Articles about Security

According to a new study, 33 percent of global organizations are not taking the threat of cyberwarfare seriously.

The report, from asset visibility and security company Armis, is based on a survey of over 6,000 IT and security professionals around the world and finds 24 percent feel under prepared to handle cyberwarfare. Indeed, the lowest-ranking security element in the eyes of IT professionals is preventing nation-state attacks (22 percent).

Continue reading →

League of Legends publisher Riot Games has announced that it suffered a security breach last week. While it is not clear precisely what was compromised in the social engineering-driven attack, the company says that personal information and player data was not accessed by the hackers.

The impact of the hack is that key updates and patches for numerous titles will be delayed. In addition to League of Legends, games including Teamfight Tactics have also been affected, forcing developers to change the release schedule for hotfixes.

Continue reading →

Introduced by the US military in the 1950s, Moving Target Defense (MTD) is the concept of controlling change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers, reduce their window of opportunity and increase the costs of their probing and attack efforts.

This technique has been translated to the cybersecurity world in recent years, but while the concept is strong, it's a complex strategy that has many drawbacks if not executed properly. We spoke with Avihay Cohen, CTO and co-founder of Seraphic Security, find out more about how this concept is applied to today's cybersecurity strategies, its pitfalls and how to implement it successfully.

Continue reading →

Although it has a reputation as a safe and secure operating system, Linux is not immune to malware. Indeed it's become an attractive target as increasing numbers of servers and other devices run Linux-based OSes.

Data analyzed by the Atlas VPN team, based on malware threat statistics from AV-ATLAS, shows new Linux malware threats hit record numbers in 2022, increasing by 50 percent to 1.9 million.

Continue reading →

A barrage of new threats along with increasingly complex IT environments and a shortage of skilled staff make securing the enterprise and ensuring compliance more of a challenge than ever.

In order to help businesses visualize attack surfaces, understand security requirements and prioritize steps to mitigate threats across environments, ThreatModeler is launching a new cybersecurity asset marketplace.

Continue reading →

The advent of quantum computing offers a serious threat to the safety of encrypted information. But current post-quantum cybersecurity (PQC) solutions either can't reach edge devices like laptops and mobile phones or required software installation on these devices which is cumbersome and hard to manage.

Now though QuSecure is launching a new solution for protecting encrypted private data on any website or mobile application with quantum-resilient connections and sessions, all with no end-user installation required.

Continue reading →

The company behind NortonLifeLock, Gen Digital, has issued a warning to customers about a security breach that took place in December. Hackers used a credential-stuff attack to gain access to hundreds of thousands of Norton Password Manager accounts.

Gen Digital says that its own systems were not compromised, but warns affected customers that "we strongly believe that an unauthorized third party knows and has utilized your username and password for your account".

Continue reading →

Towards the end of last week, Microsoft confirmed an issue that stemmed from a flawed Microsoft Defender for Endpoint ASR rule that results in the deletion of app shortcuts from the Start menu, desktop and taskbar.

The company issued an update to prevent the problem from arising again, but said that there was no alternative but to manually recreate any shortcuts that had been lost. Now though Microsoft has released a PowerShell script that will automatically recreate some -- but not all -- deleted shortcuts. The company has also released a trio of advanced hunting queries (AHQs) to help with the issue.

Continue reading →

Open banking first began to roll out in 2018, following the introduction of the PSD2 legislation in the UK, but five years on new research finds that most consumers still don't understand what it is, and the vast majority don't believe that it's safe.

The study from NTT DATA shows 58 percent of UK consumers still don't understand what open banking is, while just 16 percent believe that it's completely safe.

Continue reading →

When threat actors evaluate a company's attack surface, they're not thinking in terms of organizational silos. They're probing for the right combination of vulnerabilities, misconfigurations and identity privileges.

It follows that security organizations shouldn't be operating in silos either. Defenders risk playing into the hands of attackers as organizations struggle with reactive and siloed security programs. Having a sprawl of point tools generates heaps of fragmented data but offers few insights.

Continue reading →

New research from cybersecurity company Naoris Protocol finds 48 percent of people surveyed think criminals who break into computer networks with malicious intent should be paid a percentage of the funds they steal and face no prosecution if they return the majority of their spoils.

The survey of over 500 people working in the cybersecurity and web arenas found just 38 percent saying they disagreed with not prosecuting malicious hackers, while 13 percent were unsure.

Continue reading →

Just as machinery becomes less reliable as it gets older and people develop more health issues with age, so it seems software is more likely to have security flaws later in its life.

A new report from security testing company Veracode shows that while 32 percent of applications are found to have flaws at the first scan, by the time they have been in production for five years, nearly 70 percent contain at least one security flaw.

Continue reading →

Personal employee or customer data accounted for nearly half (45 percent) of all data stolen between July 2021 and June 2022 according to the latest report from Imperva.

Companies' source code and proprietary information accounted for a further 6.7 percent and 5.6 percent respectively. On a more positive note, the research finds that theft of credit card information and password details has dropped by 64 percent compared to 2021.

Continue reading →

We reported last week on how ChatGPT could be used to offer hints on hacking websites. A new report released today by WithSecure highlights another potential use of AI to create harmful content.

Researchers used GPT-3 (Generative Pre-trained Transformer 3) -- language models that use machine learning to generate text -- to produce a variety of content deemed to be harmful.

Continue reading →

Microsoft has released the KB5022287 update for Windows 11 21H2, as well as the KB5022303 update for Windows 11 22H2.

Both updates are mandatory and, like this month's updates for Windows 10, include fixes for Local Session Manager (LSM) and ODBC issues. There is also a fix for a blue screen 0xc000021a error and numerous security patches.

Continue reading →