Articles about Security

Microsoft releases emergency patches for Internet Explorer zero-day and Windows Defender flaw

Microsoft glass building logo

Microsoft has released a pair of emergency patches, one for a remote code execution zero-day in Internet Explorer, and one for a denial of service vulnerability in Windows Defender.

In the case of Internet Explorer, the security flaw -- discovered by Clément Lecigne from Google's Threat Analysis Group -- is being actively exploited. Microsoft describes it as a "scripting engine memory corruption vulnerability", and has assigned it CVE-2019-1367.

Continue reading

3 must-do tasks to make vulnerability management useful in today's environments

vulnerability bomb

I recently heard an executive describe how his team essentially threw its vulnerability report in the trash every time they received one. This seemed a bit extreme, but he informed a group of conference attendees that it wasn’t because the vulnerability reports didn’t contain important information -- it was because they have become so overwhelming.

Vulnerability management vendors today are routinely scanning for more than 100,000 vulnerabilities. Imagine the strain that places on an organization if even only a fraction of these vulnerabilities are found within their network. Then consider the feeling associated with the knowledge that there is no possible way to address them all in an effective time frame that will ensure that you are not at risk.

Continue reading

'Why am I right for the CISO job? Well, we had a massive data breach...'

Job interview

A new study from Optiv Security shows that 58 percent of CISOs think experiencing a data breach makes them more attractive to potential employers.

The survey results show a fundamental change in how senior executives and board members perceive cybersecurity, with 96 percent agreeing that senior executives have a better understanding than they did five years ago.

Continue reading

Network-based solution offers SMBs enterprise-class security

network

A new network-based internet security solution from Comcast is specifically engineered to help small businesses effectively manage the growing risk of cyberattacks.

Comcast Business SecurityEdge works to protect devices connected to a business' Wi-Fi network against existing and emerging internet-related threats, including malware, ransomware, phishing and botnet infections, without requiring additional hardware or software beyond the Comcast Business Internet modem.

Continue reading

Disclosing vulnerabilities improves security for everyone

code

According to a new study 90 percent of IT professionals believe disclosing vulnerabilities serves a broader purpose of improving how software is developed, used and fixed.

The survey from application security testing specialist Veracode finds more than a third of companies received an unsolicited vulnerability disclosure report in the past 12 months, representing an opportunity to work together with the reporting party to fix the vulnerability and then disclose it, improving overall security.

Continue reading

Automated attacks on eCommerce get more sophisticated

eCommerce

The sophistication level of bots attacking eCommerce sites is on the rise according to a new report from cybersecurity company Imperva.

Traffic to eCommerce sites is made up of 17.7 percent bad bots, 13.1 percent good bots and 69.2 percent humans, the findings show, and the bad bots are getting better -- but not in a good way.

Continue reading

Cross-Site Request Forgery: How to protect your app from CSRF attacks

CSRF attack

The rise of cyber-attacks in the last few years is stunning. The list of targeted organizations includes big name retailers like Macy’s, social sites like Twitter, banks, hospitals, utility companies, governments, military installations… no organization is exempt from this growing threat.

It’s a massive -- and expensive -- problem to fix. The cyber security market is predicted to grow from $150 billion in 2018 to $250 billion by 2023, to help protect apps and businesses from these risks. One of the most common, yet potentially highly dangerous, risks is known as Cross-Site Request Forgery or CSRF.

Continue reading

New open source tool helps prevent brute force and ransomware attacks

Malware shield

Ransomware attacks are a major problem and they often gain access to systems via brute-force attacks against open and exposed remote access points such as Remote Desktop Protocol.

Cloud-native virtual application delivery platform Cameyo is launching its new RDP Port Shield security technology, along with a free, open source monitoring tool that any organization can use to identify attacks taking place over RDP in their environment.

Continue reading

Information security needs to focus on the human factor

Human factor

Human error has become one of the biggest contributors to data breaches. Organizations have traditionally relied on the effectiveness of technology controls but haven't addressed the fundamental reasons why humans make mistakes and are susceptible to manipulation.

A new report from the Information Security Forum finds that by helping staff understand how these vulnerabilities can lead to poor decision making and errors, organizations can better manage risk.

Continue reading

Saudi IT providers hit by supply chain attacks

Broken chain

Researchers at cybersecurity company Symantec have uncovered a new threat group dubbed 'Tortoiseshell' that is attacking IT providers.

The research has identified 11 targets, most of them in Saudi Arabia. In two cases hundreds of hosts were infected, probably because the attackers were hunting for machines that were of particular interest.

Continue reading

Healthcare industry needs treatment to improve data security

Healthcare data

The healthcare sector collects a lot of detailed information about its clients and that makes it a prime target for cybercriminals.

A new report from SecurityScorecard confirms this, aggregating data from a number of different sources it reveals that healthcare remains the most breached industry.

Continue reading

Sneaky cryptocurrency-mining malware Skidmap hits Linux

Monero mining

Security researchers at TrendMicro have discovered a rootkit-like strain of malware that is striking Linux users. Called Skidmap, the malware is a cryptocurrency miner, but there is much more to it than that.

Skidmap is clever. Very clever. It goes out of its way to disguise itself, going as far as faking system statistics to hide the tell-tale high CPU usage that might give it away. More than this, the Monero-mining malware can also give attackers unlimited access to an infected system.

Continue reading

LastPass fixes bug that exposed passwords

lastpass-logo

The browser extensions for password management tool LastPass suffered from a vulnerability that meant users' passwords could be leaked, a Google Project Zero researcher reported.

Affecting the Chrome and Opera extensions, the vulnerability meant that malicious websites could trick LastPass into exposing usernames and passwords. LastPass explains that the problem stemmed from a "limited set of circumstances" that allowed for clickjacking. The good news is that the security flaw has been patched.

Continue reading

Cloud-based security module helps protect systems and ensure compliance

cloud encryption

Protecting sensitive data and meeting compliance rules is an issue for all companies. A new cloud-based module offers on-demand encryption to allow businesses to meet their security needs.

The hardware security module (HSM) from nCipher Security is called nShield and, delivered as a service, can be used in cloud-first strategies, selective cloud migration, or to add HSM capacity to handle workload spikes.

Continue reading

FireMon launches security process automation

Automation

As businesses dash towards digital transformation initiatives and the cloud, the pressure to secure both systems and data becomes more intense.

One answer to this is a security automation approach that enables growth while providing visibility across all cloud environments, responding to critical incidents and protecting for governance, risk and regulation compliance.

Continue reading

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.