Security

A new study into the threats faced by US businesses produced by Securitas Security Services reveals that in many sectors businesses are concerned as much or more with physical threats such as shootings than they are with cyber security.

It also shows rising concern about the threats posed to organizations by insiders, of the 27 threat categories security executives consider to be a concern, 21 may be caused or carried out by an insider.

As owners of Dell computers will be only too aware, the company is no stranger to stuffing systems with bloatware. This is in itself is irritating, but when this bloatware includes a security vulnerability that could be exploited by hackers, the irritation becomes rather more serious.

The SupportAssist tool is supposed to provide an easy way to update drivers on Dell computers and laptops, as well as deleting unnecessary files and the like. However, it poses a security risk if you don't install the latest update from Dell to plug a vulnerability. The flaw (CVE-2019-3719) has been assigned a high severity rating of 8.0, and could enabled an attacker to take control of your computer.

In a survey of IT professionals, 55 percent of respondents reported that their enterprises receive at least 10,000 security alerts every day; of that group, 49 percent receive more than 1,000,000 security alerts each day. And, more to the point, 96 percent of respondents reported that their security teams feel stressed or frustrated over the volume of security alerts that come in.

It's more than mere humans can bear.

Privileged access management (PAM) delivers the greatest benefits when it is implemented as a mission rather than to satisfy a limited, one-time mandate. Achieving more complete and proactive protection for privileged accounts requires an ongoing program to add more platforms and accounts and to share more security data with other systems over time. It also requires paying as much, if not more, attention to how PAM affects people and processes as to technology issues.

Without proper ongoing governance, a PAM program can give an organization a false sense of security regardless of their investment in their initial PAM rollout. Here are the essential elements of ongoing PAM governance, why they are important, and how to get them right.

As Mozilla continues to try to make it safer than ever to use Firefox, the organization has updated its Add-on Policy so that any updates that include obfuscated code are explicitly banned.

Mozilla has also set out in plain terms its blocking process for add-ons and extensions. While there is nothing surprising here, the clarification should mean that there are fewer causes for disputes when an add-on is blocklisted.

People have been predicting the death of the password for some time, but it's still the case that most online accounts rely on them, even if supplemented by another feature like 2FA.

A new report from Avira to coincide with World Password Day shows that so far in 2019, there have been at least four major data breaches, each impacting more than 200 million records.

Social media phishing, primarily on Facebook and Instagram, has seen a 74.7 percent increase in the first quarter of 2019.

A new report on the current phishing landscape from predictive email defense company Vade Secure also shows that Microsoft has retained its spot as the most impersonated brand for four straight quarters, due to the potentially lucrative returns to be gained from Office 365 credentials.

A new report from endpoint management specialist 1E reveals 77 percent of IT decision makers polled believe that they are not well prepared to react to a serious data breach and 60 percent have experienced a security breach in the past two years.

The study conducted by Vanson Bourne polled 300 decision makers from from IT operations and 300 from IT security, and finds 80 percent say digital transformation increases cyber risk.

To mark today's World Password Day, access and identity management company OneLogin has released a report that shows IT professionals at US companies waste 2.5 months a year resetting internal passwords.

It also finds that almost half of US businesses (44 percent) take up to a month or more to deprovision ex-employees, while 28 percent take a full working week.

The UK government is looking to ensure the security of the Internet of Things as they become more prevalent in the home, possibly through the use of legislation.

The government says that it wants IoT devices to be secure by design and, having already published a code of practice paper, is now embarking on a five-week security consultation during which the Department for Digital, Culture, Media and Sport (DCMS) will consider regulatory proposals.

As supply chains become more integrated and businesses rely more on using the cloud, so the risk that they face also increases.

A new study commissioned by vendor monitoring company RiskRecon and conducted by the Cyentia Institute shows that 84 percent of organizations host critical or sensitive assets with third parties.

Security researchers have discovered an unprotected database stored on a Microsoft cloud server. The 24GB database includes personal information about 80 million households across the US.

The researchers from vpnMentor were working on a web mapping project when they made the discovery. They say that as the database they found left out in the open relates to American households which include multiple residents, the data breach could potentially affect hundreds of millions of people.

A new report into the financial services threat landscape shows that there has been a huge increase in the number of banking credential leaks, while instances of compromised credit cards increased by 212 percent year-on-year.

The report from threat protection platform IntSights reveals many of the leaked credentials came from the Collection #1 database of over 773 million unique email addresses and 21 million unique passwords released onto the Dark Web in January this year.

The latest data risk report from security company Varonis reveals that 53 percent of companies have at least 1,000 sensitive files open to all employees, putting them at risk of data breaches.

Keeping old sensitive data that risks fines under HIPAA, GDPR and the upcoming CCPA is a problem too. The report finds over half of data is stale and 87 percent of companies have over 1,000 stale sensitive files, with 71 percent having over 5,000 stale sensitive files.

Data privacy is a major concern for businesses, made more acute by the raft of new compliance and data protection rules appearing around the world.

Immuta is launching a platform with no-code, automated governance features that enable business analysts and data scientists to securely share and collaborate with data, dashboards, and scripts without fear of violating data policy and industry regulations.