Articles about Security

Cast your mind back to just last week, and there was the usual chaos of problematic updates from Microsoft. But one of the more peculiar things about one of the updates was the creation an empty folder called inetpub after installing the KB5055523 update for Windows 11.

The appearance of this folder caused confusion, but failed to be explained by Microsoft. Users who were irritated by the folder materializing unbidden simply deleted it without side effects -- but now Microsoft has spoken out. The company says that the folder should not be deleted because it improves system security -- but leaves many questions unanswered.

Continue reading →

When Microsoft first added the AI-powered Recall feature to Windows 11, it could hardly have been expecting the backlash that came from users. Concerns about privacy and security forced the company to delay the rollout of the activity and screen monitoring snapshot tool.

Now Microsoft thinks it has made the improvements required to calm the concerns of those who spoke out very loudly against the tool. A new preview version of Recall is making its way to some users right now.

Continue reading →

There is not long left for Office 2016 in terms of official support from Microsoft, but it felt like adding salt to the wound when a recent update caused Word, Excel and Outlook to stop working.

Microsoft is certainly no stranger to breaking Windows with problematic updates, but with the KB5002700 security update released earlier this week, it was Office 2016 that was affected. So severe were the problems caused, Microsoft has been forced to release an out-of-band fix.

Continue reading →

There can’t be a silver lining without a cloud, and for all of the problems Microsoft managed to fix with the KB5055523 update for Windows 11, there is the small issue of it causing Windows Hello authentication to stop working for some.

While the problem is limited to users who meet fairly narrow criteria, the impact for those affected is significant. If you’re running System Guard Secure Launch or Dynamic Root of Trust for Measurement on Windows 11 and Server 2025, caution is advised.

Continue reading →

The next time you sign into your Microsoft account you may well be greeted by a new look. Microsoft has started the roll out of what it is calling a “new sign in experience” as the company uses its Fluent 2 design language to revamp the UI and UX. For better or worse, this is an attempt to create an “unmistakably Microsoft” look and feel.

The changes affect users of Windows, Xbox, Microsoft 365, and more, and Microsoft predicts that the majority of users will see the new look by the end of April. As part of the redesign, users are being given more choice; there is now a dark mode option.

Continue reading →

Cyber-attacks are becoming increasingly sophisticated and targeted, with the average number of weekly attacks per organization soaring to 1,673 in 2024 -- a 44 percent increase from 2023. In response, researchers and defenders are harnessing AI-powered analytics, anomaly detection and correlation engines to bolster security efforts. It’s an ongoing cat-and-mouse game that makes cyber compromise a question of when rather than if.

Effective defense hinges on resilience and minimizing the attack surface. However, many businesses are finding that traditional point-based solutions are leaving them with gaps in their security posture due to limited tools, skills or resources. There are five key factors that are leading organizations to look for a more sustainable and comprehensive platform-based approach.  

Continue reading →

Security issues in Windows crop up with scary frequency, and most are fixed by Microsoft… eventually. But while the tech giant works out how to patch holes in its buggy operating system, there are -- thankfully -- others who are willing to do the fixing faster.

0patch is a familiar name. It is a firm that, on a subscription basis, provides support and security fixes for versions of Windows that Microsoft has abandoned. It also frequently releases free patches for security issues that Microsoft is yet to fix, and this has just happened again with a fix for a worrying SCF File NTLM hash disclosure 0day vulnerability.

Continue reading →

The vast majority of IT professionals will agree that in cybersecurity, waiting for an attack to happen in order to expose weaknesses is a losing strategy.

As such, many will be well-clued up on the benefits of penetration testing; from demonstrating a commitment to protecting sensitive data and ensuring ongoing compliance with industry regulations, to gaining a clearer understanding of security gaps, and strengthening incident response readiness.

Continue reading →

In the film Sliding Doors, a split second choice leads to two branching stories -- yet while the two stories are very different, they both lead to hospital trips and potential tragedy. The world of cyber security is similar. Whatever decisions we make, we are still under pressure and we will -- eventually, whatever we do -- end up facing significant risk.

Yet how do we show that we are doing a good job? If everything is working, there is nothing to see. Or have we collectively just been lucky to that point? Unless you have an active attack taking place, you can argue that your efforts are enough. But when you only look at a single point in time, it is a challenge to show that you are making a difference and reducing risk.

Continue reading →

2024 ushered in one of the biggest shifts in data security, as cyber threats continued to increase in sophistication by leveraging advancements in AI to outpace traditional defenses. High-profile breaches across all industries continued, uncovering vulnerabilities in even the most robust systems. Meanwhile, the ongoing hybrid work models and migration to cloud-based technologies expanded the attack surface, creating new challenges for protecting sensitive data.

As 2025 rolls on, organizations need to follow best practices that represent a proactive, forward-thinking framework to stay ahead of emerging threats, protect critical data, and maintain the trust of their stakeholders. Here are ten best practices that organizations should consider.

Continue reading →

Do you trust your SaaS vendor with the keys to your kingdom? The agent running on your systems is only as secure as your cloud vendor’s security posture. It’s a security risk that should keep every organization’s IT and security teams up at night.

Many vendors will cite pen testing, bug bounty programs, and certifications like SOC 2 and ISO 27001 as a testament to their security. But the reality is that breaches still happen.

Continue reading →

Firefox users running older versions of the web browser could be in for a really nasty surprise. On March 14, 2025, a critical root certificate will expire. And, if your browser isn’t updated to at least Firefox 128 (or ESR 115.13+ for those using the long-term support version) your add-ons will be disabled. Additionally, streaming services that require DRM may even stop working!

For anyone still using an outdated version on Windows, macOS, Linux, or Android, time is running out to avoid these annoyances. Even those sticking with older operating systems (such as Windows 7, 8, and 8.1, or macOS 10.12–10.14) need to at least update to ESR 115.13+ if they want to keep their add-ons and media playback working.

Continue reading →

Security researchers have shared details of newly discovered, undocumented commands in ESP32 Bluetooth firmware that can be exploited by an attacker. The Chinese-made chip is found in millions of devices, meaning the findings are significant.

Speaking at RootedCON in Madrid, researchers from Tarlogic Security, Miguel Tarascó Acuña and Antonio Vázquez Blanco, described the “hidden functionality” they have unearthed as a backdoor, but later conceded that this may be a misleading description. They warn that exploitation could allow “hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls”.

Continue reading →

The truth about cybersecurity is that it’s almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry becomes increasingly sophisticated and their technology more advanced.

Once a hacker has broken through an organization’s defenses, it is relatively easy to move within the network and access information without being detected for days, and even months. This is a significant concern for Banking and Financial Services organizations, which house valuable sensitive and Personally Identifiable Information (PII). The goal of cybersecurity is to minimize the risk and the impact of a breach. Understanding the adversary’s mindset and activity is central to this.

Continue reading →

ExpressVPN has rolled out a much-needed update for Linux users, finally adding a graphical user interface (GUI) to its VPN app. Yes, folks, a GUI for Linux is only being rolled out in 2025! Better late than never, I suppose.

Until now, ExpressVPN users in Linux were stuck with a command-line interface (CLI), while Windows and macOS users enjoyed a more user-friendly experience. This update brings ExpressVPN more in line with competitors like Surfshark, which has long offered a Linux app with a GUI.

Continue reading →