Articles about Security

Impersonating a company's CEO or other senior executive has become a favorite technique for cybercriminals seeking to extract payments from businesses.

Historically this has been aimed at accounts payable departments, but the latest email threat report from FireEye shows attackers using two new variants to target payroll and supply chains.

Continue reading →

The average UK enterprise has downloaded over 21,000 software components with a known vulnerability in the past year alone, according to new data from Sonatype the DevSecOps automation specialist.

Sonatype's fifth annual State of the Software Supply Chain Report has studied over 12,000 enterprise development companies globally and shows that of the average 248,000 open source components downloaded by British business in 2018, 8.8 percent have a known security flaw.

Continue reading →

According to the results of a new survey 54 percent of enterprises think their organization's security is not mature enough to keep up with the rapid expansion of cloud apps.

The study from Symantec of over 1,200 security decision makers around the world shows that 53 percent of all enterprise computing workload has now been migrated to the cloud, but 93 percent of respondents report issues with keeping tabs on all their cloud workloads.

Continue reading →

We know that phishing attacks are gaining in sophistication and are one of the most popular ways of hackers and cybercriminals gaining access to an organization's systems.

But this type of attack is notoriously difficult to guard against using technology and employee awareness is a big part of any business' defense strategy. This is underlined by a new report from awareness training company KnowBe4 which looks at the level of risk and finds that 29.6 percent of organizations are 'phish-prone'.

Continue reading →

Privacy-focused ProtonMail has lashed out at Google, saying the "confidential mode" available in Gmail is "misleading" and "little more than a marketing strategy". It says that people "don't need to settle for fake privacy"

Pointing out that Gmail's confidential mode lack end-to-end encryption, ProtonMail says that the email service is "not secure or private". The company says that Gmail can still read your emails, and that expiring emails are not as secure as Google would have users believe.

Continue reading →

A Windows support tool bundled with Dell computers has a high-severity security hole that leaves millions of systems at risk of a privilege-escalation attack.

Dell has announced that both the Business and Home versions of its SupportAssist tool have a security vulnerability within the PC Doctor component that requires immediate patching. The discovery was made by SafeBreach, and there could be over 100 million systems that are affected.

Continue reading →

There been many concerns voiced about the privacy and security implications of many smart products. Some are well-founded, as a new admission from Google that its Nest Cams could be used to spy on people goes to show.

The problem does not center around hackers, but people who have sold or given away their Nest Cams. Even after the new owner performed a factory reset of the camera -- following Google's own instructions -- it was still possible for the original owner to access the camera feed.

Continue reading →

Web app and API exploits are among the leading threats to business at the moment. Organizations with a major web presence face malicious traffic and sophisticated bots trying to damage their brands.

In order to protect against these threats, Instart is launching a new Web App and API Protection (WAAP) platform. This is a cloud-based platform, powered by a single rules engine and a unified threat intelligence system, to defend against application vulnerabilities, sophisticated bots, and browser-based attacks.

Continue reading →

Offensive Security, the team behind the security-focused, Debian-based, penetration testing Linux distro Kali Linux. has set out the roadmap for the operating system for the months ahead.

This is the first time such a roadmap has been shared for Kali Linux, and it gives us a good idea of what to expect between now and 2020. The team says: "normally, we only really announce things when they are ready to go public, but a number of these changes are going to impact users pretty extensively so we wanted to share them early".

Continue reading →

The majority of UK parents are in the dark when it comes to advising their children on a career in cybersecurity, research from cybersecurity training provider, SANS Institute, shows.

Although IT remains one of the top choices of career that parents would make for their children, parents have very little idea about the lucrative area of cybersecurity. This is exacerbating the skills gap in cyber security that the UK is currently facing -- with the industry not doing enough to promote itself.

Continue reading →

AI is popping up in all sorts of things at the moment, but what happens when it goes wrong or is used for questionable purposes?

A new report from Malwarebytes Labs looks at how AI is being used, with a particular emphasis on cybersecurity, and at the concerns that are growing surrounding its use.

Continue reading →

Business leaders want to be confident that their operations will continue running as normal without information being compromised. But in today’s fast-moving, interconnected world where the threat landscape is constantly evolving, security assurance programs often provide a false level of confidence.

The Information Security Forum (ISF) is releasing a new report, Establishing a Business-Focused Security Assurance Program which explores how individuals responsible for providing security assurance in their organization can meet the specific needs of business stakeholders.

Continue reading →

If you're a Firefox user, now is the time to update your browser. A zero-day vulnerability has been discovered which is being actively exploited in targeted attacks.

The security hole was revealed via Google's Project Zero, and it affects ALL versions of Firefox. In short, if you have not updated to Firefox 67.0.3 or Firefox ESR 60.7.1, you need to do so right now.

Continue reading →

Cybersecurity tools are often designed to work in isolation from each other and that can leave enterprise security operations fragmented as well as difficult and expensive to manage.

A new integrated platform called GreyMatter from ReliaQuest, launched today, aims to bring together technologies, processes and teams to provide greater visibility and control over enterprise security operations.

Continue reading →

Security firm BitDefender has teamed up with the FBI, Europol and other agencies and created decryption software that enables ransomware victims to get their data back for free.

The tool can be used to retrieve files encrypted by the GandCrab family of ransomware which is thought to have originated in Russia. GandCrab has been active for around a year and a half, and hundreds of thousands of people have fallen victim to it.

Continue reading →