Articles about Security

Application development can be linked closely to Newton’s Third Law of Motion: For every action there is an equal and opposite reaction. Developers simply want to develop, but seemingly whenever they want to develop, application security (AppSec) teams fire back with concerns ensuring the safety of the application, breeding tension and slowing development. In the wake of this tension, we must ask ourselves how we can go about ensuring security while maintaining a streamlined development process -- enter the rise of "security champions."

A security champion program is the process of spreading awareness around best security practices for organizational behavior in order to reduce overall security risk. Security champions are individuals who otherwise would not be involved in security, but receive additional training and incentives to represent security on their teams. The rise of security champions truly developed as a trend from the concern that the average developer is not being measured on security, and therefore is not focused on maintaining it. There is a popular belief, particularly in the use of open-source code, that security is not a part of the development process because it is not the responsibility of the developer to ensure the code is secure -- thus banking on the assumption that the code used is reliable. In fact, security teams, while necessary, are often viewed as bottlenecks in the process, preventing developers from constantly churning out code.

Continue reading →

Data centers around the world are currently home to an estimated 1,327 exabytes of data. This information has a potentially huge value so it needs protecting.

But as more businesses choose to trust their information to external data centers how can they be sure that it's going to be properly secured? We spoke to Oliver Pinson-Roxburgh, CEO of Defense.com, to find out how organizations can choose the most secure data center possible?

Continue reading →

With Black Friday and the holiday shopping season this is always the peak time of year for scammers to try to fleece the unwary. But this year there's also the FIFA World Cup in Qatar to add to the mix.

Leaving aside the debate over whether the tournament should have been held in the Gulf state in the first place, researchers at Kaspersky have been looking at the scams aimed at stealing football (soccer for Americans) fans' identity and banking details.

Continue reading →

Data is increasingly one of the most valuable resources that businesses have, but extracting that value requires effective management of content.

A new survey from Rocket Software of more than 500 corporate IT professionals across multiple industries in the US, UK and APAC regions shows that business data is still vastly unstructured with 81 percent of respondents indicating that at least some of their data is considered 'dark'.

Continue reading →

Ransomware attackers are exploiting the fact that organizations have fewer security staff available at weekends and holiday times in order to launch more devastating attacks.

A new report from Cybereason shows 44 percent of companies reduce security staffing over holidays and weekends by as much as 70 percent compared to weekday levels. 21 percent reduce staff by as much as 90 percent.

Continue reading →

Cybersecurity issues are increasingly complex and that means that they are unlikely to be addressed by just a single vendor. And when an attack does happen it needs to be stopped fast, which needs close collaboration.

A new Data Security Alliance announced today by Cohesity aims to combine best-in-class solutions from industry leading cybersecurity and services companies with exceptional data security and management expertise.

Continue reading →

Cyber resilience has been a high-profile issue across industries, especially since the pandemic. As organizations were forced to adopt hybrid working, they had to reconsider infrastructural configuration. Facilitating remote working meant that businesses needed to consider a plethora of new endpoint devices connecting to the enterprise network. This increasing digital landscape is creating a wide range of complexities for businesses around network management and device visibility.

The ever-evolving IT estate is only a part of the cyber-security team’s challenges. It is almost impossible to 'solve' the complexity it brings with it because the requirements of dealing with and handling the technology keep changing. The security team's preparedness, ability to work under pressure, and people skills will determine how resilient an organization is, and how well it can detect, defend, and respond to a new or emerging attack. It is therefore vital to give teams the capabilities they need adapt to the ever-changing threat landscape. security teams.

Continue reading →

The change to hybrid work and increased adoption of cloud-based services has led to greater pressure on enterprises to get a grasp on their identity management.

Digital identity company ForgeRock is launching a new identity governance solution designed to address identity and compliance issues for large organizations.

Continue reading →

Two years ago when we reviewed the Firewalla Blue we remarked on how tiny it was relative to the level of protection it offers.

The recently launched Gold Plus version is a much bigger and more serious piece of kit aimed at small businesses and professional home users. It offers the same simple, plug-in protection as the Blue but can be used in a number of other ways too.

Continue reading →

Containers are meant to be immutable.Once the image is made, it is what it is, and all container instances spawned from it will be identical. The container is defined as code, so its contents, intents and dependencies are explicit. Because of this, if used carefully, containers can help reduce supply chain risks.

However, these benefits have not gone unnoticed by attackers. A number of threat actors have started to leverage containers to deploy malicious payloads and even scale up their own operations. For the Sysdig 2022 Cloud-Native Threat Report, the Sysdig Threat Research Team (Sysdig TRT) investigated what is really lurking in publicly available containers.

Continue reading →

When buying a smartphone, you have two real choices. You can opt for an iPhone, which runs iOS, or one of the many Android handsets available from the likes of Google, Samsung, Huawei, OnePlus and Sony.

If you value your privacy, then you might want a phone that truly does too. Volla Phone 22, from German firm Hallo Welt Systeme UG, is a good-looking device that is focused on keeping you safe and secure. It runs a choice of operating systems -- Volla OS, Ubuntu Touch, and the recently added Sailfish OS -- that can be selected on start-up. Support for additional mobile operating systems is coming soon.

Continue reading →

Crypto mining has become incredibly popular with cybercriminals over the past year, growing by 230 percent. It's not hard to see why as it's expensive in terms of machinery and energy consumption, so if you can cryptojack someone else's machine to do it there are healthy profits to be made.

New research from Kaspersky shows that despite the 'crypto winter' which has seen the value of cryptocurrencies drop significantly and the cryptocurrency industry facing a liquidity crisis, criminal activity targeting the crypto industry doesn’t seem to be slowing down.

Continue reading →

September this year marked five years since the notorious Equifax data breach which exposed the social security numbers, birthdates, credit card details, and more of millions of customers.

But how much has the industry learned from this breach? And what measures can be used to help avoid similar issues in the future? We spoke to Ian Coe, co-founder at Tonic.ai to find out why fake data might be the answer.

Continue reading →

A survey of over 1,200 cybersecurity decision-makers from small and medium-sized businesses in Europe and North America shows 74 percent believe that they are more vulnerable to cyberattacks than enterprises.

The study from ESET also reveals that 70 percent of businesses surveyed admit that their investment in cybersecurity hasn't kept pace with recent changes to their operational models such as hybrid working.

Continue reading →

New data from managed security service provider Nuspire reveals large increases in overall threat activity in the second quarter of this year continued throughout Q3, with additional growth in both exploits and botnets.

There's been a 236.22 percent jump in Kryptik variants -- a type of trojan malware distributed to victims through phishing campaigns, the goal being to steal information, including cryptocurrency wallets, files and SSH keys.

Continue reading →