Articles about Security

Cyber attacks on council workers increase over 200 percent

Local councils have faced the same pressure as commercial businesses to have people working at home during the pandemic. But a new report shows attacks on UK councils' remote workers rose by 213 percent from March 2020 compared to the previous year.

Freedom of Information (FOI) requests made by technology solutions provider Insight, show that on average councils switched 74 percent of their employees -- more than double the UK average -- to remote working during the pandemic.

Continue reading

Universal decryptor now available for REvil ransomware

REvil ransomware

It is now almost three weeks since the gigantic ransomware attack that exploited a vulnerability in Kaseya VSA remote management software. The attack affected millions of devices and the group behind it, REvil, had been demanding a $70 million ransom.

There had been great concern about the fall out from the attack due to the apparent disappearance of REvil which made it impossible for anyone willing to pay the ransom to do so. Now a universal decryption key has been obtained from a "trusted third party", giving victims the chance to regain access to their data without the need to part with any money.

Continue reading

Why have we failed and what do we need to do?

In watching the most recent high profile, and very costly breaches, I’ve begun to ask the question "Why have we failed and what do we need to do?" We’ve failed. As I enter the twilight of my career in our industry, we haven’t gotten better -- breaches are more expensive, they’re more difficult to remediate, the economic destruction is real, and people get hurt or die as a result of cybersecurity breaches. Why? Where did we go wrong, and what do we need to do to fix it?

The first question I asked myself is, "What do we do well?" We’re an industry of incredibly talented people. Over the years, we’ve learned to collaborate and share information (which, we didn’t start off doing), and we have no shortage of tools. Our tool chest is loaded to the gills with capability. We also have boards and executives who are more cyber savvy than ever before. When I started in our industry over two decades ago, I couldn’t explain to a board what cybersecurity was with a PowerPoint presentation. Now, they’re all concerned about the issue and paying attention.

Continue reading

36 percent of organizations have suffered a serious cloud breach in the last year

cloud lock

A new survey of 300 cloud professionals finds that 36 percent of organizations have suffered a serious cloud security data leak or a breach in the past 12 months.

The study conducted by security and compliance automation firm Fugue and developer tools company Sonatype finds eight out of ten are worried that they're vulnerable to a major data breach related to cloud misconfiguration.

Continue reading

97 percent don't recognize the security limitations of containers

open digital lock

A new study finds that only three percent of respondents recognize that a container, in and of itself, is not a security boundary, suggesting that the default security capabilities of containers are overestimated.

The survey, from cloud security company Aqua Security of 150 cloud native security practitioners and executives from IT, Security and DevOps teams, across sectors and geographies, also shows that only 24 percent of respondents have plans in place to deploy the necessary building blocks for runtime security.

Continue reading

Over half of exploits sold on underground forums are for Microsoft products

Dark web hacker

A new study from Atlas VPN shows that 51 percent of exploits sold on underground cybercriminal forums are for Microsoft products.

Microsoft Office exploits make up 23 percent while Windows accounts for 12 percent of exploits sold on hacker forums. Remote Desktop Protocol (RDP) exploits make up 10 percent, with Internet Explorer and Share Point taking three percent each.

Continue reading

Researchers discover high-severity, 16-year-old flaw in drivers for millions of HP, Samsung and Xerox printers

Smashed printer

Security researchers from SentinelOne have uncovered an ancient vulnerability in the drivers used by printers from three big manufacturers.

The high-severity security vulnerability -- which is being tracked as CVE-2021-3438 -- affects drivers for HP, Samsung and Xerox printers and has evaded detected for 16 years. In all, around 400 printer models are at risk, leaving millions of printers exposed to the danger of the serious privilege escalation vulnerability.

Continue reading

Sequoia: Linux kernel security flaw gives unprivileged users root access

Linux sequoia

A vulnerability has been discovered in the Linux kernel that makes it possible to gain root access on a number of popular distributions, including Ubuntu, Debian and Fedora. The flaw has been named Sequoia, and it exists in the filesystem layer.

The security issue is thought to affect all versions of the Linux kernel released since 2014, meaning that a large number of distros are vulnerable. Specifically, the flaw is a size_t-to-int type conversion vulnerability that can be exploited to elevate privileges.

Continue reading

Critical vulnerabilities found in cloud-based ICS management systems

refinery industry

There are lots of good reasons for moving industrial control systems to the cloud including better telemetry and analysis of device performance, management of logic and remote device configuration, improved diagnostics and troubleshooting, a centralized view of processes.

But as more operational technology and lCS make the move, they become increasingly vulnerable to threats. ICS security specialist Claroty has unveiled its new Team82 research arm along with a report on critical vulnerabilities found in cloud-based management platforms for ICS.

Continue reading

DuckDuckGo launches privacy-focused @duck.com email forwarding

DuckDuckGo is a pretty cool company that focuses heavily on privacy. Its claim to fame is its search engine that aims to compete with the likes of Google and Bing, but without tracking you. Believe it or not, its search results are pretty good comparatively, although Google still edges it out.

Over time, DuckDuckGo has launched its own web browser and browser extensions, constantly trying to keep humans safe from the eyes of "Big Tech." And now the company announces its latest creation -- @duck.com email accounts.

Continue reading

Companies risk data exposure as employees leave

Employee leaving

New research from SASE company Netskope reveals the risk of critical data exfiltration linked to employees leaving their jobs.

The report finds that some departing employees present a disproportionately significant cloud security risk. In their last 30 days of employment, workers have been shown to be uploading three times more data than usual to personal cloud apps.

Continue reading

Organizations are losing the war on phishing

According to a new study of over 1,000 enterprise IT professionals around the world, 40 percent of organizations confirm they have fallen victim to a phishing attack in the last month, with 74 percent experiencing one in the last year.

The research from automation platform Ivanti also shows that 80 percent of respondents say they have witnessed an increase in volume of phishing attempts, with 85 percent saying those attempts are getting more sophisticated.

Continue reading

Personal devices could pose a risk as workers go back to the office

Executive social media

New research shows that 61 percent of employees intend to bring their personal devices into the office as they return to more conventional working patterns.

A study of 2,000 UK employees, conducted by Censuswide on behalf of asset visibility and security platform provider Armis, shows 61 percent of employees use their personal mobile phone and 44 percent use their own laptop for business purposes.

Continue reading

How real live phishing emails can help protect users [Q&A]

Phishing

Phishing remains one of the most popular attack vectors for cybercriminals. But traditional defenses relying on filtering or raising user awareness via training aren't always effective.

We spoke to Lior Kohavi, chief technology officer at enterprise SaaS security specialist Cyren to discover how a new approach is using genuine attacks to help both educate users and keep phishing emails out of our inboxes.

Continue reading

China accused of large-scale Microsoft Exchange Server hack

Microsoft logo Chinese flag

The US, UK and other allied nations have accused the Chinese Ministry of State Security of engaging in a global hacking campaign. Included in this was an attack on Microsoft Exchange servers earlier in the year, and other activity that has been described as "irresponsible and destabilizing behavior in cyberspace".

China has been called on to "end this systematic cyber sabotage", and a statement issued by the White House said that "an unprecedented group of allies and partners are joining the United States in exposing and criticizing the PRC’s malicious cyber activities".

Continue reading

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.