Articles about Security

Defenders have become more successful at detecting and preventing ransomware, but even so its share of incidents declined only four percentage points from 2021 to 2022.

The latest X-Force Threat Intelligence Index from IBM Security also finds that attackers continue to innovate, with the average time to complete a ransomware attack dropping from two months down to less than four days.

Continue reading →

According to a new report, 98.6 percent of organizations have concerning misconfigurations in their cloud environments that can cause critical risks to their data and infrastructure.

The research from Zscaler finds cloud misconfiguration errors related to public access to storage buckets, account permissions, password storage and management, and more, have led to the exposure of billions of records.

Continue reading →

A new report finds that even as internet users spend around a third of their lives online, most feel risks are increasing, and cybersecurity is too complex.

The report from F-Secure finds three out of four internet users worry about their safety online, while almost seven out of ten (69 percent) of those surveyed said they don't know who to trust online.

Continue reading →

The past twelve months have been tough for a lot of organizations. From inflationary pressures to fears of a global recession, many economists have made pessimistic predictions about the year ahead. As a result, controlling and reducing costs is likely to be the focus for many companies in 2023. 

Yet despite these economic stresses, IT spending has continued to rise. Gartner has estimated businesses spent around $4.5 trillion in 2022, up 3 percent year-on-year. While part of this spend is driven by digital transformation and the adoption of new technologies, a good part comes from unexpected expenses - especially when it comes to cloud where businesses can easily incur heavy costs without realizing it. Research finds that 80 percent of organizations lack awareness of how best to manage cloud computing, leading to overspending of between 20-50 percent. 

Continue reading →

Two-factor authentication (2FA) is an important means of securing accounts, making it significantly harder for hackers to gain unauthorized access. So it is perhaps a little surprising that Twitter has announced that it is locking one of the most popular 2FA methods behind a paywall.

The company has announced that SMS-based two-factor authentication will only be available to paying Twitter Blue subscribers. The change will take effect on March 20, and after this date non-paying Twitter users will be limited to securing their account with either an authentication app or a physical security key.

Continue reading →

Spam in your calendar? It’s not something that most of us think about -- the word brings to mind email and phone calls and even just old-fashioned snail mail. But your online calendar is also a very real target and it may be growing worse. 

It’s actually fairly ingenious; a spammer sends an invite to an event and, even if the email invitation goes to your spam folder, the event still goes to your Google Calendar. When you click on the event in your calendar it contains a malicious link. Even if you click 'decline' it can still take you to possible NSFW content, or worse. Plus, declining will simply cross out the appointment and leave the reminder behind.  

Continue reading →

A 'work device' isn’t what it used to be. Employees are no longer restricted to a single, company-issued device. Instead, they move between devices based on task, time of day, and location. One minute, they might be working at a desk on a Mac, while the next they are on the move, staying productive from an iPhone.

Research has shown that employees highly value the ability to choose which device(s) they use. In fact, 87 percent of respondents in an independent global survey, conducted by Vanson Bourne in 2021 said choosing their work device was important to them, and 89 percent said they’d even be willing to sacrifice part of their salary to be empowered to choose their own technology.

Continue reading →

As security professionals assess the cloud security challenges that lie ahead for the coming year, one thing is certain. Threat actors will continue to double down on their efforts, utilizing new techniques and refining pre-existing methods as they extend their ever-growing toolbox.

To help enterprises stay ahead of the game, our security research team has highlighted some of the top trends and attack vectors cloud security teams can expect to encounter in 2023.

Continue reading →

Misconfigurations are often a source of security issues, especially when they relate to an organization's firewalls.

FireMon is launching a new, free firewall assessment tool that provides organizations with a comprehensive diagnostic report outlining the health of a firewall policy, complete with best practices and suggestions to improve their security posture.

Continue reading →

In 2022, the number of DDoS attacks grew 150 percent globally compared to the previous year, while the number of attacks in the Americas rose even faster, increasing 212 percent compared to 2021.

These figures are from the 2022 Global Threat Analysis Report released today by Radware which also shows the frequency of DDoS attacks saw a significant uptick. Globally, organizations mitigated an average of 29.3 attacks per day during the fourth quarter of 2022, 3.5 times more compared to 8.4 attacks per day at the end of 2021.

Continue reading →

With Patch Tuesday having rolled around once again, Microsoft has issued its regular batch of releases. We've already talked about the KB5022836 update for Windows 11 21H2, but if you're running Windows 11 22H2, you will need the KB5022845 update instead.

The KB5022845 update takes Windows 11 up to build 22621.1265, and it also includes the changes and improvements that were part of the KB5022360 update preview released last month.

Continue reading →

It is the time of the month when Microsoft releases updates for Windows, and as such the company has released a pair of patches for Windows 11. Specifically, we have two cumulative updates in the form of KB5022845 for Windows 11 22H2 and KB5022836 for Windows 11 21H2.

The KB5022836 update takes Windows 11 up to build 22000.1574, and it also includes the changes and improvements that were part of the KB5019274 update preview released last month.

Continue reading →

As many CISOs are discovering, protecting cloud native environments requires a fundamental shift in thinking when it comes to keeping threats at bay. The huge change in the technology stack, the rapid delivery of software updates, and the unfettered use of open source, all present new challenges that old-style security tools cannot resolve.

Rather than using different point solutions that only solve specific security issues and need to be manually stitched together, Gartner recommends adopting a unified and end-to-end full lifecycle solution that starts in development and extends to deliver comprehensive runtime protection. In other words, a cloud-native application protection platform (CNAPP).

Continue reading →

Privileged access management (PAM) solutions are too complex, with 68 percent of organizations paying for features they don't need, according to a new report.

The report from Keeper Security finds 91 percent of organizations employ PAM and 84 percent of global IT leaders say they want to simplify their PAM solutions in 2023.

Continue reading →

The latest report from JFrog looks at the most prevalent vulnerabilities in 2022 with an in-depth analysis of open source security vulnerabilities that have most impact for DevOps and DevSecOps teams.

The report shows that the severity of six of the top 10 CVEs was overrated, meaning they scored higher in the NVD rating than in JFrog's own analysis. In addition the CVEs appearing within enterprises most frequently are low-severity issues that were simply never fixed.

Continue reading →