Articles about Security

Modern corporations are fully dependent on their IT infrastructure for their daily operations. Securing an IT infrastructure can be a daunting task. Fortunately, there are common best practices that have found success for some of the biggest companies in the world. These best practices share common traits that can be duplicated to match almost any environment.

 Before we begin, let’s examine the past failures of many security professionals. As security managers, we must understand that the most secure environments, regardless of the sophistication of your tools or the talent of your staff, will eventually be compromised by the weakest link in your controls. So how do we manage these weak links? Let’s start by identifying them.

Continue reading →

Google has announced that businesses can now apply to try out client-side encryption for Gmail on the web.

Now available in beta for a selection of Workspace users, the feature is one that was promised some time ago. Google says that the new encryption option means that "sensitive data in the email body and attachments are indecipherable to Google servers", but there will be disappointment that the security and privacy feature is not available for everyone.

Continue reading →

Most of us are familiar with the old proverb "for want of a nail, the shoe was lost; for want of a shoe, the horse was lost; for want of a horse, the battle was lost…" and so on. The object lesson is that small and sometimes apparently unimportant objects or actions can have outsized impacts if they are not properly attended to.

So, it is with Application Programming Interfaces or APIs. They are the 'horseshoe nails' at the heart of modern business.

Continue reading →

You'll often hear cybersecurity discussed in military terms, as a war, or a battle, or a conflict. So should enterprises be taking a defensive approach that draws on military thinking?

Tom Gorup is VP of security operations at Fortra's Alert Logic, a managed detection and response specialist. He's also a veteran of six years in the US Army with tours of Iraq and Afghanistan. We spoke to him to discover how lessons learned on the battlefield can be applied to cybersecurity.

Continue reading →

If there is one person who, like no other, knows that there is a lot to protect to keep people happy, then it’s Santa and his factory filled with elves, toys and sugary goodness. Not only are there plenty of things to protect, but there are also a lot of things to consider that might play out in unexpected ways, and jeopardize Christmas.

This is why Santa not only knows what to protect, but he also knows the limitations of the resources he needs to be able to keep children happy and make sure the process of making and delivery toys and candy stays operational.

Continue reading →

The Christmas holiday period is a peak time for phisherfolk. Research from Check Point shows 17 percent of all malicious files distributed by email in November were related to orders and shipping around the Black Friday period.

This is expected to be worse still this month as attackers seek to take advantage of shipping and package notifications and more.

Continue reading →

A new report finds that 78 percent of Americans indulge in risky online behaviors that open them up to cyber threats, such as reusing or sharing passwords, skipping software updates and more -- a 14 percent increase from just two years ago.

The Xfinity Cyber Health Report from Comcast combines data from a new consumer survey of 1,000 US adults, conducted by Wakefield Research, with national threat data collected by Xfinity's xFi Advanced Security platform.

Continue reading →

A new study from Splunk, in collaboration with Foundry, finds that 49 percent of public sector agencies struggle to leverage data to detect and prevent cybersecurity threats.

The report shows 50 percent of the sector has issues leveraging data to inform cybersecurity decisions, and 56 percent of public sector agencies have difficulties leveraging data to mitigate and recover from cybersecurity incidents.

Continue reading →

Cybercriminals know that backups are the last line of defense against ransomware, so it’s essential that they are properly protected.

In an ideal world they would be air-gapped but in the current era of hyperconnectivity that can prove somewhat impractical. We talked to Bret Piatt, CEO of CyberFortress, to discuss the need to protect backups and the strategies for doing so.

Continue reading →

Google has announced a new tool designed to help identify vulnerabilities in open source software.

The OSV-Scanner is described as a frontend to the existing OSV (open source vulnerabilities) database and one of the aims is to alert developers to security issues in the code their projects depend on.

Continue reading →

Microsoft has released a couple of important cumulative security updates for Windows 10. The KB5021233 and KB5021237 updates are available for Windows 10 versions 1809, 21H1, 21H2 and 22H2.

Because of the security issues addressed by the updates, both are mandatory and will be automatically installed. In addition to security fixes, there are a handful of other notable changes with these updates.

Continue reading →

Despite the endless amount of information that is available on cyber security and ransomware, alongside technology providers waxing lyrical about breach prevention, the view that "it’ll never happen to us" is still prevalent -- not just among smaller businesses, but surprisingly in bigger organizations too.

So, when the breach actually happens, and the bad actors demand a ransom, frequently, organizations’ reflex reaction is to make the ransom payment as a way of "making it go away".

Continue reading →

In a year of international events that has been dubbed a 'permacrisis', 46 percent of tech industry workers say that distractions from world events make it hard to care about their jobs.

More worrying is that 36 percent of tech industry workers say they only do the bare minimum when it comes to security at work -- compared to 11 percent of employees in other industries.

Continue reading →

New research from Kasada shows a 50 percent jump in bad bot activity during Black Friday week, with bot operators using customized open-source development tools, headless browsers, and new Solver Services to conduct their attacks at scale.

The report also shows a six times spike in automated gift card lookups this holiday shopping season, a key indicator that fraudsters are using bots to identify and steal gift card balances.

Continue reading →

While 97 percent of business leaders and security professionals say their organization is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago, one in five wouldn't bet a chocolate bar that they could prevent a damaging breach.

Ivanti surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand their perception of today's cybersecurity threats and find out how companies are preparing for future threats.

Continue reading →