Articles about Security

Security gaps in key areas such as plain-text passwords, direct connections to the internet, and weak anti-virus protections are leaving industrial control systems vulnerable to attack according to a new report.

The study from ICS security company CyberX also shows that although the use of Windows XP has declined over the last year there are still older, unpatchable, Windows systems in slightly more than half of all industrial sites.

Continue reading →

Which subject lines make a person most likely to click a link in a phishing email? Security awareness training company KnowBe4 has analyzed data from simulated phishing tests and 'in the wild' emails to find out.

The most successful lines play on user's desire to remain secure with subjects relating to password checks the most clicked. On social media, messages about tagging or new profile views are most likely to be clicked.

Continue reading →

Email is still one of the most common ways for attackers to target individuals or businesses, whether it’s through phishing attacks or delivering malware. Although you may have protection measures in place it can be hard to know if they’re working effectively.

Intelligence-led security company FireEye is launching a new capability that allows organizations to evaluate email threat detection efficacy with a no-charge evaluation service

Continue reading →

We often hear the term 'ethical hacker', but what exactly does this involve and is it something you can actually make a career out of?

We spoke to Jim O'Gorman president of online penetration testing training provider Offensive Security to find out what being an ethical hacker is all about and what skills you need if you want to become one.

Continue reading →

In today’s cybersecurity landscape, the value of good cybersecurity tools is undeniable. What is more valuable are the people behind the tools -- however, the amount of open cybersecurity positions worldwide is growing year over year. Currently, there are more than 300,000 open cybersecurity roles in the U.S. alone, but by 2021, Cybersecurity Ventures expects that number will reach 3.5 million.

This gap is felt by cybersecurity leaders; in fact, a recent study found that more than 70 percent of the cybersecurity decision makers agree that their organizations do not have the staff or necessary resources to monitor all cybersecurity threats that their organizations face. With the number of cybersecurity openings growing yearly and the sophistication and frequency of cyberattacks increasing, in order to build the cybersecurity leaders of tomorrow, business leaders must turn their attention to things that they can control: investing in the right solutions and their staff.

Continue reading →

Brian Gladstein, a security marketing strategist at Carbon Black, discussed the question posed in this headline at RSA Conference 2018. In his presentation entitled "Endpoint Security and the Cloud: How to Apply Predictive Analytics and Big Data," Gladstein observes that digital crime is structured like an economy consisting of several tiers. At the top is the "Digirati," a term used by Gladstein for the class of high-ranking controllers responsible for executing digital attacks. The Digirati consists of the ones who hide on the network and gather information, usage patterns, and intel. They then share this information and build upon what knowledge they’ve already gathered from other actors in the online criminal community.

Below the Digirati are the subject matter experts. Malware writers, identity collectors, and individuals who hoard zero-day vulnerabilities and other exploits sit on this level of the digital crime economy. These individuals oftentimes sell access to their goods and services to the next tier, which consists of botnet owners, cashiers, spammers, and other brokers and vendors.

Continue reading →

Businesses are increasingly moving more of their operations to the cloud and this leads to a greater focus on securing these workloads.

Cloud infrastructure security company Threat Stack has released a new report created by Vanson Bourne which shows 54 percent of businesses are worried that they will soon outgrow their security solutions.

Continue reading →

Many people rely on connecting to Wi-Fi networks when they are out and about, but using public hotspots does present a significant security risk.

The best way to protect yourself is to use a VPN and cybersecurity company Webroot is launching its own in the form of Webroot WiFi Security, to provide security and privacy for users who connect to WiFi networks using Windows, Mac, and Android operating systems.

Continue reading →

New research from (ISC)² -- the world's largest non-profit association of cybersecurity professionals -- reveals a worldwide skills gap of 2.9 million.

The Asia-Pacific region is experiencing the highest shortage, at 2.14 million, in part thanks to its growing economies and new cybersecurity and data privacy legislation being enacted throughout the region. North America has the next highest gap at 498,000, while EMEA and Latin America contribute 142,000 and 136,000 to the staffing shortfall, respectively.

Continue reading →

As part of a coordinated movement between four of the biggest names in tech, the old TLS 1.0 and 1.1 security protocols are to be killed off in Safari, Edge, Internet Explorer, Firefox and Chrome in 2020.

Apple, Microsoft, Mozilla and Google have come together to purge the internet of these old and buggy protocols, noting that most people have now moved to TLS 1.2, if not TLS 1.3. Although 94 percent of sites already support version 1.2, a tampering off period over the next 18 months will give everyone a chance to catch up.

Continue reading →

Although IT operations personnel often help influence the selection of cyber security tools, nearly two out of three say complexity is one of the biggest hindrances in their effectiveness.

The study by privileged access management company Thycotic shows complexity in deployment is cited by30 percent and complexity in daily use by 34 percent.

Continue reading →

The drive to digital transformation is exposing companies to higher and more costly cyber risks according to a new study of over 1,300 businesses.

The study from research firm ESI ThoughtLab, together with a cross-industry coalition of organizations, including HP, KnowBe4, Opus and others, shows that cyber risks rise dramatically as companies embrace new technologies, adopt open platforms, and tap into the ecosystems of partners and suppliers.

Continue reading →

In a world of digital transformation projects that increasingly mean more links to suppliers and partners, it can be hard for companies to assess the risk presented by opening up their data to third-parties.

To address this problem RiskRecon is launching new asset valuation algorithms that automatically determine the inherent risk value of any internet facing system.

Continue reading →

After a relatively quiet first half of the year, cyberattacks have come back with a bang in the third quarter according to the latest report from Malwarebytes.

Businesses seem to have become the main focus of attacks, experiencing more cybercriminal activity this quarter, with detections up by 55 percent, while consumer detections increased by only four percent over the last quarter.

Continue reading →

We've heard of problems with specially-crafted messages being used to lock up iPhones, and now a similar problem has been found with the PlayStation 4. Anyone who receives one of these messages will find that their console completely locks up -- and the only way out of it is to perform a factory reset.

The problem lies in messages that include unrecognized characters, and it is being exploited by some gamers to boot people offline in the middle of games -- Rainbow Six in particular. While there is no fix available at the moment, there are steps you can take to prevent the issue affecting you.

Continue reading →