Articles about Security

Businesses should expect to see a spike in potential cyberattacks starting with Black Friday and Cyber Monday and continuing throughout the holiday shopping season, according to a new report.

The report from predictive security specialist Carbon Black shows that global organizations encountered a 57.5 percent increase in attempted cyberattacks during the 2017 holiday shopping season.

Continue reading →

As more and more of us rely on mobile devices to access the internet, traditional endpoint security solutions don’t always provide the protection we need.

Cybersecurity company BullGuard is partnering with VPN specilaist NordVPN  to launch a new consumer anonymity solution.

Continue reading →

There once was a time not all that long ago when security teams could plead ignorant to IT security risks, with minimal possible consequence in terms of any significant damage coming to the company. Those days are long gone. We’ve reached an era where the "I see nothing" perspective no longer works for network security. In today’s era of advanced cyberattacks, information security is too important an element of business success to dismiss.

In fact, ignorance of information security matters is prohibitively costly, as regulators can use it to justify the imposition of fines. Take GDPR’s penalty scheme, for example. Is ignorance of digital security worth €20 million or 4 percent of an organization’s global annual revenue? That’s just one data protection standard -- others such as Australia’s Notifiable Data Breaches (NDB) scheme and the NY Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Institutions come with their own fines and penalties. Given that we’re also in the era of insufficient resources, the challenge for security teams is how to deploy limited resources to have the greatest impact. As the title of this post makes clear, the obvious answer is to stop spending time on the wrong things.

Continue reading →

If you're an Amazon customer you may have received a rather strange email this morning. It states that the company has, "...inadvertently disclosed your name and email address due to a technical error."

It then goes on to say, "The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action."

Continue reading →

In Europe DDoS attack volumes have increased sharply during the third quarter 2018 according to a new report.

The report from DDoS protection specialist Link11 shows the average attack volume more than doubled in July, August and September, to 4.6 Gbps (up from 2.2 Gbps in Q2).

Continue reading →

The number of reported vulnerabilities in 2018 is seven percent down on the same period last year, according to a new report from Risk Based Security.

It's not all good news though, as 24.9 percent of 2018's reported vulnerabilities currently have no known solution which is a reminder that, while patching is very important, it can't be relied on exclusively as a remedy.

Continue reading →

In the last few years APIs have become a critical enabler of digital transformation for businesses across all sectors.

Cybersecurity company Ping Identity has surveyed more than 100 security and IT professionals to determine their concerns surrounding the increased use of APIs.

Continue reading →

Startpage.com is a privacy-focused alternative to the likes of Google (although the search results are provided by Google -- minus all the ads and stripped of tracking), and the search engine has just relaunched with a new look and new features. The visual changes will be apparent to anyone who has used the site before, but for anyone who is concerned about their online privacy, it is new options such as Anonymous View that will be of greater interest.

This new feature makes it possible to visit websites completely privately, essentially using Startpage.com as a proxy. Importantly, this extra level of privacy and protection does not come at the expense of speed, meaning you can browse the web anonymously without compromise.

Continue reading →

If a website suffers a security breach you may well decide that you want to give it a wide berth. The problem is that it is impossible for individuals to keep track of all of the breaches that take place, and Mozilla wants to help out.

After teaming up with Have I Been Pwned recently, Mozilla created Firefox Monitor to help inform people about breaches, and this is now expanding to more languages. On top of this, the organization has also now launched Firefox Monitor Notifications that will issue a warning if you visit a site that has been breached.

Continue reading →

Cyberattacks are often thought of as being a problem just for large organizations. But a new study by the Ponemon Institute, sponsored by Keeper Security, shows that small businesses increasingly face the same cybersecurity risks as larger ones.

The number of attacks is on the rise -- with 67 percent experiencing a cyberattack and 58 percent experiencing a data breach in the last 12 months.

Continue reading →

While a large majority of companies now permit employees to use their own devices for work, they have concerns over security and privacy.

Organizations are making BYOD available to employees (76 percent), contractors (27 percent), partners (25 percent), customers (22 percent), and suppliers (19 percent).

Continue reading →

There has been an increase in the use of .com extensions in phishing emails that target financial service departments, according to a new analysis.

In October alone, anti-phishing company Cofense Intelligence analyzed 132 unique samples with the .com extension, compared to only 34 samples analyzed in the nine months before. Four different malware families were utilized.

Continue reading →

With digital transformation enabling supply chains to become ever more integrated, businesses no longer have to worry just about the risks posed by their own systems, they must consider those they are connected to as well.

Vendor monitoring solution RiskRecon is launching a new tool that enables enterprises to automatically produce assessments and action plans based on their unique risk requirements, allowing risk professionals to easily understand and act on their third-party risk.

Continue reading →

Container and Kubernetes security company StackRox has released a new report looking to understand how adoption of these technologies affects security concerns.

The State of Container Security report finds that more than a third of organizations worry that their strategies don't adequately address container security.

Continue reading →

One of the biggest security stories of 2018 has been the discovery of the Meltdown and Spectre chip flaws. Known as speculative execution exploits, the flaws make it possible to steal potentially sensitive information and there has been an on-going battle to issue patches wherever possible.

Just as things were starting to die down a little, security researchers have revealed details of no fewer than seven more speculative execution attacks. While some of these attack vectors have already been mitigated against, this is not the case for all of them.

Continue reading →