Articles about Security

A new report from cyber asset visibility and management company JupiterOne shows numbers of enterprise cyber assets have increased by 133 percent year-on-year, from an average of 165,000 in 2022 to 393,419 in 2023.

Organizations have also seen the number of security vulnerabilities, or unresolved findings, increase by 589 percent according to the report which analyzed more than 291 million assets, findings, and policies to establish the current state of enterprise cloud assets, including cloud and physical environments of devices, networks, apps, data, and users.

Continue reading →

As cloud and SaaS use grows a major challenge for IT, security and compliance teams is the lack of visibility into their organization's SaaS ecosystem.

Metomic is launching a new, free cybersecurity tool that scans Google Drive accounts to find sensitive data and information lurking in Google Docs and files. After entering a Gmail address and password, Google Drive Risk Report will scan the Google Drive connected to the address and, in a matter of seconds, generate a report.

Continue reading →

Microsoft has released the cumulative KB5025239 update for Windows 11 22H2, bringing with it not only security and bug fixes, but also general improvements and new features.

Among the highlights are the addition of the new Windows Local Administrator Password Solution (LAPS) as a Windows inbox feature. This update also adds new notifications about Microsoft account to the Start menu, improves Microsoft Defender for Endpoint, and provides easy access to the Bing chat experience in Microsoft Edge via the taskbar.

Continue reading →

It used to be the case that all you had to worry about with ransomware was encrypted data, but the latest Cyberthreat Defense Report (CDR) from CyberEdge Group reveals that last year 78 percent of ransomware victims faced the consequences of one, two or three additional threats unless they paid the ransom.

Additional threats include launching distributed denial of service (DDoS) attacks (42 percent), notifying customers or the media of the data breach (42 percent), and publicly releasing exfiltrated data (40 percent).

Continue reading →

When asked to select the most significant cyber threats to their organizations, browsing Threats topped the list, with 43 percent of CISOs ranking it as a top concern.

A new report from RedAccess, based on responses from 300 chief information security officers across the US and UK, looks at the impact of hybrid working on security posture and the new threats that it introduces. Insecure browsing is ranked as the #1 hybrid/remote work security concern that puts organizations at the most risk.

Continue reading →

Business Email Compromise attacks increased dramatically last year with a 72 percent rise year-on-year over 2021.

The 2023 Email Security Threat Report from Armorblox shows high volumes of language-based and socially engineered attacks targeting organizations of all sizes and across industries.

Continue reading →

Our tech-filled lives put us at daily risk of cybercrimes, as we spend the majority of our time interacting with devices that could give hackers access to our personal data. In fact, according to DataProt, nearly 60 Percent of Americans say they have experienced cybercrime or somehow fell victim to a hacker. As every aspect of our lives becomes more connected, the opportunities for bad actors rise.

Businesses are not immune to these persistent threats. Reports show that 70 Percent of small businesses are unprepared for a cyberattack, and almost 90 Percent of professional hackers can penetrate a company within 12 hours. It is no surprise that the Federal Bureau of Investigation (FBI) has officially ranked cybercrime as one of its agency’s most important interests.

Continue reading →

HP has issued a security warning about a vulnerability which affects numerous HP Enterprise LaserJet and HP LaserJet Managed printers. The flaw is tracked as CVE-2023-1707 is described as "critical" having been assigned a CVSS rating of 9.1.

Despite the severity of the bug -- which HP says could lead to "information disclosure when IPsec is enabled with FutureSmart version 5.6" -- it could take up to 90 days to issue a fix. However, the company has provided a temporary firmware mitigation.

Continue reading →

Since its inception, Microsoft Defender Antivirus (FKA Windows Defender) was considered somewhat of a joke by power users. They would assert that it provided you with the protection of an umbrella in a hurricane. While its deficiencies were often exaggerated, indeed, it didn’t give you the same depth and scope as high-quality third-party solutions. 

When Bitdefender retired its free antivirus solution in 2021 (only to release a new free antivirus in 2022), many turned back to Microsoft Defender. After all, Microsoft should ultimately know the best ways to secure its software. It's surprising it took so long for the company to expand the coverage of its Microsoft Defender line, especially, with the largest share of its revenue being made from intelligent cloud computing.

Continue reading →

A new survey from OTORIO and ServiceNow reveals that 58 percent of organizations identify their operational technology (OT) cybersecurity risk level as high or critical.

However, the survey of 200 IT and OT leaders shows only 47 percent of companies surveyed have an OT cybersecurity solution in place, and 81 percent of respondents still manage their OT risks manually rather than having an automated solution.

Continue reading →

Active Directory (AD) is used by 90 percent of enterprises as the primary source of trust for identity and access. But it can also be a weak link, exploited in many modern cyberattacks.

We spoke to Ran Harel, senior director of product management at Semperis, to explore the challenges in securing a hybrid AD environment and how organizations can best defend this expanded attack surface.

Continue reading →

Over half of organizations say they have suffered a data breach in the past two years, an increase from 49 percent in 2022 and 39 percent in 2021.

In addition, a new report from Splunk shows 62 percent of respondents report that their business-critical applications have suffered from unplanned downtime due to a cybersecurity incident on at least a monthly basis, an increase from 54 percent in 2022.

Continue reading →

As businesses get bigger they begin to gain extra layers of management and start to behave in different ways. A new report from Trend Micro reveals that the same is true for cybercrime groups.

A typical large cybercrime organization allocates 80 percent of its operating expenses to wages, with the figure similarly high (78 percent) for smaller criminal organizations, according to the report.

Continue reading →

Cybersecurity threats are growing at an alarming rate across the globe while at the same time, cybercriminals are becoming even more sophisticated in their methods of attacks. Meanwhile, the shortage of cybersecurity talent is making it difficult for organizations and industries to meet these constantly shifting security demands.

As such, the cybersecurity landscape has become increasingly challenging. In fact, cybercrime is expected to cost the world $10.5 trillion annually by 2025 but organizations are struggling to build the specialized skills required to manage these growing threats. According to ISACA’s latest State of Cybersecurity Report, 63 percent of enterprises have unfilled cybersecurity positions while labor shortages in the UK have become particularly acute. In fact, while there are currently about 339,000 cyber professionals in the UK (up 13 percent year-on-year), there is still a shortfall of 56,811 workers (up 70 percent year-on-year).

Continue reading →

Remote working poses a number of risks from an IT security point of view. A new report from Lookout finds that 32 percent of remote and hybrid workers use apps or software not approved by IT and 92 percent of remote employees perform work tasks on their personal tablet or smartphone devices.

Remote workers are also less likely to follow best practices for security. 90 percent access corporate networks from areas other than their home, with an average of five different locations -- introducing security risks as company data could be exposed across multiple networks not monitored by IT. 45 percent use the same password for work and personal accounts too.

Continue reading →