Security

Offensive Security, the team behind the security-focused, Debian-based, penetration testing Linux distro Kali Linux. has set out the roadmap for the operating system for the months ahead.

This is the first time such a roadmap has been shared for Kali Linux, and it gives us a good idea of what to expect between now and 2020. The team says: "normally, we only really announce things when they are ready to go public, but a number of these changes are going to impact users pretty extensively so we wanted to share them early".

The majority of UK parents are in the dark when it comes to advising their children on a career in cybersecurity, research from cybersecurity training provider, SANS Institute, shows.

Although IT remains one of the top choices of career that parents would make for their children, parents have very little idea about the lucrative area of cybersecurity. This is exacerbating the skills gap in cyber security that the UK is currently facing -- with the industry not doing enough to promote itself.

AI is popping up in all sorts of things at the moment, but what happens when it goes wrong or is used for questionable purposes?

A new report from Malwarebytes Labs looks at how AI is being used, with a particular emphasis on cybersecurity, and at the concerns that are growing surrounding its use.

Business leaders want to be confident that their operations will continue running as normal without information being compromised. But in today’s fast-moving, interconnected world where the threat landscape is constantly evolving, security assurance programs often provide a false level of confidence.

The Information Security Forum (ISF) is releasing a new report, Establishing a Business-Focused Security Assurance Program which explores how individuals responsible for providing security assurance in their organization can meet the specific needs of business stakeholders.

If you're a Firefox user, now is the time to update your browser. A zero-day vulnerability has been discovered which is being actively exploited in targeted attacks.

The security hole was revealed via Google's Project Zero, and it affects ALL versions of Firefox. In short, if you have not updated to Firefox 67.0.3 or Firefox ESR 60.7.1, you need to do so right now.

Cybersecurity tools are often designed to work in isolation from each other and that can leave enterprise security operations fragmented as well as difficult and expensive to manage.

A new integrated platform called GreyMatter from ReliaQuest, launched today, aims to bring together technologies, processes and teams to provide greater visibility and control over enterprise security operations.

Security firm BitDefender has teamed up with the FBI, Europol and other agencies and created decryption software that enables ransomware victims to get their data back for free.

The tool can be used to retrieve files encrypted by the GandCrab family of ransomware which is thought to have originated in Russia. GandCrab has been active for around a year and a half, and hundreds of thousands of people have fallen victim to it.

A number of Linux and FreeBSD servers and systems are vulnerable to a denial of service vulnerability dubbed SACK Panic, as well as other forms of attack.

A total of three security flaws were discovered by Jonathan Looney of Netflix Information Security. A series of malicious packets sent to vulnerable system is all it takes to crash or slow them down -- a remotely-triggered kernel panic. Patches and workaround have been released to help plug the holes.

We've become pretty well accustomed to large scale data breaches over recent years. But that doesn’t mean that the numbers involved aren't still significant.

Web hosting comparison site HostingTribunal has put together an infographic looking at the 15 biggest breaches of the last 15 years.

Microsoft has issued a warning to Azure customers using Linux Exim email servers running Exim version 4.87 to 4.91.

The company explains that these versions of Exim are vulnerable to a critical Remote Code Execution (RCE) security flaw and need to be updated to prevent the spread of a worm.

There has been a lot of hype around AI to the point where some people are simply tuning it out. I think this is a mistake. While there are limits to what AI can do, there also are sophisticated attacks that we’d miss without it.

The need for AI is driven by three fundamental yet significant changes in the enterprise computing environment.

According to a new report, more than half of all C-suite executives (53 percent) and 28 percent of small business owners who suffered a data breach say that human error or accidental loss by an external vendor/source was the cause.

The annual data protection report from information security service Shred-It also finds 21 percent of executives and 28 percent of small business owners admit deliberate theft or sabotage by an employee/insider was the cause of the data breach.

Security firm Symantec was attacked by a hacker back in February, but the company did not reveal details of the incident.

The attack has been brought to light by Guardian Australia which has seen some of the data extracted by hackers. This comprises not only passwords, but what is thought to be a list of Symantec clients -- including government agencies. But Symantec is downplaying the data breach, dismissing it as a "minor incident".

Check Point Research, has released its Global Threat Index for May 2019 and is warning organizations to check and patch for the BlueKeep Microsoft RDP flaw in Windows 7 and Windows Server 2008 machines, to prevent the risk of it being exploited for ransomware and cryptomining attacks.

BlueKeep affects nearly a million machines accessible to the public internet and many more within organizations' networks. The vulnerability is critical because it requires no user interaction in order to be exploited. RDP is already an established, popular attack vector which has been used to install ransomware.

As businesses move more of their systems to the cloud to drive digital transformation and gain a competitive edge, IT security teams can struggle to retain the ability to secure data and manage risk.

Israeli startup Orca Security is announcing its Cloud Visibility Platform which uses patent-pending SideScanning technology to deliver comprehensive visibility into the security posture of an organization's cloud footprint in a matter of minutes.