Articles about Security

Targeted attacks launched via a compromised account were the most successful email attack vector in the past 12 months according to new research.

The study carried out for email security company Agari by Osterman Research reveals that 44 percent of organizations have been victims of a successful ATO-based attack.

Continue reading →

Security platform Illumio and cloud security and compliance platform Qualys are announcing a new integration that will enable organizations to visualize vulnerabilities across data centers and clouds.

Threat data from the Qualys Cloud Platform is integrated with the Illumio Adaptive Security Platform’s application dependency mapping to show potential attack paths in real time. The integration delivers vulnerability maps, enabling organizations to see connections to vulnerabilities within and between applications.

Continue reading →

The UK surveillance agency, GCHQ, has revealed that it launched cyberattacks on Islamic State. Speaking at the Cyber UK conference, GCHQ director Jeremy Fleming said that it had launched a "major offensive cyber-campaign" against the group.

He said that the attacks helped to stem the output of message from Islamic State (or Daesh) online. While Flemming said that a lot of the operation was "too sensitive to talk about", he was confident that it had been effective in disrupting the group's dissemination of messages.

Continue reading →

A new report reveals that 97 percent of organizations are not prepared for the latest multi-vector, fast-moving, mega-scale Gen V cyber threats targeting businesses.

The 2018 Security Report from Check Point analyses the security threats and attacks that organisations globally are experiencing on their networks. It finds just three percent of enterprises are using threat prevention with cloud and mobile security which protects against large-scale, multi-vector Gen V attacks.

Continue reading →

Kubernetes is one of the most popular container platforms, which means enterprises need fast and decisive responses when security incidents and potential attacks occur within their deployments.

Container security specialist NeuVector is launching an enhanced security solution to protect Kubernetes environments by building on the unique NeuVector run-time security automation, which combines east-west traffic visibility with container process monitoring and vulnerability scanning.

Continue reading →

Almost 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88 percent increase over the previous year.

Although data breach incidents decreased by 11 percent, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since Gemalto began its Breach Level Index in 2013.

Continue reading →

Visibility and compliance challenges continue to haunt organizations, with only 44 percent of respondents claiming they have visibility into external sharing and DLP policy violations in their cloud application and environments.

The figure comes from a new report produced by cloud access security broker Bitglass which also finds that 85 percent of organizations acknowledge they are unable to identify anomalous behavior across cloud applications.

Continue reading →

Network control company Infoblox is announcing an enhanced partnership with McAfee to offer organizations an increased level of sophisticated threat intelligence, as well as faster response time to combat cyber threats.

Using a combination of behavioral analytics, machine learning and up-to-date threat intelligence data at the DNS layer, the comprehensive solution can identify potentially infected devices and block DNS-based data exfiltration, including zero-day attacks.

Continue reading →

One of the biggest problems companies face in securing their networks is the number of alerts generated which is why many are turning to AI solutions to cope with the workload.

Scottish company ZoneFox is launching an updated version of its security platform that offers better risk management and enriched insights, further time savings and improved scalability.

Continue reading →

With at least 87 million Facebook users affected by the data abuse by Cambridge Analytica, the social network is now on a mission to clean up its image. After rolling out tools, issuing notifications, and testifying in front of Congress, Facebook is launching a new bounty program that rewards people who report instances of data abuse.

The Data Abuse Bounty is a new program that offers from $500 to $40,000, and it aims to clamp down on the misuse of data by app developers. Launched just before Mark Zuckerberg's testimonies this week, it's a clear attempt by Facebook to curry favor.

Continue reading →

YouTube was today hit by hackers, with the attackers managing to deface or delist a number of big name videos. Despacito by Luis Fonsi and Daddy Yankeee -- the most popular video of all time -- was among those that were temporarily inaccessible.

While little is known for certain about the source of the attack, it seems that Vevo was possibly the intended target as the videos that were attacked were in Vevo accounts. The ease with which the attack appears to have been carried out -- and the number of high-profile videos affected -- will be of major concern to YouTube and its users.

Continue reading →

A new report finds that 64 percent of IT decision makers believe the pace of software as a service (SaaS) application adoption is outpacing their cybersecurity capabilities.

The survey from cloud-based web security company iboss shows that 91 percent of IT decision makers agree they need to update security policies to operate in a cloud-first environment.

Continue reading →

In a move to bring simpler yet stronger web authentication to internet users, the FIDO Alliance and the World Wide Web Consortium (W3C) are launching a new standard called Web Authentication (WebAuthn).

WebAuthn enables online service providers to offer FIDO Authentication through web browsers. FIDO Authentication makes web access more secure because it uses unique encrypted credentials for each site, eliminating the risk that a password stolen from one site can be used on another.

Continue reading →

A new report from mobile security specialist Lookout exposes the growing risk from phishing attacks on mobile devices, with an increase in the number of users clicking on URLs that bypass security controls.

The mobile phishing URL click rate has increased 85 percent year-on-year. 56 percent of Lookout users received and clicked on their mobile device a phishing URL that bypassed existing layers of phishing defense.

Continue reading →

Employees are still falling for social engineering techniques leading them to download malicious files, click phishing links, correspond with hackers, and even share contact information for their colleagues.

Enterprise security specialist Positive Technologies imitated the actions of hackers by sending emails to employees with links to websites, password entry forms, and attachments.

Continue reading →