Security

According to a new study 90 percent of IT professionals believe disclosing vulnerabilities serves a broader purpose of improving how software is developed, used and fixed.

The survey from application security testing specialist Veracode finds more than a third of companies received an unsolicited vulnerability disclosure report in the past 12 months, representing an opportunity to work together with the reporting party to fix the vulnerability and then disclose it, improving overall security.

The sophistication level of bots attacking eCommerce sites is on the rise according to a new report from cybersecurity company Imperva.

Traffic to eCommerce sites is made up of 17.7 percent bad bots, 13.1 percent good bots and 69.2 percent humans, the findings show, and the bad bots are getting better -- but not in a good way.

The rise of cyber-attacks in the last few years is stunning. The list of targeted organizations includes big name retailers like Macy’s, social sites like Twitter, banks, hospitals, utility companies, governments, military installations… no organization is exempt from this growing threat.

It’s a massive -- and expensive -- problem to fix. The cyber security market is predicted to grow from $150 billion in 2018 to $250 billion by 2023, to help protect apps and businesses from these risks. One of the most common, yet potentially highly dangerous, risks is known as Cross-Site Request Forgery or CSRF.

Ransomware attacks are a major problem and they often gain access to systems via brute-force attacks against open and exposed remote access points such as Remote Desktop Protocol.

Cloud-native virtual application delivery platform Cameyo is launching its new RDP Port Shield security technology, along with a free, open source monitoring tool that any organization can use to identify attacks taking place over RDP in their environment.

Human error has become one of the biggest contributors to data breaches. Organizations have traditionally relied on the effectiveness of technology controls but haven't addressed the fundamental reasons why humans make mistakes and are susceptible to manipulation.

A new report from the Information Security Forum finds that by helping staff understand how these vulnerabilities can lead to poor decision making and errors, organizations can better manage risk.

Researchers at cybersecurity company Symantec have uncovered a new threat group dubbed 'Tortoiseshell' that is attacking IT providers.

The research has identified 11 targets, most of them in Saudi Arabia. In two cases hundreds of hosts were infected, probably because the attackers were hunting for machines that were of particular interest.

The healthcare sector collects a lot of detailed information about its clients and that makes it a prime target for cybercriminals.

A new report from SecurityScorecard confirms this, aggregating data from a number of different sources it reveals that healthcare remains the most breached industry.

Security researchers at TrendMicro have discovered a rootkit-like strain of malware that is striking Linux users. Called Skidmap, the malware is a cryptocurrency miner, but there is much more to it than that.

Skidmap is clever. Very clever. It goes out of its way to disguise itself, going as far as faking system statistics to hide the tell-tale high CPU usage that might give it away. More than this, the Monero-mining malware can also give attackers unlimited access to an infected system.

The browser extensions for password management tool LastPass suffered from a vulnerability that meant users' passwords could be leaked, a Google Project Zero researcher reported.

Affecting the Chrome and Opera extensions, the vulnerability meant that malicious websites could trick LastPass into exposing usernames and passwords. LastPass explains that the problem stemmed from a "limited set of circumstances" that allowed for clickjacking. The good news is that the security flaw has been patched.

Protecting sensitive data and meeting compliance rules is an issue for all companies. A new cloud-based module offers on-demand encryption to allow businesses to meet their security needs.

The hardware security module (HSM) from nCipher Security is called nShield and, delivered as a service, can be used in cloud-first strategies, selective cloud migration, or to add HSM capacity to handle workload spikes.

As businesses dash towards digital transformation initiatives and the cloud, the pressure to secure both systems and data becomes more intense.

One answer to this is a security automation approach that enables growth while providing visibility across all cloud environments, responding to critical incidents and protecting for governance, risk and regulation compliance.

The second quarter of 2019 saw DNS amplification DDoS attacks up more than 1,000 percent over the same period last year according to the latest threat report from Nexusguard.

Nexusguard researchers attribute Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65 percent of the attacks last quarter according to the team's evaluation of thousands of worldwide DDoS attacks.

People are spending more of their time and managing more of their lives on the internet, so it's little wonder that the web is a rich hunting ground for cybercriminals and scammers.

In order to make using the internet safer, Malwarebytes is launching Browser Guard, a free browser extension aimed at safeguarding consumers from scammers, and allowing them to browse up to four times faster.

Sandboxie -- the sandboxing tool with the tagline "Trust no program" -- has been made into a free utility. But more than this, Sophos also plans to make the software open source in the near future.

The company says that it was a difficult decision to make, pointing out that Sandboxie has never been a significant component of its business. While simply shutting down the app would have been the easiest and cheapest thing to do, Sophos says: "we love the technology too much to see it fade away".

Cyber criminals have upped the intensity of IoT attacks and those using Windows SMB in the first half of 2019, according to a new F-Secure report.

F-Secure's honeypot servers measured a twelvefold increase in such events compared to the same period a year ago. The increase was driven by traffic targeting the Telnet and UPnP protocols, which are used by IoT devices, as well as the SMB protocol, which is used by the Eternal family of exploits to propagate ransomware and banking Trojans.