Articles about Security

People have been predicting the end of the password for a very long time, yet they still remain key to securing access to many systems.

Maybe the end is edging just a bit closer though as ForgeRock announces Enterprise Connect Passwordless, a new passwordless authentication solution that eliminates the need for users to interact with passwords inside large organizations.

Continue reading →

Cyberattacks are expected to reach historic levels this year, in both volume and sophistication, yet many organizations are reducing their 2023 cybersecurity budgets.

We spoke to Steve Benton, VP of threat research at intelligence-driven cybersecurity specialist Anomali, to discover how a different approach might offer strong protection without breaking the bank.

Continue reading →

Microsoft has published details of PowerShell scripts which the company has designed to help automate updating the Windows Recovery Environment (WinRE) to address a BitLocker security vulnerability.

The security feature bypass vulnerability affects both Windows 10 and Windows 11, and sample scripts are available for different editions of both versions of the operating system.

Continue reading →

The default blocking of macros in MS Office is forcing threat actors to be more creative with their attack methods, according to the latest report from HP Wolf Security.

There have been increases in the levels of malware delivered in PDFs and zip files, as well as a rise in 'scan scams' using QR codes to trick users into opening links on mobile devices.

Continue reading →

The Lockbit ransomware group claimed 129 victims in February, more than double the 50 that was reported in January.

The latest ransomware report from GuidePoint Security shows that another RaaS group, AlphV, also significantly increased its reported monthly victim count from 20 to 31.

Continue reading →

There's been a fair bit of hype recently surrounding the potential for ChatGPT and similar tools to be used for creating phishing campaigns, eliminating the typos and other errors that are the giveaways of a scam.

However, new research from Hoxhunt suggests that AI might not be quite so good at going phishing after all.

Continue reading →

A new study reveals that 61 percent of mid-sized businesses don't have dedicated cybersecurity experts in their organization.

The research from managed security platform Huntress also shows 24 percent of mid-sized businesses have suffered a cyber attack or are unsure if they have suffered a cyber attack in the past year.

Continue reading →

Technology continues to advance at an unprecedented rate. The development and use of Application Programming Interfaces (APIs) being a particularly notable example.

The latest Salt Labs State of API Security report found that overall API traffic increased 168 percent over 12 months, with API attack traffic increasing by 117 percent in the same time period. Perhaps understandably, many CISOs are struggling to keep up.

Continue reading →

The latest Identity Exposure Report from SpyCloud shows that last year its researchers recaptured 721.5 million exposed credentials from the criminal underground, and found over 22 million unique devices infected by malware.

Of the exposed credentials recovered by SpyCloud, roughly 50 percent came from botnets, tools commonly used to deploy highly accurate information-stealing malware. These infostealers enable cybercriminals to work at scale, stealing valid credentials, cookies, auto-fill data, and other valuable information to use in targeted attacks or sell on the darknet.

Continue reading →

A couple of recent entries on the Microsoft 365 roadmap shed light on what is in store for Outlook. Over the coming weeks, Microsoft has big plans for both the mobile and desktop versions of its email client.

Starting this month, Outlook security is being boosted thanks to the arrival of built-in multi-factor authentication (MFA). And next month, a larger number of Windows users will have access to a preview version of a completely new Outlook app.

Continue reading →

With the release of Chrome 111, Google is waving goodbye to the Chrome Cleanup Tool that has been available for a number of years.

After 8 years of service, Google has decided the Chrome Cleanup Tool -- which, the company explains, helps users to "recover from unexpected settings changes, and to detect and remove unwanted software" -- is simply no longer needed.

Continue reading →

Cybersecurity is usually viewed as something to be addressed via software. In recent years though we've seen a hardware element start to creep in -- Windows 11's requirement for TPM capability for example.

Can we expect to see more hardware-based security measures? And what benefits do these offer? We spoke to Ed Maste, senior director of technology at the FreeBSD Foundation (the non-profit organization supporting the open source FreeBSD operating system) to find out.

Continue reading →

Starting next week, GitHub is going to require active developers on the site to enable at least one form of two-factor authentication (2FA). The security initiative will start with specially selected groups of developers and administrators on March 13.

Until the end of the year, GitHub will begin notifying those who have been selected of the 2FA requirement. As the year progresses, more and more users will be obliged to enable two-factor authentication.

Continue reading →

The threat of business email compromise (BEC) is growing year on year and is projected to be twice as high as the threat of phishing in general.

According to a new report from cloud email security platform IRONSCALES, over 93 percent of organizations have experienced one or more of the BEC attack variants in the previous 12 months, with 62 percent facing three or more attack variants.

Continue reading →

Secrets are not just login credentials and personal data; they securely hold together the components of the modern software supply chain, from code to the cloud. And because of the leverage they provide they are much sought-after by hackers.

However, many breaches that occurred in 2022 show how inadequate the protection of secrets is. Research from automated detection specialist GitGuardian finds that one in 10 code authors exposed a secret in 2022.

Continue reading →