Articles about Security

Security analysts in US enterprises spend around a quarter of their time chasing false positives because security alerts or indicators of compromise (IOCs) are erroneous.

This is among the findings of research carried out by Exabeam and the Ponemon Institute which also shows that security teams must evaluate and respond to nearly 4,000 security alerts per week.

Continue reading →

Cisco has agreed to pay $8.6 million to settle a claim that it sold video surveillance software to the American government even though it was aware it contained security vulnerabilities.

A total of fifteen US states filed a case under the False Claims Act after Homeland Security, the Secret Service, the Army, the Navy, the Marines, the Air Force and the Federal Emergency Management Agency all purchased flawed software from Cisco. Rather than improving security as desired, the complainants said that Cisco's software actually made systems less secure.

Continue reading →

In the modern world it's vital for businesses to know what software they have, and where vulnerabilities lie. Flexera already assists IT and security teams to do this with its Software Vulnerability Manager, and it's now launching new modules to help address threats.

It's produced two new modules for SVM. The first of these is the Vendor Patch Module, which allows organizations to take advantage of insights and mitigate them more quickly, by using comprehensive patch coverage -- with more than 1,000 out-of-the-box patches. Additionally, the Vendor Patch Module delivers details to help companies more easily create over 1,000 additional patches.

Continue reading →

NordVPN has announced an important new option for users of the Linux version of its eponymous VPN tool. The company is introducing a new technology called NordLynx which is based on the WireGuard protocol.

The company says that it successfully combines the highspeed connection offered by WireGuard with NordVPN's own privacy-protecting double NAT system.

Continue reading →

As we have seen in another report today, the financial sector remains a prime target for cybercriminals. Phishing attacks and credential stuffing are the two most common forms of attack used against the industry according to another report from Akamai.

In the six months between December 2018 and May 2019, nearly 200,000 phishing domains were discovered by the research and 50 percent of all unique organizations impacted are from the financial services sector.

Continue reading →

The finance industry is a prime target for cyberattacks and a new report from F-Secure shows that it's facing a wide range of threats that go far beyond traditional theft.

Attacks targeting banks, insurance companies, asset managers and similar organizations can range from common script-kiddies to organized criminals and state-sponsored actors. And these attackers have an equally diverse set of motivations for their actions, with many seeing the finance sector as a tempting target due to its importance in national economies.

Continue reading →

A new report reveals that 32 percent of businesses still have Windows XP installed on at least one device on their network and 79 percent of businesses are running Windows 7, which will reach its end of service in January 2020, on one or more devices.

The study from IT industry marketplace Spiceworks also shows many businesses are turning to next-generation security solutions like AI-powered threat intelligence and security-as-a-service to face security threats and vulnerabilities including outdated operating systems, limited use of encryption, and a lack of in-house security expertise.

Continue reading →

According to a new report, 53 percent of enterprise security leaders don't know if their security tools are working, despite massive spending.

The study carried out for continuous validation specialist AttackIQ by the Ponemon Institute shows companies surveyed are spending an average of $18.4 million annually on cybersecurity and 58 percent will be increasing their IT security budget by an average of 14 percent in the next year.

Continue reading →

Containerization has seen rapid adoption in recent years, but a new study from container security specialist StackRox reveals organizations struggling with security issues.

The report shows that while two-thirds of organizations have more than 10 percent of their applications containerized, 40 percent of them remain concerned that their container strategy doesn't adequately invest in security. Another 34 percent say that their strategy lacks sufficient detail.

Continue reading →

A hacker has been arrested following a massive data breach at Capital One. The attacker -- Paige A Thompson, also known as "erratic" -- was able to access the credit applications of 100 million Americans and 6 million Canadians after exploiting a "configuration vulnerability".

In most cases, personal details such as name, date of birth, address and phone number were exposed by Thompson, but for tens of thousands of individuals, she also gained access to credit scores, Social Security numbers and account balances.

Continue reading →

Security and compliance specialist Qualys is announcing today that it's making its Global IT Asset Discovery and Inventory app available to all businesses for free.

With the app users can automatically create a continuous, real-time inventory of known and unknown assets across a global IT footprint. The assets can be anything from on-premises, endpoints, multi-cloud, mobile, containers, OT and IoT.

Continue reading →

Working in a security operations center is stressful, so much so that 65 percent of analysts report having considered changing careers or quitting their jobs.

This is among the findings of a new study carried out by the Ponemon Institute for data analytics platform Devo Technology, which also finds that 49 percent say their SOC is not fully aligned with business needs.

Continue reading →

Anyone using Office 365's webmail component to send emails is unwittingly sharing their IP address with the people they communicate with.

The web-based Outlook 365 inserts the sender's IP address into the header of an email, which makes it stand apart from other webmail services such as Gmail -- and even Microsoft's own Outlook.com. While the injected IP address serves something of a purpose, it's also a privacy and security risk that many users may not be aware of.

Continue reading →

Most small and medium businesses are seriously underestimating their vulnerability to cyberattacks according to a new study.

The report from password manager company Keeper Security shows that 66 percent don't think they will fall victim to an attack. But this confidence is contradicted by a study last year that showed 67 percent of SMBs had been attacked in the past year.

Continue reading →

The latest mid-year Cyber Attack Trends Report from Check Point shows mobile banking malware attacks are up 50 percent compared to the first half of 2018, while the number of organizations hit by cryptominers is down to 26 percent, from 41 percent last year.

Among the top banking malware variants are Ramnit (28 percent), a Trojan that steals banking credentials, FTP passwords, session cookies and personal data; Trickbot (21 percent), which first emerged in October 2016; and Ursnif (10 percent) a Trojan that targets the Windows platform.

Continue reading →