Articles about Security

Privileged accounts can be a headache for organizations so you'd expect managing them to be a high priority for security teams. However, a new report from Thycotic reveals that 85 percent fail to achieve even basic privileged security hygiene.

In addition 55 percent have no idea how many privileged accounts they have or where they’re located, while over 50 percent of their privileged accounts never expire or get deprovisioned.

Continue reading →

According to the latest Data Breach Report from Risk Based Security the number of reported data breaches was up 56.4 percent in the first quarter of 2019 compared to the same period last year.

The increase in reporting could be a result of new legislation like GDPR that obliges businesses to be more open about security issues. The number of exposed records was also up by 28.9 percent. Already in 2019, there have been three breaches exposing 100 million or more records.

Continue reading →

Firewalls have been used to protect networks and endpoints from the very early days of the web. In recent years many people have been predicting its demise, yet the firewall is still with us.

Why is this and how has the firewall evolved to protect enterprises in the 21st century? We spoke to Ruvi Kitov, founder and CEO of network security specialist Tufin to find out.

Continue reading →

A new study into the threats faced by US businesses produced by Securitas Security Services reveals that in many sectors businesses are concerned as much or more with physical threats such as shootings than they are with cyber security.

It also shows rising concern about the threats posed to organizations by insiders, of the 27 threat categories security executives consider to be a concern, 21 may be caused or carried out by an insider.

Continue reading →

As owners of Dell computers will be only too aware, the company is no stranger to stuffing systems with bloatware. This is in itself is irritating, but when this bloatware includes a security vulnerability that could be exploited by hackers, the irritation becomes rather more serious.

The SupportAssist tool is supposed to provide an easy way to update drivers on Dell computers and laptops, as well as deleting unnecessary files and the like. However, it poses a security risk if you don't install the latest update from Dell to plug a vulnerability. The flaw (CVE-2019-3719) has been assigned a high severity rating of 8.0, and could enabled an attacker to take control of your computer.

Continue reading →

In a survey of IT professionals, 55 percent of respondents reported that their enterprises receive at least 10,000 security alerts every day; of that group, 49 percent receive more than 1,000,000 security alerts each day. And, more to the point, 96 percent of respondents reported that their security teams feel stressed or frustrated over the volume of security alerts that come in.

It's more than mere humans can bear.

Continue reading →

Privileged access management (PAM) delivers the greatest benefits when it is implemented as a mission rather than to satisfy a limited, one-time mandate. Achieving more complete and proactive protection for privileged accounts requires an ongoing program to add more platforms and accounts and to share more security data with other systems over time. It also requires paying as much, if not more, attention to how PAM affects people and processes as to technology issues.

Without proper ongoing governance, a PAM program can give an organization a false sense of security regardless of their investment in their initial PAM rollout. Here are the essential elements of ongoing PAM governance, why they are important, and how to get them right.

Continue reading →

As Mozilla continues to try to make it safer than ever to use Firefox, the organization has updated its Add-on Policy so that any updates that include obfuscated code are explicitly banned.

Mozilla has also set out in plain terms its blocking process for add-ons and extensions. While there is nothing surprising here, the clarification should mean that there are fewer causes for disputes when an add-on is blocklisted.

Continue reading →

People have been predicting the death of the password for some time, but it's still the case that most online accounts rely on them, even if supplemented by another feature like 2FA.

A new report from Avira to coincide with World Password Day shows that so far in 2019, there have been at least four major data breaches, each impacting more than 200 million records.

Continue reading →

Social media phishing, primarily on Facebook and Instagram, has seen a 74.7 percent increase in the first quarter of 2019.

A new report on the current phishing landscape from predictive email defense company Vade Secure also shows that Microsoft has retained its spot as the most impersonated brand for four straight quarters, due to the potentially lucrative returns to be gained from Office 365 credentials.

Continue reading →

A new report from endpoint management specialist 1E reveals 77 percent of IT decision makers polled believe that they are not well prepared to react to a serious data breach and 60 percent have experienced a security breach in the past two years.

The study conducted by Vanson Bourne polled 300 decision makers from from IT operations and 300 from IT security, and finds 80 percent say digital transformation increases cyber risk.

Continue reading →

To mark today's World Password Day, access and identity management company OneLogin has released a report that shows IT professionals at US companies waste 2.5 months a year resetting internal passwords.

It also finds that almost half of US businesses (44 percent) take up to a month or more to deprovision ex-employees, while 28 percent take a full working week.

Continue reading →

The UK government is looking to ensure the security of the Internet of Things as they become more prevalent in the home, possibly through the use of legislation.

The government says that it wants IoT devices to be secure by design and, having already published a code of practice paper, is now embarking on a five-week security consultation during which the Department for Digital, Culture, Media and Sport (DCMS) will consider regulatory proposals.

Continue reading →

As supply chains become more integrated and businesses rely more on using the cloud, so the risk that they face also increases.

A new study commissioned by vendor monitoring company RiskRecon and conducted by the Cyentia Institute shows that 84 percent of organizations host critical or sensitive assets with third parties.

Continue reading →

Security researchers have discovered an unprotected database stored on a Microsoft cloud server. The 24GB database includes personal information about 80 million households across the US.

The researchers from vpnMentor were working on a web mapping project when they made the discovery. They say that as the database they found left out in the open relates to American households which include multiple residents, the data breach could potentially affect hundreds of millions of people.

Continue reading →