Articles about Security

Many organizations have come to rely on Zoom as a means of connecting employees and customers in a hybrid environment.

But this comes with challenges when it comes to keeping meetings secure without harming productivity. Identity management platform Okta is launching a new identity verification feature that will authenticate Zoom meeting attendees in End-to-End Encryption (E2EE).

Continue reading →

Historically, security has been treated as something as an afterthought in the IT industry. In more recent years though there has been pressure to introduce 'security by design' to ensure that products are developed with best practices in mind.

We spoke to David Melamed CTO of Jit to find out about integrating security and how security tools can be used by developers not just security professionals.

Continue reading →

In the early days of computing, authentication was simple, but the approach grew in sophistication over time. For example, modern password-based authentication systems like Kerberos don’t actually transmit passwords anymore; they generate an authentication token that is submitted instead.

But even with these enhancements, a username-and-password based approach to authentication still has a key weakness: if someone learns another user’s password, they are indistinguishable from the true user. And although Bill Gates predicted the death of the password nearly 20 years ago, they remain the default method of authentication for a range of services at work and home.

Continue reading →

Following the discovery of serious vulnerabilities in the Snipping Tool app for Windows 11 and Snip & Sketch in Windows 10, Microsoft has released out-of-band updates to plug the security holes.

The flaws are similar to the recently discovered aCropalypse bug affecting Pixel mobiles, making it possible to "uncrop" cropped images and potentially expose sensitive information. Having briefly tested updates with Windows Insiders, Microsoft has now made fixes available to all Windows 10 and Windows 11 users.

Continue reading →

Ignore the hype: Artificial intelligence (AI) can improve your security posture now.

We’ve been waiting for AI to deliver benefits to cybersecurity for a long time. ChatGPT aside, AI has been a hot-and-cold topic for decades, with periods of overhyped promises interspersed with periods of cynical rejection after failure to deliver on all of those promises. No wonder plenty of security leaders are wary. Yet, despite the wariness, AI is helping to improve cybersecurity today and will increasingly provide substantial security benefits -- and challenges.

Continue reading →

The CISA has launched a new security tool designed to help protect various Microsoft cloud services. The open source Untitled Goose Tool is available for both Windows and macOS.

The utility was developed by the US Cybersecurity & Infrastructure Security Agency in conjunction with Sandia National Laboratories. The aim of the tool is to help to detect and respond to malicious activity in Microsoft Azure, Azure Active Directory (AAD) and Microsoft 365 (M365) environments.

Continue reading →

Earlier this week we learned about a worrying security and privacy flaw in Windows 11's Snipping Tool screen capture app. The way the software saves cropped screengrabs means that it is possible to "uncrop" images, potentially exposing sensitive information.

Acting quickly to address the problem, Microsoft has fixed the vulnerability with a new update. There is just one problem -- the update is not available to everyone, leaving unknown numbers of users at risk.

Continue reading →

According to a new report, at least 20 percent of enterprise endpoints remain unpatched after the remediation is completed, meaning that a fifth of machines still have a significant number of legacy vulnerabilities that could be exploited at any time.

The study of over 800 IT professionals from Action1 Corporation finds 10 percent of organizations suffered a breach over the past 12 months, with 47 percent of breaches resulting from known security vulnerabilities.

Continue reading →

Users of Windows 11 have been concerned by the appearance of a message that reads: "Local Security protection is off. Your device may be vulnerable". Microsoft is blaming a recent update (KB5007651) for the warning which implies that an important security feature has been disabled.

The issue affects Windows 11 version 21H2 and 22H2, and those hit by the message have been left confused about what they need to do. So what is going on?

Continue reading →

Unless you’ve been on a retreat in some far-flung location with no internet access for the past few months, chances are you’re well aware of how much hype and fear there’s been around ChatGPT, the artificial intelligence (AI) chatbot developed by OpenAI. Maybe you’ve seen articles about academics and teachers worrying that it’ll make cheating easier than ever. On the other side of the coin, you might have seen the articles evangelizing all of ChatGPT’s potential applications.

Alternatively, you may have been tickled by some of the more esoteric examples of people using the tool. One user, for example, got it to write an instruction guide for removing peanut butter sandwiches from a VCR in the style of the King James Bible. Another asked it to write a song in the style of Nick Cave; the singer was less than enthused about the results.

Continue reading →

With more and more organizations turning to the cloud and cloud-native application development, AppSec teams face a mounting challenge to keep pace with their development counterparts.

To address this, Backslash Security is launching a new solution to provide unified code and cloud-native security by correlating cloud context to code risk, backed by automated threat modeling, code risk prioritization, and simplified remediation across applications and teams.

Continue reading →

As organizations embrace cloud-native development, they are building new types of applications and microservices that are easier to scale and add more business value.

But the growing adoption of microservices has introduced new security risks because microservices and modern applications contain more 'pieces' that increase the attack surface.

Continue reading →

Microsoft Snipping Tool utility has been found to have a vulnerability that means that screenshots that have been cropped can be very easily uncropped, potentially exposing sensitive information.

The Snipping Tool is one of the most useful tools to be found in Windows 11, making it easy to take a variety of screenshots -- and, more recently, record screen activity -- without the need for third-party software. But the way in which the app crops images means that edited images are really just the original screengrab; 'cropped' parts are simply hidden and easily restored.

Continue reading →

Just 15 percent of organizations globally have the 'Mature' level of readiness needed to be resilient against today's modern cybersecurity risks, according to Cisco's first-ever Cybersecurity Readiness Index.

More than half (55 percent) of companies globally fall into the Beginner (eight percent) or Formative (47 percent) stages, meaning they are performing below average on cybersecurity readiness.

Continue reading →

Ransomware and extortion actors are utilizing more aggressive tactics to pressure organizations, with harassment being involved 20 times more often than in 2021, according to a new report.

The study, from Palo Alto Networks' Unit 42 threat intelligence team, finds harassment is typically carried out via phone calls and emails targeting a specific individual, often in the C-suite, to pressure them into paying a ransom demand.

Continue reading →