Articles about Security

A new survey of 300 organizations across the US and Europe looks at the key challenges concerning the ability to effectively prioritize and contextualize the large amounts of data organizations get from several cyber security alert systems, as well as identifying the actions needed to meet them.

The survey, conducted for Darktrace by IDC, finds evolving attack vectors make it difficult to prepare proactively, with only 31 percent of respondents highly confident that their tools can continuously adjust to new configurations.

Continue reading →

Researchers at WithSecure have uncovered a cyberattack campaign linked back to North Korea's notorious Lazarus Group.

It is extremely rare to be able to link a campaign so strongly to a perpetrator as WithSecure has been able to do here. The Hackers have been targeting medical research and energy organizations with the intent to commit espionage.

Continue reading →

We can expect to see more than 1,900 new Common Vulnerabilities and Exposures (CVEs) per month in 2023, including 270 high-severity and 155 critical-severity vulnerabilities -- a 13 percent increase from published 2022 levels.

This is according to a report from cyber insurance provider Coalition, which finds that most CVEs are exploited within 90 days of public disclosure, with the majority exploited within the first 30 days.

Continue reading →

Due to the nature of modern software design and the sharing of open source images, security teams face a large number of container vulnerabilities according to a new report.

The study from Sysdig, based on real-world data sets covering billions of containers, thousands of cloud accounts, and hundreds of thousands of applications, finds 87 percent of container images have high or critical vulnerabilities.

Continue reading →

Microsoft has announced a public preview of a new feature of Microsoft Defender for Endpoint that makes it possible to isolate Linux devices.

The company explains that it is possible to isolate a Linux device using APIs, or via the Microsoft 365 Defender portal. The update means that in the event of a security breach it is now possible to cut off Linux devices from a network, just as it has been possible to do with Windows devices.

Continue reading →

The software supply chain is increasingly being weaponized by attackers seeking to compromise businesses and steal information.

Application security specialist Checkmarx is looking to combat this with the launch of a new product which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.

Continue reading →

GitHub has issued a warning about "unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom" in a hack that took place back in December.

Users are being advised to ensure that they install the latest updates for the affected software, but there is currently no suggestion that GitHub.com has been impacted. With the attackers having stolen code signing certificates, GitHub is revoking the certificates for some versions of Atom and GitHub Desktop on February 2, so users should update before this date.

Continue reading →

Much of our current IT infrastructure relies on DNS to safely route traffic. Securing that infrastructure is in turn heavily reliant on cryptography, but there's a threat looming on the horizon.

Quantum computing will offer a level of processing power that could render current cryptographic techniques obsolete, and that's a problem for the entire internet and networking world. We spoke to Peter Lowe, principal security researcher at DNSFilter, to discuss the possible impact of quantum computing on security and what can be done to address the threat.

Continue reading →

Threat hunting takes a proactive approach to identifying the security issues an organization might face. But since it tends to be based on intelligence about current threats it can overlook new ones.

Now though Trustwave has enhanced its Advanced Continual Threat Hunting platform, offering resulting in a three times increase in behavior-based threat findings that would have gone undetected by current Endpoint Detection and Response (EDR) tools.

Continue reading →

The latest report from the GuidePoint Research and Intelligence Team (GRIT) shows an increase in ransomware activity from Q3 2022 to Q4 2022, as rebranded ransomware groups significantly increased the number of publicly claimed victims.

No quarter of last year saw less than 569 total victims -- with the biggest lull occurring in late June and early July, most likely attributed to the shift from Lockbit2 to Lockbit3, although challenges in the crypto currency market may have also had an impact.

Continue reading →

New research commissioned by Telstra shows 41 percent of UK technology leaders identify cybersecurity as an enabler of innovation within their organization.

The fallout from the COVID-19 pandemic has seen unprecedented levels of digital transformation. At the same time though an ever-evolving threat landscape means that security risks are on the rise, leaving organizations facing the difficult task of balancing rapid digitization with security.

Continue reading →

A new survey of 1,300 CIOs and senior DevOps managers in large organizations finds it's getting harder for IT teams to maintain software reliability and security amid the rapid acceleration of digital transformation and rising complexity of cloud-native environments.

The study from Dynatrace finds 90 percent of organizations say their digital transformation has accelerated in the past 12 months. 78 percent of organizations deploy software updates into production every 12 hours or less, and 54 percent say they do so at least once every two hours.

Continue reading →

The switch to remote and hybrid working has led to more people working from mobile devices and using cloud platforms.

This needs a security solution that 'follows' and protects corporate data wherever it flows or resides, and with the launch of its new Cloud Security Platform, Lookout does just that.

Continue reading →

Thanks to improved security technology, most cyberattacks now rely on some element of social engineering in order to exploit the weakest link, the human.

Phillip Wylie, hacker in residence at CyCognito, believes CISOs now need to take a step back and focus on the overall picture when it comes to security. This includes securing internal and external attack surfaces, and testing the security of these environments, as well as educating employees about the risks.

Continue reading →

A new survey reveals that 72 percent of organizations report insider attacks have become more frequent (a six percent increase over last year), with 60 percent experiencing at least one attack and 25 percent experiencing more than six.

The study by Gurucul and Cybersecurity Insiders gathered responses from over 320 cybersecurity professionals and finds 75 percent say they feel moderately to extremely vulnerable to insider threats -- an increase of eight percent over the previous year.

Continue reading →