Articles about Security

Less that two weeks into 2023, Microsoft has released the first cumulative updates of the year for Windows 10.

The KB5022282 and KB5022286 updates are available for Windows 10 versions 1809, 21H1, 21H2 and 22H2. Among the bugs addressed are an issue with the Local Session Manager (LSM) as well as fixing a Microsoft Open Database Connectivity (ODBC) problem.

Continue reading →

A quarter of US organizations were victims of ransomware attacks over the past 12 months, a steep 61 percent decline over the previous year when 64 percent fell victim.

In addition a new report from Delinea finds that the number of targeted companies who paid the ransom declined from 82 percent to 68 percent, which could be a sign that warnings and recommendations from the FBI to not pay ransoms are being heeded.

Continue reading →

If you have been keeping up with Windows news, you will probably be aware that today is the day that Microsoft finally ends support for Windows 7. This means that after today there will be no further updates, even for anyone paying for Extended Support Updates -- but 0patch is willing to help out.

Any company that does still have Windows 7 and is paying for ESU should install today's cumulative update, as well as any others that may have been missed. And there's a nice surprise: Microsoft has added support for Secure Boot to Windows 7, but has kept quiet about it.

Continue reading →

We've already written about Microsoft completely ending support -- even paid-for options -- for Windows 7 and Windows 8, and as part of this, the company will also stop releasing security update for its Edge browser on these platforms.

There are large numbers of both home users and businesses that are opting to stick with these operating systems, or have little choice for one reason for another. As far as Microsoft is concerned, Edge 109 is the last version of the browser that will be released for these OSes, and as of January there will be no more security update released. Thankfully, 0patch is here to save the day again, with the company announcing that it is "security-adopting" Microsoft Edge on Windows 7, Server 2008 and Server 2012.

Continue reading →

The ChatGPT artificial intelligence bot has been causing a bit of a buzz lately thanks to its ability to answer questions, ask follow ups and learn from its mistakes.

However, the research team at Cybernews has discovered that ChatGPT could be used to provide hackers with step-by-step instructions on how to hack websites.

Continue reading →

Containers have become increasingly popular in recent years, they can be spun up quickly and offer developers the opportunity to deliver projects faster as well as gains in agility, portability and improved lifecycle management.

Here are what some industry experts think we'll see happening in the container market in 2023.

Continue reading →

The move to the cloud has meant the days of external exposure being defined by the set of IP ranges in your firewall are gone. Today's attack surface is made up of many internet-facing assets with exposure being controlled at the domain level.

This means web applications have fast become an attractive target for attackers, particularly unknown and forgotten assets -- which are plentiful in modern environments. So how can businesses defend themselves?

Continue reading →

The reputation of LastPass has taken quite a battering over the past year, with the handling of security incidents doing nothing to improve things. Just last week the company gave an update about a security breach that took place back in August, revealing that it had been more serious than first suggested.

But now the updated announcement from LastPass has been ripped to shreds by security experts with one denouncing it as being "full of omissions, half-truths and outright lies".

Continue reading →

Although the death of the password has been predicted for many years, older technology still clings on when it comes to verifying identities.

But that's changing, particularly with the massive growth in the numbers of machine IDs. Here is what some industry experts think we'll see from the identity world in 2023.

Continue reading →

The cybersecurity world never stands still, with threats and the technology to combat them constantly evolving.

That makes predicting what might happen difficult, but we can still extrapolate current trends to get an indication of where things might be headed. Here are some expert predictions for cybersecurity in 2023.

Continue reading →

The demands of modern business IT environments can often lead to friction between developers and security teams which can hamper the successful rollout of cloud security.

Developers want to deliver features as fast as possible and security teams want things to be as secure as possible, so there is constant conflict of interest. We spoke to David Hendri, CTO and co-founder of cloud security startup Solvo, to discover how to rebuild the trust between developers and security by creating a common language.

Continue reading →

In the dynamic world of Managed Service Providers (MSPs), it has become quite evident that the time has come for next generation Data Security Solutions, and that such a solution should be added to your technology stack.

For some time and becoming ever more frequent today, organizations and MSPs are facing major data security challenges that are likely to increase exponentially over the coming decade.

Continue reading →

The managed services market is bringing more and more providers into the mix, as an increasing number of organizations decide it makes fiscal and operational sense to outsource key functions, even those which traditionally have been considered especially critical, such as certain information security-oriented tasks. Perhaps the fastest-growing segment of service providers in this space is MDR -- managed detection and response.

The MDR concept is relatively young in the service provider space. MDR offerings are typically designed to augment your SOC (security operations center) function by providing detective and reactive tools and expertise. In some cases, it may even replace your tier one, or triage-level, security analysts, who are focused on reviewing and confirming the sometimes overwhelming flood of incoming security alerts.

Continue reading →

The number of use cases for Kubernetes is expanding as an increasing number of enterprises across a wide array of industries are adopting it as their platform of choice. However, this also expands the enterprise attack surface and business risk as a result.

We spoke to William, Morgan CEO of Buoyant, about how CISOs are coming face-to-face with the insecurity that can arise from managing Kubernetes platforms. They are beginning to see the risks that can unfold as well as how a service mesh can support a security stack.

Continue reading →

Password management firm LastPass has issued an update about a security breach that was first revealed back in August. The news is not good; the data breach is significantly worse than initial reports suggested.

LastPass says that its investigations into the incident now show that the hackers were able to obtain customer vault data. The company points out that these vaults are home to both encrypted and unencrypted data, and tries to play down the significance of a threat actor gaining access to unencrypted data.

Continue reading →