Articles about Security

Secure identity company SecureAuth is launching enhancements to its solution with the announcement of Intelligent Identity Cloud.

This gives CISOs and IT professionals the ability to deploy the same capabilities in the cloud, on-premises, or as a hybrid of the two, addressing business demands of agility and dramatically improving identity security.

Continue reading →

Despite Apple mandating developers to build end-to-end encryption into their apps, a high number of apps don't comply, according to a new report.

The study from mobile security company Wandera analyzed more than 30,000 of the iOS apps most commonly used by employees and found that more than two-thirds of apps don't enable App Transport Security (ATS).

Continue reading →

Contact center data security specialist Semafone is making its Cardprotect available as a cloud solution in the US for the first time.

Companies now have the choice of running Cardprotect on premise, as a managed appliance, in a hybrid could or fully cloud solution. The new, cloud version enables a much faster, more scalable, flexible and cost-effective deployment, as there is no need for contact centers to purchase or manage equipment.

Continue reading →

A global survey of over 1,000 IT security decision makers by privileged access management specialist BeyondTrust reveals that 64 percent believe they've had either a direct or indirect breach due to employee access in the last year, and 62 percent believe they've had a breach due to vendor access.

Employee behavior continues to be a challenge for a majority of organizations. Writing down passwords, for example, is cited as a problem by 60 percent of organizations, while colleagues telling each other passwords was also an issue for 58 percent of organizations in 2019.

Continue reading →

Medical testing firm and clinical laboratory Quest Diagnostics has revealed that a data breach has led to the records of nearly 12 million of its customers being exposed. The data includes financial data, Social Security numbers and medical information.

Quest Diagnostics was itself not the target of hackers, but the American Medical Collection Agency (AMCA) was. The company is used by Optum360 for billing collections services, and Optum360 is used by Quest Diagnostics.

Continue reading →

New data from digital identity platform ForgeRock reveals that data breaches cost US organizations over $654 billion as well as exposing more than 2.8 billion consumer records.

Personally identifiable information (PII) was the most targeted data for breaches in 2018, accounting for 97 percent of all breaches, with unauthorized access encompassing 34 percent of all attacks.

Continue reading →

Despite businesses investing in next-gen technologies, phishing threats continue to become more sophisticated and effective according to a new report.

The study from intelligent phishing defense company Cofense shows how threat actors, armed with an ever-growing arsenal of tactics and techniques, continue to tweak their campaigns and enhance their capacity to deliver malware, ultimately getting more messages past perimeter controls to user inboxes.

Continue reading →

Traditionally, network architectures were designed and secured according to the "castle-and-moat" model. Like a medieval fortress, an enterprise data center was imagined to have impregnable and unbreachable walls. All traffic entering or exiting would pass through a single access point, where a security gateway appliance would sit, like a knight in shining armor. This device would police the network traffic on a packet-by-packet basis, allowing traffic it deemed ‘safe’ unrestricted access to the network’s trusted interior.

Although this model is as outdated as chain mail is for 21st-century military combat, its legacy endures in assumptions and presuppositions that can prevent business decision makers from choosing the most effective cybersecurity tools and solutions for today’s complex threat landscape.

Continue reading →

New research from threat detection specialist Senseon looking at the state of cyber security in SMEs reveals increasing uncertainty about whether the investment into the security solutions they’re currently using is worth the cost.

The survey also reveals that SMEs have been slow to implement AI solutions, despite the vast majority of SMEs surveyed (81 percent) thinking that AI will be fundamental to the future of cyber security.

Continue reading →

Two weeks after warning about a critical Remote Code Execution vulnerability in Remote Desktop Services, Microsoft is concerned that around a million internet-connected computers remain unpatched and vulnerable to attack.

The company says that there is a risk that CVE-2019-0708, or BlueKeep, could turn into the next WannaCry if steps aren't taken to secure systems. While there is not yet any sign of a worm that exploits the vulnerability, proofs of concept do exist, and it could only be a matter of time before this changes. Microsoft is taking the matter so seriously, that it even released security patches for the unsupported Windows XP, Vista and 2003 -- people just need to install them.

Continue reading →

Using code from the famous Mirai worm and the Azazel rootkit, HiddenWasp is a newly discovered malware strain targeting Linux systems.

HiddenWasp is slightly unusual in having Linux in its sights, and the targeted remote control tool is able to avoid detection by all major antivirus software. The malware is described as "sophisticated" as it comprises a deployment script, a trojan and a rootkit. This an  advanced backdoor attack tool that allows for complete remote control of a system.

Continue reading →

A new survey of more than 3,000 people around the world finds 46 percent of employees access personal documents on their work device without the IT department's permission.

The study from Snow Software also shows 41 percent of global employees are going behind IT's back to get professional software and applications.

Continue reading →

Cloudflare's 1.1.1.1 DNS switching tool has proved very popular with iOS and Android users looking to take control of their internet connections, and there was much excitement when the company announced that it would be releasing a free VPN tool called Warp.

At the moment, there is a lengthy waiting list for the free VPN (I'm number 278100 on the list, for instance) but we've been given a sneak peak at what to expect. Leaked screenshots show off the free VPN, and a video gives you an idea of the sort of performance you can expect.

Continue reading →

One of the best ways of preventing sensitive files from falling into the wrong hands is to encrypt them, but the process of encrypting and decrypting can be a chore, especially if you want to share the information.

VPN service NordVPN is set to launch its own NordLocker security tool, designed to safeguard files whether they are stored locally or in the public cloud, and make them easy to share.

Continue reading →

In 2019, cyber threats are occurring at a rapid pace. In fact, cyber attacks are the fastest growing crime globally and are continuously increasing in sophistication, size, and impact. At the same time, the number of qualified cybersecurity professionals is dwindling. In a recent blog post, Ann Johnson, the head of Microsoft’s cybersecurity solutions group, used estimated data from the research firm Cybersecurity Ventures to project a shortage of about 3.5 million qualified cybersecurity workers by 2022.

Artificial intelligence (AI) can serve as a helpful tool in cybersecurity. AI can help businesses of all sizes and across many industries better prepare for impending security threats. Here are three of the most impactful benefits of AI in online security:

Continue reading →