Articles about Security

Today’s complicated threat landscape leaves security teams grappling with new challenges on a scale never seen. Threat actors are more organized and efficient, leveraging a vast ecosystem of tools and services that cater to experts and beginners alike. In early March, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory warning of the resurgence of Royal ransomware with new compromise and encryption tactics used to target specific industries, including critical infrastructure, healthcare and education.

Cyberattacks are only increasing and growing more destructive, targeting supply chains, third-party software, and operational technology (OT). Gartner predicts that by 2025, threat actors will weaponize OT environments successfully to cause human casualties. This is happening at a time of increased technology adoption led by accelerated digital transformation efforts, hybrid work and the Industrial Internet of Things (IoT) boom, leaving security teams to manage an evolving and growing attack surface and multiplying vulnerabilities.

Continue reading →

Google is in the process of rolling out a trio of important updates to Chrome, kicking off with an improvement to Safety Check. This security feature will now run automatically in the background, allowing for proactive alerts about security issues that need attention.

Other updates include improvements to tab groups that makes it possible to access them on other computers, and enhancements to Memory Saver. But the company also hints at big plans for 2024, with the promise of "smarter and more helpful features" powered its Gemini AI model.

Continue reading →

Cyber Threat Intelligence introduces the history, terminology, and techniques to be applied within cyber security, offering an overview of the current state of cyberattacks and stimulating readers to consider their own issues from a threat intelligence point of view. The author takes a systematic, system-agnostic, and holistic view to generating, collecting, and applying threat intelligence.

The text covers the threat environment, malicious attacks, collecting, generating, and applying intelligence and attribution, as well as legal and ethical considerations.

Continue reading →

Never trust, verify everything! This is the premise on which the "Zero Trust" approach was founded. This model of cybersecurity involves implementing controls designed to ensure that only verified users can access company resources, and from similarly approved devices.

This strategy is increasingly being adopted in response to the challenges faced by small and medium-sized enterprises (SMEs), such as the continued evolution of hybrid working, the use of Bring Your Own Device (BYOD) and the increase and sophistication in cyber-attacks. Whereas previously SMEs thought they weren’t a target, now they are seen as the weaker link from a hackers’ perspective and increasingly they are falling victims to cyber attacks.

Continue reading →

Web applications remain one of the most targeted areas for threat actors. According to Verizon’s Data Breach Investigations Report, web application attacks were behind 26 percent of all successful attacks during the twelve months covered. Yet while the methods for attacking web applications are well known and understood, as evidenced by the work that the Open Web Application Security Project (OWASP) has done on their Top Ten list over the years, many companies still find hardening their applications challenging.

Authorization and access control describe the biggest set of challenges identified by OWASP in their most recent Top 10 list (2021) -- three out of the top five issues were around broken authorization, while broken authentication and improper access to resources were also common problems. The OWASP Top 10 for 2021 also includes attacks that work on unrestricted access to sensitive business flows, which covers areas like creating fake accounts, and server side request forgery where APIs can send resources to the wrong locations.

Continue reading →

Open-source software (OSS) is now so widely used that it is incredibly difficult to find an organization that doesn’t incorporate OSS in some form or another -- whether that be in a standalone open-source product, or more commonly, in the form of OSS packages. Though its usefulness cannot be doubted, the prevalence of this software is exactly what makes it a major target for cyber-attacks.

A prime example of this is Log4j, a popular logging utility used by scores of organizations for recording events such as status reports and errors. In a situation which came to be known as 'Log4shell', a zero-day vulnerability allowed threat actors to compromise systems using malicious code and take control all while remaining undetected. At the time, its impact was described as "enormous" and the implications of its implementation into countless commercial products underlined the inherent vulnerabilities of some open-source technologies when weak points are exposed.

Continue reading →

With the release of the KB5033375 update, Microsoft has delivered not only a series of security patches to Windows 11, but also an important upgrade to Copilot.

The AI-powered digital assistant has proved problematic for many users, and now Microsoft has taken steps to fix things. There are also fixes for lots of non-Copilot related issues, and a power consumption reducing update for Dynamic Lighting.

Continue reading →

The time of the month for Microsoft to release its security updates for Windows has rolled around again. The company has released the KB5033372 update for Windows 10, bringing not only security fixes, but other improvements and new features -- including Copilot.

As the KB5033372 update includes security fixes, it is rolling out to all Windows 10 users automatically. This means that everyone will be given access to a preview version of Microsoft's AI-powered digital assistant.

Continue reading →

With support for Windows 10 coming to an end in under two years, Microsoft has been trying to encourage everyone to upgrade to Windows 11. The reality is that this is not something that all Windows 10 users want to do, and it is not possible for many because of hardware requirements.

Now Microsoft has relented. The company has made a somewhat surprising move in giving all Windows 10 users the chance to pay for Extended Security Updates (ESU) when Windows 10 reaches end of service. Until now, the ESU program has only been available to larger organizations and enterprise customers. In opening it up to home users, Microsoft is effectively admitting that it foresees large numbers of people continuing to stick with Windows 10 -- so the company has decided to try to profit from this fact.

Continue reading →

2023 looks set to be yet another record-breaking year for ransomware attacks. According to Statista, over 72 percent of businesses worldwide have already been affected by ransomware attacks this year, with LockBit3.0 and CI0p Ransomware claiming the bulk of victims last quarter.

The scourge of modern digital businesses everywhere, the proliferation of ransomware shows no sign of slowing down thanks to the rise of ransomware-as-a-service (RaaS) platforms -- so much so that it has become the most prevalent issue confronting organizations today.

Continue reading →

When it was first released, Windows 10 famously spied on users and shared all sorts of information with Microsoft. Over the years, the software giant has reigned in this behavior and introduced a wealth of privacy controls to let you manage what you share.

That said, these controls are scattered throughout the OS and finding them isn’t always easy. This is where Win10Privacy can help.

Continue reading →

Cybersecurity All-in-One For Dummies covers a lot of ground in the world of keeping computer systems safe from those who want to break in.

This book offers a one-stop resource on cybersecurity basics, personal security, business security, cloud security, security testing, and security awareness. Filled with content to help with both personal and business cybersecurity needs, this book shows you how to lock down your computers, devices, and systems -- and explains why doing so is more important now than ever.

Continue reading →

Today, encryption is a cornerstone of our cybersecurity practices. It protects everything from cell phones and SMS messages to financial transactions and intellectual property.

However, a new challenge in the complex landscape of encryption has recently emerged, thanks to the advancement of quantum computing. What challenges lay ahead? Here is the breakdown:

Continue reading →

Cybersecurity automation has steadily gained traction as organizations seek to improve efficiency, address talent gaps, and keep up with escalating threats. However, our latest State of Cybersecurity Automation research shows that while more businesses are utilizing automation, they continue to grapple with obstacles that prevent them from fully capitalizing on its benefits.

In our recent study surveying over 700 cybersecurity professionals, we uncovered several persistent pain points in implementing automation. The research found that a lack of trust in automated outcomes, insufficient expertise among users, and poor communication between teams have hampered automation success. As a result, organizations are struggling to build confidence in automation and maximize its effectiveness.

Continue reading →

No company is immune from a cyber-attack, with large and small being targeted. As technologies advance and cybercriminals hone their skills, evolve their tactics, and find new vulnerabilities to exploit, companies can no longer ask the question of if a cyber attack will occur but when and how it will happen.

While the number of data breaches is cause for concern, the cost associated with them is equally alarming. According to Cybersecurity Ventures, the global average cost of a cyberattack has ballooned to $4.45 million, increasing by 15 percent over the past three years. Even more sobering is that it shows no signs of easing, as global cybercrime costs are projected to reach $10.5 trillion annually by 2025.

Continue reading →