Articles about Security

Towards the end of last week, Microsoft confirmed an issue that stemmed from a flawed Microsoft Defender for Endpoint ASR rule that results in the deletion of app shortcuts from the Start menu, desktop and taskbar.

The company issued an update to prevent the problem from arising again, but said that there was no alternative but to manually recreate any shortcuts that had been lost. Now though Microsoft has released a PowerShell script that will automatically recreate some -- but not all -- deleted shortcuts. The company has also released a trio of advanced hunting queries (AHQs) to help with the issue.

Continue reading →

Open banking first began to roll out in 2018, following the introduction of the PSD2 legislation in the UK, but five years on new research finds that most consumers still don't understand what it is, and the vast majority don't believe that it's safe.

The study from NTT DATA shows 58 percent of UK consumers still don't understand what open banking is, while just 16 percent believe that it's completely safe.

Continue reading →

When threat actors evaluate a company's attack surface, they're not thinking in terms of organizational silos. They're probing for the right combination of vulnerabilities, misconfigurations and identity privileges.

It follows that security organizations shouldn't be operating in silos either. Defenders risk playing into the hands of attackers as organizations struggle with reactive and siloed security programs. Having a sprawl of point tools generates heaps of fragmented data but offers few insights.

Continue reading →

New research from cybersecurity company Naoris Protocol finds 48 percent of people surveyed think criminals who break into computer networks with malicious intent should be paid a percentage of the funds they steal and face no prosecution if they return the majority of their spoils.

The survey of over 500 people working in the cybersecurity and web arenas found just 38 percent saying they disagreed with not prosecuting malicious hackers, while 13 percent were unsure.

Continue reading →

Just as machinery becomes less reliable as it gets older and people develop more health issues with age, so it seems software is more likely to have security flaws later in its life.

A new report from security testing company Veracode shows that while 32 percent of applications are found to have flaws at the first scan, by the time they have been in production for five years, nearly 70 percent contain at least one security flaw.

Continue reading →

Personal employee or customer data accounted for nearly half (45 percent) of all data stolen between July 2021 and June 2022 according to the latest report from Imperva.

Companies' source code and proprietary information accounted for a further 6.7 percent and 5.6 percent respectively. On a more positive note, the research finds that theft of credit card information and password details has dropped by 64 percent compared to 2021.

Continue reading →

We reported last week on how ChatGPT could be used to offer hints on hacking websites. A new report released today by WithSecure highlights another potential use of AI to create harmful content.

Researchers used GPT-3 (Generative Pre-trained Transformer 3) -- language models that use machine learning to generate text -- to produce a variety of content deemed to be harmful.

Continue reading →

Microsoft has released the KB5022287 update for Windows 11 21H2, as well as the KB5022303 update for Windows 11 22H2.

Both updates are mandatory and, like this month's updates for Windows 10, include fixes for Local Session Manager (LSM) and ODBC issues. There is also a fix for a blue screen 0xc000021a error and numerous security patches.

Continue reading →

Less that two weeks into 2023, Microsoft has released the first cumulative updates of the year for Windows 10.

The KB5022282 and KB5022286 updates are available for Windows 10 versions 1809, 21H1, 21H2 and 22H2. Among the bugs addressed are an issue with the Local Session Manager (LSM) as well as fixing a Microsoft Open Database Connectivity (ODBC) problem.

Continue reading →

A quarter of US organizations were victims of ransomware attacks over the past 12 months, a steep 61 percent decline over the previous year when 64 percent fell victim.

In addition a new report from Delinea finds that the number of targeted companies who paid the ransom declined from 82 percent to 68 percent, which could be a sign that warnings and recommendations from the FBI to not pay ransoms are being heeded.

Continue reading →

If you have been keeping up with Windows news, you will probably be aware that today is the day that Microsoft finally ends support for Windows 7. This means that after today there will be no further updates, even for anyone paying for Extended Support Updates -- but 0patch is willing to help out.

Any company that does still have Windows 7 and is paying for ESU should install today's cumulative update, as well as any others that may have been missed. And there's a nice surprise: Microsoft has added support for Secure Boot to Windows 7, but has kept quiet about it.

Continue reading →

We've already written about Microsoft completely ending support -- even paid-for options -- for Windows 7 and Windows 8, and as part of this, the company will also stop releasing security update for its Edge browser on these platforms.

There are large numbers of both home users and businesses that are opting to stick with these operating systems, or have little choice for one reason for another. As far as Microsoft is concerned, Edge 109 is the last version of the browser that will be released for these OSes, and as of January there will be no more security update released. Thankfully, 0patch is here to save the day again, with the company announcing that it is "security-adopting" Microsoft Edge on Windows 7, Server 2008 and Server 2012.

Continue reading →

The ChatGPT artificial intelligence bot has been causing a bit of a buzz lately thanks to its ability to answer questions, ask follow ups and learn from its mistakes.

However, the research team at Cybernews has discovered that ChatGPT could be used to provide hackers with step-by-step instructions on how to hack websites.

Continue reading →

Containers have become increasingly popular in recent years, they can be spun up quickly and offer developers the opportunity to deliver projects faster as well as gains in agility, portability and improved lifecycle management.

Here are what some industry experts think we'll see happening in the container market in 2023.

Continue reading →

The move to the cloud has meant the days of external exposure being defined by the set of IP ranges in your firewall are gone. Today's attack surface is made up of many internet-facing assets with exposure being controlled at the domain level.

This means web applications have fast become an attractive target for attackers, particularly unknown and forgotten assets -- which are plentiful in modern environments. So how can businesses defend themselves?

Continue reading →