Articles about Security

The cloud brings many benefits to businesses, but it also brings with it risks, the biggest of which concerns the security of information.

A new survey from cloud governance specialist Netwrix looks at how different sectors and geographies deal with cloud security.

Continue reading →

Cyber criminals have started using sophisticated infection methods and techniques borrowed from targeted attacks in order to install mining software on attacked PCs within organizations says Kaspersky Lab.

Some 2.7 million users have been attacked by malicious miners in 2017, according to Kaspersky's data. That's around 50 percent higher than in 2016 (1.87 million). But at the same time ransomware attacks have seen a decline.

Continue reading →

Managing security policy can be a headache for organizations with lots of users. But now business-driven security policy management specialist AlgoSec is launching an as-a-service policy management solution.

AlgoSaaS allows enterprise organizations to quickly and easily get the benefits of cloud-based security service offerings. It needs minimal end-user maintenance and is scalable to cope with business growth.

Continue reading →

Text messages via SMS are often used as part of two-factor authentication strategies to protect login accounts.

But a new and worrying study from Positive Technologies shows that real-world attempts to intercept SMS messages are 100 percent successful.

Continue reading →

The words "data security" made news once again last month when researchers revealed that Tesla’s AWS cloud systems were compromised for the purpose of cryptojacking. Cryptojacking, which is defined as the secret use of a computing device to mine cryptocurrency, has risen in popularity over the past few months. This is primarily due to 1) the surge in cryptocurrency value and 2) the discovery of clever mechanisms hackers can use to mine coins while going unnoticed.

According to RedLock researchers, the hackers infiltrated Tesla’s Kubernetes console, which is an open-source platform used for managing containerized workloads and services. They were able to access the console because it was not password protected. Within the Kubernetes pod, were Tesla AWS environment credentials which contained an Amazon S3 bucket that had sensitive data such as telemetry, mapping and vehicle servicing data.

Continue reading →

A new report from information security specialist Thales e-Security reveals that 48 percent of US healthcare organizations reported getting breached in the last year, more than 2.5 times the rate from two years ago.

In addition 56 percent report feeling either 'very' or 'extremely' vulnerable to data breaches. More than three-quarters (77 percent) reported at least one breach at some time in the past. This is the highest percentage among all US vertical industries polled in this year’s report.

Continue reading →

Nearly half (46 percent) of entry-level employees, and 28 percent of all employees, don't know if their company has a cyber security policy, according to new research.

The study of 1,000 full time workers from B2B research firm Clutch also shows that employees at all levels of an organization are likely unaware of the IT security threats their companies potentially face.

Continue reading →

Over the last few years, the website Have I Been Pwned (HIBP) has given people the chance to check whether their personal data was compromised in any data breaches. Now the site reveals that the UK and Australian governments are using its services to monitor official domains.

That governments should check the site's database for the presence of their own email addresses is perhaps not surprising -- it's used by just about every type of body imaginable. But now the mechanics have been opened up for these two governments.

Continue reading →

A new report from IoT security specialist ZingBox looks at the security of connected medical devices, from infusion pumps and patient monitors to imaging systems and medical device gateways.

The most common types of risk originate from user practice issues (such as using embedded browsers on medical workstations to surf the web, conducting online chat or downloading content), accounting for 41 percent of all security issues.

Continue reading →

More than half of phishing attacks in 2017 were aimed at getting hold of financial information according to a new report.

Kaspersky Lab's anti-phishing technologies detected more than 246 million user attempts to visit different kinds of phishing pages, with 54 percent being attempts to visit a financial-related website, compared to 47 percent in 2016.

Continue reading →

A new survey reveals that 52 percent of companies admit to cutting back on security measures to meet a business deadline or objective.

The report into SecOps (Security Operations) from intrusion detection company Threat Stack also reveals that 68 percent of companies say their CEO demands that DevOps and security teams don’t do anything that slows the business down.

Continue reading →

Mid-market organizations -- those with 1,000-5,000 employees -- have been hit the hardest with ransomware in 2017, with 29 percent experiencing a ransomware attack, according to a new report.

Security awareness training company KnowBe4 has released its 2018 Threat Impact and Endpoint Protection Report which shows organizations in manufacturing, technology and consumer-focused industries experienced the most ransomware attacks.

Continue reading →

Amazon has opened up its wallet and splashed more than $1 billion on buying Ring. Famed for its selection of smart doorbells, security cameras and other security devices, the purchase of the Santa Monica, California firm is Amazon's latest foray into home security.

While details of the deal are currently a little thin on the ground, it is expected that the Ring name will live on, and it is likely that future products released under the brand will feature Alexa smart assistant integration.

Continue reading →

Single sign on (SSO) is popular with businesses as it allows control of access to multiple resources without the need for lots of different credentials.

But researchers at Duo Security have uncovered a vulnerability that can allow attackers to trick systems based on the commonly used SAML (Security Assertion Markup Language) into giving them a higher level of access.

Continue reading →

One of the key planks of the upcoming GDPR legislation is the right to removal of personal data, the so-called, 'right to be forgotten'.

But a new study from big data application provider Solix Technologies reveals that 65 percent of organizations are unsure if an individual's personal information can be purged from all their systems.

Continue reading →