Articles about Security

A new survey from identity management specialist SailPoint in conjunction with US National Cybersecurity Awareness Month finds two out of three professionals are extremely concerned about their personal identity being stolen.

Yet despite this half admit that they would participate in the types of risky behavior that increase the threat of leaked information and a potential breach.

Continue reading →

When we talk about the dark web it's easy to think of it as an amorphous malevolent blob. But new research from Recorded Future reveals some key differences between dark web communities in different parts of the world.

The company's Inskit Group of researchers has actively analyzed underground markets and forums tailored to Russian and Chinese audiences over the past year and has discovered a number of differences in content hosted on forums, as well as differences in forum organization and conduct.

Continue reading →

Most endpoint detection tools collect only a limited set of data, which can make it hard for teams to track down and combat threats.

To address this issue, endpoint security specialist Carbon Black is launching a new threat hunting tool as part of its Predictive Security Cloud (PSC).

Continue reading →

A new study reveals that 68 percent of the top 50 companies on the Fortune 500 rankings are not adequately prepared for the next major DNS attack.

The Global DNS Performance Report by network intelligence company ThousandEyes shows that DNS best practices are not widespread in major enterprises and SaaS providers, leaving them needlessly vulnerable.

Continue reading →

Companies increasingly rely on cloud applications and infrastructure for their critical systems. Protecting these is vital and to help businesses do so, Symantec  is launching an expansion to its cloud security portfolio.

Symantec’s Cyber Defense Platform offers a broad range of protection, providing visibility and control for virtually any cloud app and integrations with CloudSOC CASB, Cloud Workload Protection (CWP) and Data Loss Protection (DLP).

Continue reading →

A new report released ahead of the Infosecurity North America event to be held next month, shows that the majority of chief information security officers (CISOs) are receiving conflicting advice about new or changing regulation.

In addition, when asked what regulatory bodies should do to help promote a smooth rollout of privacy regulations, 35 percent of respondents say that regulators should provide clearer communication about compliance requirements.

Continue reading →

One in three organizations rely on outdated and manual methods, like spreadsheets, to manage privileged accounts, and there's widespread lack of confidence among IT professionals in access control and privileged account management programs.

This is among the findings of a new report from One Identity which also shows one in 20 organizations have no way of knowing if users retain access even after they’ve left the organization.

Continue reading →

Attacks targeting IIS servers have shown a massive 782 times increase, from 2,000 to 1.7 million, over the last quarter according to a new report.

The report from threat protection specialist eSentire reveals that most attacks targeting IIS web servers originated from China-based IP addresses.

Continue reading →

The first half of 2018 saw 945 data breaches which led to 4.5 billion data records being compromised worldwide, according to a new report.

The latest Breach Level Index from digital security company Gemalto shows that compared to the same period in 2017, the number of lost, stolen or compromised records increased by a massive 133 percent, though the total number of breaches slightly decreased, suggesting attacks are getting more severe.

Continue reading →

Google has introduced privacy and security focused changes as part of an update to Google Play Developer policies. In a move designed to protect sensitive data, there are new rules for apps that request SMS and Call Log permissions.

With immediate effect, it will only be possible for apps configured to be the default calling or text app to access phone and SMS data.

Continue reading →

The private data of nearly half a million Google+ users was exposed to third-party developers, and Google failed to notify anyone. A bug in Google+ APIs meant that users' names, email addresses, occupations, gender and age were accessible from 2015 until Google discovered and patched the problem in March this year.

Despite the data possibly having been accessed by 438 apps, Google chose not to go public about the security breach until now. And in a dramatic move, the company has announced that it is shutting down Google+ for consumers. Google has also revealed details of Project Strobe, an audit program through which it discovered the problem.

Continue reading →

Security awareness training company KnowBe4 is launching a new version of its platform using artificial intelligence to identify evolving risks.

It includes a Virtual Risk Officer that helps security or IT professionals identify risks at the user, group or organizational level, resulting in better decision making for their security awareness plans.

Continue reading →

Google has announced that its Safety Centre hub is rolling out across Europe. The announcement means that people in Belgium, France, Germany, Italy, the Netherlands and the UK have access to Google's selection of tools and tips for staying safe online.

The launch has been timed to coincide with European Cyber Security Month, but Google doesn't quite seem to have decided how to spell the name of its own offering.

Continue reading →

In the modern world people often say they care about privacy, but their actions don't reflect their words. Exploring this privacy paradox is a new infographic from privacy app company Keepsafe.

It shows that 35 percent of people have concerns when making purchases on their mobile devices, but 43 percent do so anyway in the name of convenience.

Continue reading →

For enterprises looking to build new applications as the cornerstone of their digital transformation initiatives, techniques like DevOps are undeniably attractive.

But while they speed up development they also mean that nearly 70 percent of every application is made up of reusable components like third-party libraries, open source software. This means that applications can easily inherit the vulnerabilities in those components.

Continue reading →