Articles about Security

Microsoft has released a pair of emergency patches, one for a remote code execution zero-day in Internet Explorer, and one for a denial of service vulnerability in Windows Defender.

In the case of Internet Explorer, the security flaw -- discovered by Clément Lecigne from Google's Threat Analysis Group -- is being actively exploited. Microsoft describes it as a "scripting engine memory corruption vulnerability", and has assigned it CVE-2019-1367.

Continue reading →

I recently heard an executive describe how his team essentially threw its vulnerability report in the trash every time they received one. This seemed a bit extreme, but he informed a group of conference attendees that it wasn’t because the vulnerability reports didn’t contain important information -- it was because they have become so overwhelming.

Vulnerability management vendors today are routinely scanning for more than 100,000 vulnerabilities. Imagine the strain that places on an organization if even only a fraction of these vulnerabilities are found within their network. Then consider the feeling associated with the knowledge that there is no possible way to address them all in an effective time frame that will ensure that you are not at risk.

Continue reading →

A new study from Optiv Security shows that 58 percent of CISOs think experiencing a data breach makes them more attractive to potential employers.

The survey results show a fundamental change in how senior executives and board members perceive cybersecurity, with 96 percent agreeing that senior executives have a better understanding than they did five years ago.

Continue reading →

A new network-based internet security solution from Comcast is specifically engineered to help small businesses effectively manage the growing risk of cyberattacks.

Comcast Business SecurityEdge works to protect devices connected to a business' Wi-Fi network against existing and emerging internet-related threats, including malware, ransomware, phishing and botnet infections, without requiring additional hardware or software beyond the Comcast Business Internet modem.

Continue reading →

According to a new study 90 percent of IT professionals believe disclosing vulnerabilities serves a broader purpose of improving how software is developed, used and fixed.

The survey from application security testing specialist Veracode finds more than a third of companies received an unsolicited vulnerability disclosure report in the past 12 months, representing an opportunity to work together with the reporting party to fix the vulnerability and then disclose it, improving overall security.

Continue reading →

The sophistication level of bots attacking eCommerce sites is on the rise according to a new report from cybersecurity company Imperva.

Traffic to eCommerce sites is made up of 17.7 percent bad bots, 13.1 percent good bots and 69.2 percent humans, the findings show, and the bad bots are getting better -- but not in a good way.

Continue reading →

The rise of cyber-attacks in the last few years is stunning. The list of targeted organizations includes big name retailers like Macy’s, social sites like Twitter, banks, hospitals, utility companies, governments, military installations… no organization is exempt from this growing threat.

It’s a massive -- and expensive -- problem to fix. The cyber security market is predicted to grow from $150 billion in 2018 to $250 billion by 2023, to help protect apps and businesses from these risks. One of the most common, yet potentially highly dangerous, risks is known as Cross-Site Request Forgery or CSRF.

Continue reading →

Ransomware attacks are a major problem and they often gain access to systems via brute-force attacks against open and exposed remote access points such as Remote Desktop Protocol.

Cloud-native virtual application delivery platform Cameyo is launching its new RDP Port Shield security technology, along with a free, open source monitoring tool that any organization can use to identify attacks taking place over RDP in their environment.

Continue reading →

Human error has become one of the biggest contributors to data breaches. Organizations have traditionally relied on the effectiveness of technology controls but haven't addressed the fundamental reasons why humans make mistakes and are susceptible to manipulation.

A new report from the Information Security Forum finds that by helping staff understand how these vulnerabilities can lead to poor decision making and errors, organizations can better manage risk.

Continue reading →

Researchers at cybersecurity company Symantec have uncovered a new threat group dubbed 'Tortoiseshell' that is attacking IT providers.

The research has identified 11 targets, most of them in Saudi Arabia. In two cases hundreds of hosts were infected, probably because the attackers were hunting for machines that were of particular interest.

Continue reading →

The healthcare sector collects a lot of detailed information about its clients and that makes it a prime target for cybercriminals.

A new report from SecurityScorecard confirms this, aggregating data from a number of different sources it reveals that healthcare remains the most breached industry.

Continue reading →

Security researchers at TrendMicro have discovered a rootkit-like strain of malware that is striking Linux users. Called Skidmap, the malware is a cryptocurrency miner, but there is much more to it than that.

Skidmap is clever. Very clever. It goes out of its way to disguise itself, going as far as faking system statistics to hide the tell-tale high CPU usage that might give it away. More than this, the Monero-mining malware can also give attackers unlimited access to an infected system.

Continue reading →

The browser extensions for password management tool LastPass suffered from a vulnerability that meant users' passwords could be leaked, a Google Project Zero researcher reported.

Affecting the Chrome and Opera extensions, the vulnerability meant that malicious websites could trick LastPass into exposing usernames and passwords. LastPass explains that the problem stemmed from a "limited set of circumstances" that allowed for clickjacking. The good news is that the security flaw has been patched.

Continue reading →

Protecting sensitive data and meeting compliance rules is an issue for all companies. A new cloud-based module offers on-demand encryption to allow businesses to meet their security needs.

The hardware security module (HSM) from nCipher Security is called nShield and, delivered as a service, can be used in cloud-first strategies, selective cloud migration, or to add HSM capacity to handle workload spikes.

Continue reading →

As businesses dash towards digital transformation initiatives and the cloud, the pressure to secure both systems and data becomes more intense.

One answer to this is a security automation approach that enables growth while providing visibility across all cloud environments, responding to critical incidents and protecting for governance, risk and regulation compliance.

Continue reading →