of Chrome are all affected.

Continue reading →

Attacks on cloud systems often take advantage of misconfigurations, something which can easily go undetected.

Can today's security operations teams use automation and leverage advanced analytics to adapt to the current, cloud-based threat landscape and maintain organizational safety?

Continue reading →

Domain name registrar Web.com has revealed that it fell victim to a data breach earlier in the year. Two of the company's subsidiaries, Network Solutions and Register.com were also attacked by the hackers at the same time.

The incidents took place back in late August, but were only discovered a couple of weeks ago. The attackers were able to access personal details of customers, but Web.com does not say how many people are affected -- although it is likely to run into the millions.

Continue reading →

As cybercriminals become more sophisticated, spotting phishing emails is increasingly difficult. Even if a user reports something suspicious to the IT security team it can take time to analyze it before others can be warned.

Security automation specialist LogicHub is launching its Autonomous Phishing Triage, which automatically and accurately analyzes and classifies emails with 97 percent accuracy, reducing the number of alerts requiring human analysis by 75 percent or more.

Continue reading →

According to the results of a new survey, 74 percent of organizations say that since GDPR was introduced in 2018 it has had a beneficial impact on consumer trust, and 73 percent claim it has boosted their data security.

The study from Check Point questioned 1,000 CTOs, CIOs, IT and security managers from organizations in the UK, France, Germany, Italy and Spain. It shows that GDPR is delivering a strong positive effect overall for European businesses.

Continue reading →

We know that cybercrime is increasingly a very serious business and a new report from Akamai Technologies reveals that enterprise-based development and deployment strategies are being used to create phishing attacks.

Tools such as phishing as a service (PaaS) are being used to leverage some of the world's largest tech brands, with 42.63 percent of domains observed targeting Microsoft, PayPal, DHL, and Dropbox.

Continue reading →

Every time there's a major data breach it adds to the pool of stolen details available on the Dark Web, but exactly what is out there?

To find out, ImmuniWeb has been analyzing the quality and quantity of stolen credentials accessible on the Dark Web originating from Fortune 500 companies in 10 different industries around the world.

Continue reading →

With DevOps gaining in popularity at many companies, the tension between speed and security is an ongoing issue. This tension exists because the common perception is that security slows down agile development and the CI/CD pipeline.

We spoke to Manish Gupta CEO of continuous application security platform ShiftLeft to discuss the dynamics within DevOps that create this tension and how IT organizations can achieve both speed and security.

Continue reading →

As the holiday season approaches and there's a consequent spike in the amount of money spent online, retail cybersecurity comes under the spotlight.

Bugcrowd is releasing its State of Retail Cybersecurity report that explores the vulnerabilities found among retailers over the last year. Among the key findings is that crowdsourced security adoption increased by 137 percent year on year.

Continue reading →

Cybersecurity company Webroot has released its third annual Nastiest Malware list which shows ransomware making a comeback in addition to other threats.

Phishing and botnets are still popular attack methods and threats across the board are also becoming more sophisticated and harder to detect.

Continue reading →

Google has already revealed plans for Chrome which it says will increase privacy and security. DNS-over-HTTPS (DoH) was announced back in September, and the company is already worried that people are confused about the implementation.

The company has published a defensive blog post in which it says that "there has been some misinformation and confusion about the goals of our approach and whether DoH will impact existing content controls offered by ISPs". It goes on to try to dispel the incorrect beliefs it says have built up.

Continue reading →

Organizations face a greater range of cyber threats than ever before. The key to dealing with these threats is better intelligence about the latest vulnerabilities.

We spoke to Jay Prassl, CEO of cyber hygiene startup Automox, which has recently launched an open community to foster cyber hygiene best practices, to find out more about how crowdsourcing and information sharing can help reduce the corporate attack surface.

Continue reading →

A major problem for social media and other online businesses is the creation of spoof accounts. Guarding against these can be difficult but identity-as-a-service company Jumio has come up with a solution.

Jumio Go is a real-time, fully automated identity verification platform. It includes liveness detection to spot when photos, videos or even realistic 3D masks are used instead of actual selfies to create online accounts.

Continue reading →

Microsoft has beaten Amazon to win the controversial $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud contract from the US Department of Defense.

A year ago, Microsoft employees were trying to discourage the company from bidding for the contract over concerns that the technology is develops could "be used for waging war". The DoD confirmation that the "contract will address critical and urgent unmet warfighter requirements for modern cloud infrastructure" will do nothing to calm these fears.

Continue reading →

The personal data of nearly 7.5 million Adobe Creative Cloud users was exposed earlier this month when an unsecured database was discovered online.

The database, which could be accessed by anyone without the need for a username or password, included information such as email addresses, member IDs and payment status. People accessing the database were also able to see which Adobe products were used by individuals, the country they live in, and whether they are Adobe employees.

Continue reading →