Articles about Security

Although many transactions are now carried out online, contact centers remain an important tool for businesses.

Call and contact center payment security solutions provider Semafone has had its latest Cardprotect (version 4) product validated by the Payment Card Industry Security Standards Council (PCI SSC) against the latest version of the Payment Application Data Security Standard (PA-DSS). This makes it one of the only companies in the industry to provide this level of certification.

Continue reading →

A new study from Webroot that examines the cyber hygiene habits of 10,000 Americans, 200 in each state, reveals that 88 percent feel they take the right steps to protect themselves from cyberattacks.

However, just 10 percent scored 90 percent or higher on a cyber hygiene test, with the average respondent getting only 60 percent.

Continue reading →

Cryptocurrency exchange Binance has been struck by hackers who were able to make off with $40 million worth of Bitcoin.

The exchange suffered what it describes as a "large scale security breach" in which attackers were able to obtain "a large number of user API keys, 2FA codes, and potentially other info". CEO Zhao Changpeng says that 7,000 BTC were withdrawn in a single transaction and the attack which was perpetrated using a variety of methods.

Continue reading →

The dark web is, by its very nature something of an object of mystery. It's easy to think of it as a huge, closed community hidden from the world in dusty corners of the internet. But what's the reality?

Threat intelligence specialist Recorded Future has done some research to try to understand the dark web's true nature.

Continue reading →

Container security company NeuVector is releasing new security risk assessment capabilities for enterprises using Kubernetes in production environments.

The features, added to its existing container security offering, include new dashboard widgets and downloadable reports to provide security risk scores for the most critical run-time attack risks, network-based attacks and vulnerability exploits in containers.

Continue reading →

Privileged accounts can be a headache for organizations so you'd expect managing them to be a high priority for security teams. However, a new report from Thycotic reveals that 85 percent fail to achieve even basic privileged security hygiene.

In addition 55 percent have no idea how many privileged accounts they have or where they’re located, while over 50 percent of their privileged accounts never expire or get deprovisioned.

Continue reading →

According to the latest Data Breach Report from Risk Based Security the number of reported data breaches was up 56.4 percent in the first quarter of 2019 compared to the same period last year.

The increase in reporting could be a result of new legislation like GDPR that obliges businesses to be more open about security issues. The number of exposed records was also up by 28.9 percent. Already in 2019, there have been three breaches exposing 100 million or more records.

Continue reading →

Firewalls have been used to protect networks and endpoints from the very early days of the web. In recent years many people have been predicting its demise, yet the firewall is still with us.

Why is this and how has the firewall evolved to protect enterprises in the 21st century? We spoke to Ruvi Kitov, founder and CEO of network security specialist Tufin to find out.

Continue reading →

A new study into the threats faced by US businesses produced by Securitas Security Services reveals that in many sectors businesses are concerned as much or more with physical threats such as shootings than they are with cyber security.

It also shows rising concern about the threats posed to organizations by insiders, of the 27 threat categories security executives consider to be a concern, 21 may be caused or carried out by an insider.

Continue reading →

As owners of Dell computers will be only too aware, the company is no stranger to stuffing systems with bloatware. This is in itself is irritating, but when this bloatware includes a security vulnerability that could be exploited by hackers, the irritation becomes rather more serious.

The SupportAssist tool is supposed to provide an easy way to update drivers on Dell computers and laptops, as well as deleting unnecessary files and the like. However, it poses a security risk if you don't install the latest update from Dell to plug a vulnerability. The flaw (CVE-2019-3719) has been assigned a high severity rating of 8.0, and could enabled an attacker to take control of your computer.

Continue reading →

In a survey of IT professionals, 55 percent of respondents reported that their enterprises receive at least 10,000 security alerts every day; of that group, 49 percent receive more than 1,000,000 security alerts each day. And, more to the point, 96 percent of respondents reported that their security teams feel stressed or frustrated over the volume of security alerts that come in.

It's more than mere humans can bear.

Continue reading →

Privileged access management (PAM) delivers the greatest benefits when it is implemented as a mission rather than to satisfy a limited, one-time mandate. Achieving more complete and proactive protection for privileged accounts requires an ongoing program to add more platforms and accounts and to share more security data with other systems over time. It also requires paying as much, if not more, attention to how PAM affects people and processes as to technology issues.

Without proper ongoing governance, a PAM program can give an organization a false sense of security regardless of their investment in their initial PAM rollout. Here are the essential elements of ongoing PAM governance, why they are important, and how to get them right.

Continue reading →

As Mozilla continues to try to make it safer than ever to use Firefox, the organization has updated its Add-on Policy so that any updates that include obfuscated code are explicitly banned.

Mozilla has also set out in plain terms its blocking process for add-ons and extensions. While there is nothing surprising here, the clarification should mean that there are fewer causes for disputes when an add-on is blocklisted.

Continue reading →

People have been predicting the death of the password for some time, but it's still the case that most online accounts rely on them, even if supplemented by another feature like 2FA.

A new report from Avira to coincide with World Password Day shows that so far in 2019, there have been at least four major data breaches, each impacting more than 200 million records.

Continue reading →

Social media phishing, primarily on Facebook and Instagram, has seen a 74.7 percent increase in the first quarter of 2019.

A new report on the current phishing landscape from predictive email defense company Vade Secure also shows that Microsoft has retained its spot as the most impersonated brand for four straight quarters, due to the potentially lucrative returns to be gained from Office 365 credentials.

Continue reading →