According to a new report 65 percent of Windows systems are still running Windows 7, and a small percentage of devices are still running Windows XP.

The survey from trusted access specialist Duo Security analyzed more than two million endpoints and found 63 percent of them running Microsoft operating systems. Yet only 24 percent are running Windows 10. Windows 7 remains the most popular despite there being over 600 vulnerabilities affecting unpatched versions.

Continue reading →

New research from threat intelligence platform Anomali and the Ponemon Institute shows that 70 percent of security industry professionals believe threat intelligence is often too big and/or complex to provide actionable insights.

It also shows that they often fail to share essential threat data with board members and C-level executives, despite the fact that security is now a business priority.

Continue reading →

The number of DDoS attacks fell more than 40 percent to 97,700 attacks in the second quarter of 2016 according to the latest threat report from DDoS security service Nexusguard.

The report reveals there was a sharp dip in distributed reflection denial of service (DrDoS) attacks, with DNS-based attacks falling 97 percent compared to the previous quarter. However, recent DDoS attacks on cybercrime journalist Brian Krebs and OVH, a French internet hosting provider, broke records for speed and size.

Continue reading →

Google has shared details of a 0-day vulnerability in Windows a mere 10 days after informing Microsoft of the problem. In Google's own words, "this vulnerability is particularly serious because we know it is being actively exploited", but the company is accused of putting users at risk.

Microsoft is yet to produce a patch for the security problem, and it's not clear when one will be released.

Continue reading →

Pretty much all IT operations professionals (99 percent) agree: adopting a DevOps culture can improve application security. This is according to a new report by Hewlett Packard Enterprise.

The report, titled Application Security and DevOps Report 2016, also emphasizes that just a fifth (20 percent) of respondents test their application’s security during development, and 17 percent are using no technologies whatsoever to protect their apps. The conclusion of the report is simple: there is a significant disconnect between perception and reality of secure DevOps.

Continue reading →

"There is a time to take counsel of your fears," General George S. Patton once famously said. Halloween marks the end of National Cyber Security Awareness Month (NCSAM). Let’s make this the time to take counsel of the cyber security fears that keep us up at night.

We asked more than 250 business professionals from across the country to share their concerns. Their answers seem influenced by recent headlines, the pending election, and the coming shopping season.

Continue reading →

The consequences of a security breach in the healthcare sector can be severe, yet a new survey reveals that healthcare staff are among the most likely to fall victim to social engineering attacks.

The study from SecurityScorecard exposes vulnerabilities across 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies.

Continue reading →

If someone sends you a document, modern versions of Microsoft Office will automatically open it in Protected View, to keep you safe from malware. If you need to edit it, you can do so, but it's at your own risk.

Office 2016 also gives administrators the ability to prevent users from running macros in Office documents that originated from the Internet, adding further protection. Frustratingly, this feature wasn’t made available in Office 2013, leaving users of the older suite at risk.

Continue reading →

Because it isn't detected by traditional, signature based anti-virus solutions, zero-day malware has the potential to wreak havoc in businesses of all sizes.

Cyber security company Comodo is launching a new, free forensic analysis service to help enterprises discover previously unknown and undetected malware that could cause serious security issues or data breaches.

Continue reading →

The US mobile workforce is set to grow to 105.4 million workers by 2020 according to IDC and this creates a challenge for businesses trying to control and secure deployments.

In a bid to make things easier, networking solutions company Brocade is launching its latest Ruckus Cloudpath platform to enable IT organizations of any size to easily establish secure, policy-based access for wired and wireless devices.

Continue reading →

Dirty COW is a privilege escalation vulnerability found in the Linux kernel. Although it’s been there for nine years, it’s only recently been identified.

The vulnerability, which affects the 'copy-on-write' (COW) mechanism, can be found in most Linux distros, and since the Raspberry Pi runs Linux, it too is at risk.

Continue reading →

Following the large scale cyberattack that took down a number of high-profile sites last Friday, a Chinese electronics component manufacturer has admitted that its products were used by the attackers behind the disruption.

Hangzhou Xiongmai Technology, which produces DVRs and internet-connect cameras, has come forward to acknowledge that its products were exploited and that the attackers had taken advantage of security vulnerabilities resulting from weak default passwords.

Continue reading →

The security habits of the millennial generation could be putting federal IT systems at risk, if agencies don't adjust their cyber defenses in time.

This finding comes from a new study by cyber security company Forcepoint, which examines how members of the millennial generation use technology.

Continue reading →

We've already seen concerns about the threats Internet of Things gadgets may pose in the home, with hackable Barbie dolls and snooping Smart TVs. Not to mention that the latest Dyn DDoS attack was carried out using unsecured IoT devices.

IoT devices are starting to become commonplace in businesses too so the potential for problems can only grow. Security company ForeScout, along with leading ethical hacker Samy Kamkar, has been investigating the risks these devices pose.

Continue reading →

Attacks on the inter-bank SWIFT system have been making the headlines this year, proving lucrative for the hackers and worrying for the industry.

Help is on the way though as Cyber security company TrapX is launching a deception-based security solution, DeceptionGrid, specifically designed protect SWIFT.

Continue reading →