Articles about Security

Following numerous complaints from users concerned that the Circles feature of Twitter was broken, the company has conceded that tweets that were supposed to be visible to only a select number of people were in fact accessible by anyone.

The idea of Twitter Circles is that messages can be seen only by people who have been added to a Circle. But Twitter has now revealed "a security incident that occurred earlier this year" that ignored privacy settings.

Continue reading →

Improving your organization’s cyber security posture is essential to maintain brand trust. The challenge for the C-suite is to look at both the big picture and the finite details, translating your overall strategy for managing risk into actionable processes and priorities that will, over time, lower your risk exposure.

Qualys’ Threat Research Unit (TRU) looked at trillions of anonymized data points gathered from across our customer base to analyze where the biggest risk areas were for businesses. Based on this data, we can see specific areas where you can help your team increase their performance effectiveness, as well as how these changes add up to a significant improvement in security results overall. Building on these details will  improve how you manage risk, reduce your attack surface and maintain trust with your customers.

Continue reading →

A study from Immersive Labs finds that while businesses have high confidence in their overall resilience, teams are insufficiently prepared for threats.

The study, carried out by Forrester, surveyed 316 global cybersecurity training strategy decision-makers in the UK, US, Canada, Germany, and Sweden, finds that 82 percent agree they could have mitigated some to all of the damage of their most significant cyber incident in the last year if they were better prepared.

Continue reading →

Honeypots have been around for years and are a tried and tested cybersecurity mechanism. By creating a fake environment with attractive assets, organizations use honeypots to lure attackers into a trap where their actions can be studied and learned from to improve cybersecurity measures. Simultaneously, they are protecting the business’ real assets by preoccupying the attacker with the decoys.

However, honeypots have a narrow field of view as the only activity that they detect is those that target them directly. If an attacker gains access to a network, but not through the honeypot, the business would be none the wiser. It is, therefore, crucial to have more than one honeypot -- a honeynet -- to make it effective. Yet, honeypots are very time-consuming to apply as they need to be installed in networks and systems in data centers. It can take as long as an hour to install just one and it lacks any level of scalability.

Continue reading →

Security teams today are contending with an ever-increasing attack surface and an exponentially growing volume of vulnerabilities. Yet most teams are still equipped with the cybersec equivalent of a bucket to shovel out an ocean of CVEs. Buying them another shiny new bucket pales in comparison to plugging the actual leak in your ship (or enterprise).

Vulnerabilities can’t all be patched, so prioritizing these based on business risk is the most grounded approach. While leading security teams have begun to implement more advanced vulnerability management (VM) programs, others are struggling with outdated, manually intensive and less effective ways of managing vulnerabilities without context or insights on the true risk they pose. This can only work for so long, as it requires the continuous process of monitoring, discovering, analyzing, and remediating vulnerabilities across all potential attack vectors. Even then, good old human error sneaks its way in.

Continue reading →

Google has released an important update for its Authenticator app. The latest versions of Google Authenticator for iOS and Android can now synchronize one-time codes to the cloud.

In offering Google Account synchronization, the 2FA tool is now easier to use across multiple devices. This is something Google points out as being useful in the case of a lost or stolen device.

Continue reading →

Proton, the company behind the security- and privacy-focused Proton Mail and Proton VPN, has launched a beta version of its new password manager.

Going under the unsurprising moniker of Proton Pass, the software is described as "perhaps the first one built by a dedicated encryption and privacy company". What this means in practice is that security is greater than in other password managers, with end-to-end encryption on all fields of forms.

Continue reading →

Many security professionals have been misled into believing in the overhyped promise of agentless security. But it looks like the long-lasting 'agentless vs. agent' debate is finally over and the result is finally in -- if you want great cloud workload security, you need an agent.

This noteworthy outcome arose when two of the leading agentless-only vendors finally gave in and announced partnerships with agent-based runtime security and CWPP (cloud workload protection platform) vendors. This is big news, because both of these companies had previously, and persistently proclaimed, that agents are 'old school' and that 'agent-based security is dead'.

Continue reading →

Enterprise browser specialist Talon Cyber Security has announced that it has integrated its secure enterprise browser with the Microsoft Azure OpenAI Service to provide enterprise-grade ChatGPT access to customers.

This allows organizations to maintain data protection, keeping data put into ChatGPT within their perimeter and preventing it from transferring to third-party services. When using ChatGPT in Azure OpenAI Service, the organization uses its own Azure resources, so sensitive data is not delivered to other locations, improving data security and reducing risk.

Continue reading →

As information technology and operational technology increasingly converge it presents new challenges for organizations needing to keep their systems secure.

There's also been something of a shift in the focus of attacks with more emphasis on causing business disruption and damaging reputations.

Continue reading →

As enterprises move to cloud and hybrid models they face a range of new challenges in protecting their data.

A new study from Enterprise Strategy Group (ESG), released by Commvault and Microsoft, finds that 53 percent of respondents say their IT environment was more complex than it was two years ago.

Continue reading →

In the 12 months from April 2022 to March 2023 the US and UK were the countries that suffered the most ransomware attacks.

However, the latest Malwarebytes ransomware report shows that the USA suffered a little over seven times more attacks in the last twelve months than the UK. It's perhaps not a coincidence that the USA's economic output, measured by gross domestic product (GDP), is also about seven times larger than the UK's.

Continue reading →

A new report from cyber asset visibility and management company JupiterOne shows numbers of enterprise cyber assets have increased by 133 percent year-on-year, from an average of 165,000 in 2022 to 393,419 in 2023.

Organizations have also seen the number of security vulnerabilities, or unresolved findings, increase by 589 percent according to the report which analyzed more than 291 million assets, findings, and policies to establish the current state of enterprise cloud assets, including cloud and physical environments of devices, networks, apps, data, and users.

Continue reading →

As cloud and SaaS use grows a major challenge for IT, security and compliance teams is the lack of visibility into their organization's SaaS ecosystem.

Metomic is launching a new, free cybersecurity tool that scans Google Drive accounts to find sensitive data and information lurking in Google Docs and files. After entering a Gmail address and password, Google Drive Risk Report will scan the Google Drive connected to the address and, in a matter of seconds, generate a report.

Continue reading →

Microsoft has released the cumulative KB5025239 update for Windows 11 22H2, bringing with it not only security and bug fixes, but also general improvements and new features.

Among the highlights are the addition of the new Windows Local Administrator Password Solution (LAPS) as a Windows inbox feature. This update also adds new notifications about Microsoft account to the Start menu, improves Microsoft Defender for Endpoint, and provides easy access to the Bing chat experience in Microsoft Edge via the taskbar.

Continue reading →