While security is still heavily reliant on passwords, they represent a target for hackers and weak or reused choices offer an easy way into systems.

Security awareness training company KnowBe4 is releasing a free Weak Password Test (WPT) tool for organizations that use Active Directory, allowing them to check for multiple types of threats related to weak passwords.

Continue reading →

Many enterprises still rely on logs and data from a range of different security products to get a picture of user behavior, particularly where legacy mainframe systems are involved.

A collaboration between data analytics company Syncsort and application audit specialist Compuware is aimed at improving an organization's ability to detect threats against critical mainframe data, correlate them with related information and events and satisfy compliance requirements.

Continue reading →

It was supposed to have died a long time ago, but, for a near-cadaver, the password has managed to hold onto its last breath for over two decades. Bill Gates declared passwords passé way back in 2004, but it was only late in April that the company he founded introduced a replacement for the outmoded authentication system.

For years, organizations have sought to educate employees about the importance of secure passwords and of resisting phishing attacks -- and both efforts have failed. A Verizon report indicates that 63 percent of confirmed data breaches involved leveraging weak/default/stolen passwords in 2016. Meanwhile, a new report from Proofpoint says that phishing and similar attacks using e-mail were up 45 percent in the last quarter of that year. Clearly, the constant haranguing by security teams of employees to change their passwords and make them more complicated, as well as their pleas not to click on suspicious links/attachments, are falling on deaf ears.

Continue reading →

Ransomware grew 50 percent in just a year, according to a new report by Verizon. The Verizon Data Breach Investigations Report (DBIR) is based on the analysis of 79,000 security incidents and 1,945 confirmed data breaches, across 79 countries.

According to the report, ransomware also grew in popularity, and by a large margin. In 2014, it was the 22nd most common malware variety. Fast-forward two years, and now it’s fifth most common.

Continue reading →

Cyber attacks are a big problem for businesses and since many of them are caused by human error training employees to spot the signs of an attack is vital.

Yet many companies lack the resources to carry out the level of education needed, which is why security software company ESET is launching a new, free cyber security awareness training program.

Continue reading →

Hajime, a mysterious IoT botnet, now controls almost 300,000 devices, according to a new report by Kaspersky Lab. The report also states that the botnet's true purpose is still unknown.

Kaspersky says the malware, whose name means "beginning" in Japanese, first appeared in October 2016. Since then it has evolved into a decentralized group of compromised machines that discretely perform either spam or DDoS attacks.

Continue reading →

Anyone would think zero-day attacks are unpreventable following a recent claim from one leading cyber-security vendor. FireEye this year claimed to have discovered "29 of the last 53 zero-day attacks." 24 exploits remained undetected, yet this was still presented as some kind of monumental achievement. Such a statement leaves little comfort for the businesses who found themselves victims, so is it time to just give up completely and let the cyber criminals take over?

It certainly feels that way, even while threats intensify and Locky ransomware rears its ugly head in new forms with renewed malevolence.

Continue reading →

Securing systems is essential, but many businesses continue to take a reactive approach to protection using dated tools and techniques.

A new report by technology trade association CompTIA highlights the need for companies to adopt proactive measures to identify weak links before they are exploited, broaden the security skills of their technology professionals, and implement top to bottom security training throughout the organization.

Continue reading →

According to a new report from systems security specialist Thales e-Security and 451 Research, US federal agencies are facing threats caused by legacy systems, spending and staffing issues.

65 percent have experienced a data breach at some stage in the past with 34 percent having one in the last year. Almost all agencies (96 percent) consider themselves 'vulnerable', with half (48 percent) stating they are 'very' or 'extremely' vulnerable. This number is higher than any other US sector polled for the 2017 Data Threat Report.

Continue reading →

Up to now the security model for protecting IoT devices has been similar to that used for PCs, relying on patches which need to be installed by the user.

Now though internet security and performance company Cloudflare is launching a new service called Orbit which streamlines patching and adds an additional layer of security thanks to the use of a secure global network.

Continue reading →

Cyber attack methods are becoming more sophisticated in order to bypass traditional file-scanning protection systems according to a new study.

Endpoint protection specialist SentinelOne has used filtered data from more than one million SentinelOne Enterprise Platform agents deployed worldwide to carry out behavioral analysis of malware programs that bypassed firewalls and network controls to infect devices.

Continue reading →

Correct handling of corporate data is important not just to guard against security threats and data breaches, but to avoid the risk of regulatory fines and lawsuits too.

But a new report from secure erasing specialist Blancco Technology Group shows the two weakest links in a company's data governance program are uncontrolled user access to data (53 percent) and managing where data is stored (43 percent).

Continue reading →

In 2016, approximately 185 million new Internet users went online, with the vast majority of these coming from nations like India. This represents a huge increase in the market. However, while the Internet population continues to grow, there has also been an increase in bots as well. The word "bot" covers a wide variety of automated programs: while some source data for search engines and help people match their queries with the most appropriate websites, others are not so helpful.

In the past year, bad bots accounted for 19.9 percent of all website traffic -- a 6.98 percent increase over the same time in 2015. Bad bots interact with applications in the same way a legitimate user would, making them harder to prevent. However, the results are harmful: for example, bad bots can take data from sites without permission while others undertake criminal activities such as ad fraud and account theft.

Continue reading →

The rapid growth in numbers of IoT devices has seen them become a favored attack route for cyber criminals. This has left companies looking for a way to integrate strong security into millions of devices.

To address this problem, security platform Mocana is launching a new developer kit that provides businesses, who may not have deep cybersecurity or cryptography expertise, with a way to simplify the integration of hardware-based security features into IoT devices.

Continue reading →

With the right training and knowledge, many cyber attacks can be avoided. Addressing this human aspect of security is the idea behind a new platform from British start-up CybSafe.

Human error is a major cause of data breaches and security training needs to be able to positively change user behavior.

Continue reading →