Articles about Security

Mac users: It's time to wake up and smell the vulnerabilities

Are you one of the millions of Mac users under the impression that your digital security is guaranteed simply due to the fact that you’re using a Mac? Then I’ve got some news for you that you may not want to hear: the popular and long-standing myth that Mac users are immune to security vulnerabilities is just that -- a myth. This myth largely derives from the fact that the global Windows market share dwarfs that of macOS. Hackers and cybercriminals would much rather target an operating system that serves nearly 90 percent of users worldwide than one that accounts for less than 10 percent.

The truth is that Macs are still very much susceptible to vulnerabilities that can be exploited by cybercriminals, or even by developers of apps you may use on a daily basis. So if you’re a Mac user who has been lulled into a false sense of security, it’s time for you to wake up and realize that your security is by no means guaranteed on a Mac. That’s the hard reality of it, and the sooner you come to grips with it, the sooner you can start taking steps to protect your digital security and personal privacy on your Mac.

Continue reading

New platform helps automate security operations

AI security

Speed of response is critical for security teams, which is why many companies employ Security Orchestration, Automation and Response (SOAR) tools.

Security automation platform LogicHub is looking to take SOAR a step further with the launch of a SOAR+ platform offers autonomous detection and response, advanced analytics and machine learning to automate decision making with accuracy across disparate security operations.

Continue reading

25 percent of security analysts' time is wasted on false positives

Malware alert

Security analysts in US enterprises spend around a quarter of their time chasing false positives because security alerts or indicators of compromise (IOCs) are erroneous.

This is among the findings of research carried out by Exabeam and the Ponemon Institute which also shows that security teams must evaluate and respond to nearly 4,000 security alerts per week.

Continue reading

Cisco to pay $8.6 million for supplying the US government with software known to be insecure

Cisco has agreed to pay $8.6 million to settle a claim that it sold video surveillance software to the American government even though it was aware it contained security vulnerabilities.

A total of fifteen US states filed a case under the False Claims Act after Homeland Security, the Secret Service, the Army, the Navy, the Marines, the Air Force and the Federal Emergency Management Agency all purchased flawed software from Cisco. Rather than improving security as desired, the complainants said that Cisco's software actually made systems less secure.

Continue reading

Flexera helps businesses tackle vulnerabilities more quickly

Installing...

In the modern world it's vital for businesses to know what software they have, and where vulnerabilities lie. Flexera already assists IT and security teams to do this with its Software Vulnerability Manager, and it's now launching new modules to help address threats.

It's produced two new modules for SVM. The first of these is the Vendor Patch Module, which allows organizations to take advantage of insights and mitigate them more quickly, by using comprehensive patch coverage -- with more than 1,000 out-of-the-box patches. Additionally, the Vendor Patch Module delivers details to help companies more easily create over 1,000 additional patches.

Continue reading

NordVPN brings WireGuard-based NordLynx to Linux users

VPN shield

NordVPN has announced an important new option for users of the Linux version of its eponymous VPN tool. The company is introducing a new technology called NordLynx which is based on the WireGuard protocol.

The company says that it successfully combines the highspeed connection offered by WireGuard with NordVPN's own privacy-protecting double NAT system.

Continue reading

Phishing and credential stuffing remain top threats

Phishing password

As we have seen in another report today, the financial sector remains a prime target for cybercriminals. Phishing attacks and credential stuffing are the two most common forms of attack used against the industry according to another report from Akamai.

In the six months between December 2018 and May 2019, nearly 200,000 phishing domains were discovered by the research and 50 percent of all unique organizations impacted are from the financial services sector.

Continue reading

Financial sector faces a broad range of cyberthreats

card theft

The finance industry is a prime target for cyberattacks and a new report from F-Secure shows that it's facing a wide range of threats that go far beyond traditional theft.

Attacks targeting banks, insurance companies, asset managers and similar organizations can range from common script-kiddies to organized criminals and state-sponsored actors. And these attackers have an equally diverse set of motivations for their actions, with many seeing the finance sector as a tempting target due to its importance in national economies.

Continue reading

Businesses still at risk from outdated operating systems

web threats

A new report reveals that 32 percent of businesses still have Windows XP installed on at least one device on their network and 79 percent of businesses are running Windows 7, which will reach its end of service in January 2020, on one or more devices.

The study from IT industry marketplace Spiceworks also shows many businesses are turning to next-generation security solutions like AI-powered threat intelligence and security-as-a-service to face security threats and vulnerabilities including outdated operating systems, limited use of encryption, and a lack of in-house security expertise.

Continue reading

More than half of enterprises don't know if their security tools are working

laptop doubt

According to a new report, 53 percent of enterprise security leaders don't know if their security tools are working, despite massive spending.

The study carried out for continuous validation specialist AttackIQ by the Ponemon Institute shows companies surveyed are spending an average of $18.4 million annually on cybersecurity and 58 percent will be increasing their IT security budget by an average of 14 percent in the next year.

Continue reading

Organizations struggle with container security

open digital lock

Containerization has seen rapid adoption in recent years, but a new study from container security specialist StackRox reveals organizations struggling with security issues.

The report shows that while two-thirds of organizations have more than 10 percent of their applications containerized, 40 percent of them remain concerned that their container strategy doesn't adequately invest in security. Another 34 percent say that their strategy lacks sufficient detail.

Continue reading

Personal details of 106 million Americans and Canadians stolen in huge Capital One data breach

Capital One card

A hacker has been arrested following a massive data breach at Capital One. The attacker -- Paige A Thompson, also known as "erratic" -- was able to access the credit applications of 100 million Americans and 6 million Canadians after exploiting a "configuration vulnerability".

In most cases, personal details such as name, date of birth, address and phone number were exposed by Thompson, but for tens of thousands of individuals, she also gained access to credit scores, Social Security numbers and account balances.

Continue reading

Qualys makes IT asset discovery and inventory app available for free

network

Security and compliance specialist Qualys is announcing today that it's making its Global IT Asset Discovery and Inventory app available to all businesses for free.

With the app users can automatically create a continuous, real-time inventory of known and unknown assets across a global IT footprint. The assets can be anything from on-premises, endpoints, multi-cloud, mobile, containers, OT and IoT.

Continue reading

65 percent of cybersecurity analysts say they've considered quitting

quitting job

Working in a security operations center is stressful, so much so that 65 percent of analysts report having considered changing careers or quitting their jobs.

This is among the findings of a new study carried out by the Ponemon Institute for data analytics platform Devo Technology, which also finds that 49 percent say their SOC is not fully aligned with business needs.

Continue reading

Microsoft's web-based Outlook 365 is leaking users' IP addresses in emails

Outlook 365

Anyone using Office 365's webmail component to send emails is unwittingly sharing their IP address with the people they communicate with.

The web-based Outlook 365 inserts the sender's IP address into the header of an email, which makes it stand apart from other webmail services such as Gmail -- and even Microsoft's own Outlook.com. While the injected IP address serves something of a purpose, it's also a privacy and security risk that many users may not be aware of.

Continue reading

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.