Articles about Security

Even as we move towards passwordless authentication methods, stolen credentials remain a major problem for businesses.

A new report from cyber risk management company Outpost24 highlights the increasing professionalization of the market for stolen credentials thanks to the rise of what are known as 'traffers'.

Continue reading →

The past few years have seen massive growth in the number of SaaS applications used by enterprises, but new research from Spin AI shows that 75 percent of SaaS applications pose a high or medium risk to data stored in either Google Workspace or Microsoft 365.

On average, 35 percent of apps with OAuth permissions to Google Workspace or Microsoft 365 are classified as high risk. For large organizations (with more than 2,000 employees) 56.91 percent of apps pose a high risk.

Continue reading →

In 2022, the education sector experienced a 44 percent increase in cyberattacks. In the UK alone, six in ten higher education institutes reported experiencing ​​​at least ​weekly ​​​attacks or breaches​​​. This increasing number of threats to the sector is causing major disruptions to teaching and even forcing schools and universities to shut down. 

When it comes to prioritizing security and adopting latest technology, the education sector has always lagged behind other major industries. This lack of urgency is party the reason why education is such a vulnerable target. Many schools are still using outdated and unprotected technology that is easy to infiltrate. Despite not being a cash-rich target, these facilities hold a wealth of personal and financial data, which can be used in future attacks or sold on the dark web. 

Continue reading →

Many organizations have come to rely on Zoom as a means of connecting employees and customers in a hybrid environment.

But this comes with challenges when it comes to keeping meetings secure without harming productivity. Identity management platform Okta is launching a new identity verification feature that will authenticate Zoom meeting attendees in End-to-End Encryption (E2EE).

Continue reading →

Historically, security has been treated as something as an afterthought in the IT industry. In more recent years though there has been pressure to introduce 'security by design' to ensure that products are developed with best practices in mind.

We spoke to David Melamed CTO of Jit to find out about integrating security and how security tools can be used by developers not just security professionals.

Continue reading →

In the early days of computing, authentication was simple, but the approach grew in sophistication over time. For example, modern password-based authentication systems like Kerberos don’t actually transmit passwords anymore; they generate an authentication token that is submitted instead.

But even with these enhancements, a username-and-password based approach to authentication still has a key weakness: if someone learns another user’s password, they are indistinguishable from the true user. And although Bill Gates predicted the death of the password nearly 20 years ago, they remain the default method of authentication for a range of services at work and home.

Continue reading →

Following the discovery of serious vulnerabilities in the Snipping Tool app for Windows 11 and Snip & Sketch in Windows 10, Microsoft has released out-of-band updates to plug the security holes.

The flaws are similar to the recently discovered aCropalypse bug affecting Pixel mobiles, making it possible to "uncrop" cropped images and potentially expose sensitive information. Having briefly tested updates with Windows Insiders, Microsoft has now made fixes available to all Windows 10 and Windows 11 users.

Continue reading →

Ignore the hype: Artificial intelligence (AI) can improve your security posture now.

We’ve been waiting for AI to deliver benefits to cybersecurity for a long time. ChatGPT aside, AI has been a hot-and-cold topic for decades, with periods of overhyped promises interspersed with periods of cynical rejection after failure to deliver on all of those promises. No wonder plenty of security leaders are wary. Yet, despite the wariness, AI is helping to improve cybersecurity today and will increasingly provide substantial security benefits -- and challenges.

Continue reading →

The CISA has launched a new security tool designed to help protect various Microsoft cloud services. The open source Untitled Goose Tool is available for both Windows and macOS.

The utility was developed by the US Cybersecurity & Infrastructure Security Agency in conjunction with Sandia National Laboratories. The aim of the tool is to help to detect and respond to malicious activity in Microsoft Azure, Azure Active Directory (AAD) and Microsoft 365 (M365) environments.

Continue reading →

Earlier this week we learned about a worrying security and privacy flaw in Windows 11's Snipping Tool screen capture app. The way the software saves cropped screengrabs means that it is possible to "uncrop" images, potentially exposing sensitive information.

Acting quickly to address the problem, Microsoft has fixed the vulnerability with a new update. There is just one problem -- the update is not available to everyone, leaving unknown numbers of users at risk.

Continue reading →

According to a new report, at least 20 percent of enterprise endpoints remain unpatched after the remediation is completed, meaning that a fifth of machines still have a significant number of legacy vulnerabilities that could be exploited at any time.

The study of over 800 IT professionals from Action1 Corporation finds 10 percent of organizations suffered a breach over the past 12 months, with 47 percent of breaches resulting from known security vulnerabilities.

Continue reading →

Users of Windows 11 have been concerned by the appearance of a message that reads: "Local Security protection is off. Your device may be vulnerable". Microsoft is blaming a recent update (KB5007651) for the warning which implies that an important security feature has been disabled.

The issue affects Windows 11 version 21H2 and 22H2, and those hit by the message have been left confused about what they need to do. So what is going on?

Continue reading →

Unless you’ve been on a retreat in some far-flung location with no internet access for the past few months, chances are you’re well aware of how much hype and fear there’s been around ChatGPT, the artificial intelligence (AI) chatbot developed by OpenAI. Maybe you’ve seen articles about academics and teachers worrying that it’ll make cheating easier than ever. On the other side of the coin, you might have seen the articles evangelizing all of ChatGPT’s potential applications.

Alternatively, you may have been tickled by some of the more esoteric examples of people using the tool. One user, for example, got it to write an instruction guide for removing peanut butter sandwiches from a VCR in the style of the King James Bible. Another asked it to write a song in the style of Nick Cave; the singer was less than enthused about the results.

Continue reading →

With more and more organizations turning to the cloud and cloud-native application development, AppSec teams face a mounting challenge to keep pace with their development counterparts.

To address this, Backslash Security is launching a new solution to provide unified code and cloud-native security by correlating cloud context to code risk, backed by automated threat modeling, code risk prioritization, and simplified remediation across applications and teams.

Continue reading →

As organizations embrace cloud-native development, they are building new types of applications and microservices that are easier to scale and add more business value.

But the growing adoption of microservices has introduced new security risks because microservices and modern applications contain more 'pieces' that increase the attack surface.

Continue reading →