Articles about Security

Many security professionals have been misled into believing in the overhyped promise of agentless security. But it looks like the long-lasting 'agentless vs. agent' debate is finally over and the result is finally in -- if you want great cloud workload security, you need an agent.

This noteworthy outcome arose when two of the leading agentless-only vendors finally gave in and announced partnerships with agent-based runtime security and CWPP (cloud workload protection platform) vendors. This is big news, because both of these companies had previously, and persistently proclaimed, that agents are 'old school' and that 'agent-based security is dead'.

Continue reading →

Enterprise browser specialist Talon Cyber Security has announced that it has integrated its secure enterprise browser with the Microsoft Azure OpenAI Service to provide enterprise-grade ChatGPT access to customers.

This allows organizations to maintain data protection, keeping data put into ChatGPT within their perimeter and preventing it from transferring to third-party services. When using ChatGPT in Azure OpenAI Service, the organization uses its own Azure resources, so sensitive data is not delivered to other locations, improving data security and reducing risk.

Continue reading →

As information technology and operational technology increasingly converge it presents new challenges for organizations needing to keep their systems secure.

There's also been something of a shift in the focus of attacks with more emphasis on causing business disruption and damaging reputations.

Continue reading →

As enterprises move to cloud and hybrid models they face a range of new challenges in protecting their data.

A new study from Enterprise Strategy Group (ESG), released by Commvault and Microsoft, finds that 53 percent of respondents say their IT environment was more complex than it was two years ago.

Continue reading →

In the 12 months from April 2022 to March 2023 the US and UK were the countries that suffered the most ransomware attacks.

However, the latest Malwarebytes ransomware report shows that the USA suffered a little over seven times more attacks in the last twelve months than the UK. It's perhaps not a coincidence that the USA's economic output, measured by gross domestic product (GDP), is also about seven times larger than the UK's.

Continue reading →

A new report from cyber asset visibility and management company JupiterOne shows numbers of enterprise cyber assets have increased by 133 percent year-on-year, from an average of 165,000 in 2022 to 393,419 in 2023.

Organizations have also seen the number of security vulnerabilities, or unresolved findings, increase by 589 percent according to the report which analyzed more than 291 million assets, findings, and policies to establish the current state of enterprise cloud assets, including cloud and physical environments of devices, networks, apps, data, and users.

Continue reading →

As cloud and SaaS use grows a major challenge for IT, security and compliance teams is the lack of visibility into their organization's SaaS ecosystem.

Metomic is launching a new, free cybersecurity tool that scans Google Drive accounts to find sensitive data and information lurking in Google Docs and files. After entering a Gmail address and password, Google Drive Risk Report will scan the Google Drive connected to the address and, in a matter of seconds, generate a report.

Continue reading →

Microsoft has released the cumulative KB5025239 update for Windows 11 22H2, bringing with it not only security and bug fixes, but also general improvements and new features.

Among the highlights are the addition of the new Windows Local Administrator Password Solution (LAPS) as a Windows inbox feature. This update also adds new notifications about Microsoft account to the Start menu, improves Microsoft Defender for Endpoint, and provides easy access to the Bing chat experience in Microsoft Edge via the taskbar.

Continue reading →

It used to be the case that all you had to worry about with ransomware was encrypted data, but the latest Cyberthreat Defense Report (CDR) from CyberEdge Group reveals that last year 78 percent of ransomware victims faced the consequences of one, two or three additional threats unless they paid the ransom.

Additional threats include launching distributed denial of service (DDoS) attacks (42 percent), notifying customers or the media of the data breach (42 percent), and publicly releasing exfiltrated data (40 percent).

Continue reading →

When asked to select the most significant cyber threats to their organizations, browsing Threats topped the list, with 43 percent of CISOs ranking it as a top concern.

A new report from RedAccess, based on responses from 300 chief information security officers across the US and UK, looks at the impact of hybrid working on security posture and the new threats that it introduces. Insecure browsing is ranked as the #1 hybrid/remote work security concern that puts organizations at the most risk.

Continue reading →

Business Email Compromise attacks increased dramatically last year with a 72 percent rise year-on-year over 2021.

The 2023 Email Security Threat Report from Armorblox shows high volumes of language-based and socially engineered attacks targeting organizations of all sizes and across industries.

Continue reading →

Our tech-filled lives put us at daily risk of cybercrimes, as we spend the majority of our time interacting with devices that could give hackers access to our personal data. In fact, according to DataProt, nearly 60 Percent of Americans say they have experienced cybercrime or somehow fell victim to a hacker. As every aspect of our lives becomes more connected, the opportunities for bad actors rise.

Businesses are not immune to these persistent threats. Reports show that 70 Percent of small businesses are unprepared for a cyberattack, and almost 90 Percent of professional hackers can penetrate a company within 12 hours. It is no surprise that the Federal Bureau of Investigation (FBI) has officially ranked cybercrime as one of its agency’s most important interests.

Continue reading →

HP has issued a security warning about a vulnerability which affects numerous HP Enterprise LaserJet and HP LaserJet Managed printers. The flaw is tracked as CVE-2023-1707 is described as "critical" having been assigned a CVSS rating of 9.1.

Despite the severity of the bug -- which HP says could lead to "information disclosure when IPsec is enabled with FutureSmart version 5.6" -- it could take up to 90 days to issue a fix. However, the company has provided a temporary firmware mitigation.

Continue reading →

Since its inception, Microsoft Defender Antivirus (FKA Windows Defender) was considered somewhat of a joke by power users. They would assert that it provided you with the protection of an umbrella in a hurricane. While its deficiencies were often exaggerated, indeed, it didn’t give you the same depth and scope as high-quality third-party solutions. 

When Bitdefender retired its free antivirus solution in 2021 (only to release a new free antivirus in 2022), many turned back to Microsoft Defender. After all, Microsoft should ultimately know the best ways to secure its software. It's surprising it took so long for the company to expand the coverage of its Microsoft Defender line, especially, with the largest share of its revenue being made from intelligent cloud computing.

Continue reading →

A new survey from OTORIO and ServiceNow reveals that 58 percent of organizations identify their operational technology (OT) cybersecurity risk level as high or critical.

However, the survey of 200 IT and OT leaders shows only 47 percent of companies surveyed have an OT cybersecurity solution in place, and 81 percent of respondents still manage their OT risks manually rather than having an automated solution.

Continue reading →