Articles about Security

Microsoft has released a couple of important cumulative security updates for Windows 10. The KB5021233 and KB5021237 updates are available for Windows 10 versions 1809, 21H1, 21H2 and 22H2.

Because of the security issues addressed by the updates, both are mandatory and will be automatically installed. In addition to security fixes, there are a handful of other notable changes with these updates.

Continue reading →

Despite the endless amount of information that is available on cyber security and ransomware, alongside technology providers waxing lyrical about breach prevention, the view that "it’ll never happen to us" is still prevalent -- not just among smaller businesses, but surprisingly in bigger organizations too.

So, when the breach actually happens, and the bad actors demand a ransom, frequently, organizations’ reflex reaction is to make the ransom payment as a way of "making it go away".

Continue reading →

In a year of international events that has been dubbed a 'permacrisis', 46 percent of tech industry workers say that distractions from world events make it hard to care about their jobs.

More worrying is that 36 percent of tech industry workers say they only do the bare minimum when it comes to security at work -- compared to 11 percent of employees in other industries.

Continue reading →

New research from Kasada shows a 50 percent jump in bad bot activity during Black Friday week, with bot operators using customized open-source development tools, headless browsers, and new Solver Services to conduct their attacks at scale.

The report also shows a six times spike in automated gift card lookups this holiday shopping season, a key indicator that fraudsters are using bots to identify and steal gift card balances.

Continue reading →

While 97 percent of business leaders and security professionals say their organization is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago, one in five wouldn't bet a chocolate bar that they could prevent a damaging breach.

Ivanti surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand their perception of today's cybersecurity threats and find out how companies are preparing for future threats.

Continue reading →

Modern access control systems can recognize employees by their faces. This is very convenient. People do not need to wear a badge with an RFID chip around their necks all the time and use the card with every closed door. It seems that the future has come. Employees can walk around the office with their heads held high, and the doors will open by themselves.

But it turns out that many access control systems that use facial recognition technology have security vulnerabilities. In this article, you will read about the most dangerous problems.

Continue reading →

As cyber threats intensify and the human and financial resources available to deal with them remain limited, there is a growing need for automation in cybersecurity.

The intelligent automation of key cybersecurity processes can significantly improve an organization's posture and at the same time support under-pressure employees by reducing reliance on manual processes. But in what is a relatively new approach, how far have organizations progressed along the cybersecurity automation maturity curve and is everyone on the same journey?

Continue reading →

As cyberattacks become more sophisticated, so traditional security techniques may no longer be up to the task of protecting systems.

What's needed is an approach that can spot the routes an attacker may use and help close them down. We spoke to Todd Carroll, CISO at CybelAngel and with over 20 years previous experience in the FBI's cyber, counter intelligence, and counter terrorism branches, to discuss the need for a pre-emptive attitude to cybersecurity and how such an approach can work.

Continue reading →

Passwords are a problem. They are difficult to remember, often easily guessed or cracked, and generally just a pain. Google is looking to help by adding secure, password-free login to Chrome 108 thanks to newly added passkey support.

The security feature is available to users of Windows 11, macOS and Android, and it follows a short period of beta testing. Backed by the likes of the FIDO Alliance, Microsoft, Apple, and -- of course -- Google, passkeys are a step away from the password managers so many of us have become reliant on.

Continue reading →

This week marks the first anniversary of the Log4j/Log4Shell vulnerability affecting the Java logging library and as we noted recently many organizations are still vulnerable even though patched versions were quickly available.

Sonatype has produced a resource center to show the current state of the vulnerability, along with a tool to help businesses scan their open source code to see if it's affected.

Continue reading →

With the UK government reporting that nearly 40 percent of UK businesses were hit by cyber attacks last year, keeping on top of cyber security has become a mission critical need.

Of those UK businesses and charities that were impacted, 83 percent identified phishing as being the most common attack vector. The government is urging these organizations to strengthen against phishing attacks such as business email compromise as they continue to grow in volume and frequency.

Continue reading →

A new report reveals that 'less sophisticated' fraud -- in which doctored identity documents are readily spotted -- has jumped 37 percent in 2022.

The report from Onfido also shows that while in 2019 fraudsters tended to keep regular office hours, in 2022, fraud levels were consistent across 24 hours, seven days a week. Thanks to technology, fraudsters are more connected across the globe and are able to traverse regions and time zones, and can easily take advantage of businesses’ closed hours when staff are likely offline.

Continue reading →

The classic way of preventing critical systems, such as industrial controls, from attack is to air-gap them. That is to say ensure they don't have a connection to the internet.

But while they may not have a web connection they still often require DNS services in order to resolve a company's internal DNS records. New research from Pentera shows that this can provide a weak point to be exploited by attackers.

Continue reading →

New research from LogRhythm shows 67 percent of respondents say their company had lost a business deal due to the customer's lack of confidence in their security strategy.

The survey of 1,175 security professionals and executives across five continents, conducted by Dimensional Research, finds 91 percent report that their company's security strategy and practices must now align to customers' security policies and standards.

Continue reading →

Cybersecurity resilience is a top priority for companies as they look to defend against a rapidly evolving threat landscape, according to the latest annual Security Outcomes Report from Cisco.

The report reveals that 62 percent of organizations surveyed say they have experienced a security event that impacted business in the past two years. The leading types of incidents are network or data breaches (51.5 percent), network or system outages (51.1 percent), ransomware events (46.7 percent) and distributed denial of service attacks (46.4 percent).

Continue reading →