Articles about Security

Microsoft releases KB5021233 and KB5021237 updates to fix Windows 10 security issues

Sticky plasters

Microsoft has released a couple of important cumulative security updates for Windows 10. The KB5021233 and KB5021237 updates are available for Windows 10 versions 1809, 21H1, 21H2 and 22H2.

Because of the security issues addressed by the updates, both are mandatory and will be automatically installed. In addition to security fixes, there are a handful of other notable changes with these updates.

Continue reading

As we go into 2023, corporate aposematism is a worthy consideration

security breach

Despite the endless amount of information that is available on cyber security and ransomware, alongside technology providers waxing lyrical about breach prevention, the view that "it’ll never happen to us" is still prevalent -- not just among smaller businesses, but surprisingly in bigger organizations too.

So, when the breach actually happens, and the bad actors demand a ransom, frequently, organizations’ reflex reaction is to make the ransom payment as a way of "making it go away".

Continue reading

Distractions means 36 percent of tech workers only do the bare minimum for security at work

In a year of international events that has been dubbed a 'permacrisis', 46 percent of tech industry workers say that distractions from world events make it hard to care about their jobs.

More worrying is that 36 percent of tech industry workers say they only do the bare minimum when it comes to security at work -- compared to 11 percent of employees in other industries.

Continue reading

Bad bot traffic up 50 percent as fraudsters target Black Friday

New research from Kasada shows a 50 percent jump in bad bot activity during Black Friday week, with bot operators using customized open-source development tools, headless browsers, and new Solver Services to conduct their attacks at scale.

The report also shows a six times spike in automated gift card lookups this holiday shopping season, a key indicator that fraudsters are using bots to identify and steal gift card balances.

Continue reading

Would you bet your chocolate on preventing a breach?

While 97 percent of business leaders and security professionals say their organization is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago, one in five wouldn't bet a chocolate bar that they could prevent a damaging breach.

Ivanti surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand their perception of today's cybersecurity threats and find out how companies are preparing for future threats.

Continue reading

What dangerous security vulnerabilities can access control systems have?

Facial recognition mesh

Modern access control systems can recognize employees by their faces. This is very convenient. People do not need to wear a badge with an RFID chip around their necks all the time and use the card with every closed door. It seems that the future has come. Employees can walk around the office with their heads held high, and the doors will open by themselves.

But it turns out that many access control systems that use facial recognition technology have security vulnerabilities. In this article, you will read about the most dangerous problems.

Continue reading

Budget and momentum are key to cybersecurity automation maturity -- and CISOs are feeling left behind

CISO

As cyber threats intensify and the human and financial resources available to deal with them remain limited, there is a growing need for automation in cybersecurity.

The intelligent automation of key cybersecurity processes can significantly improve an organization's posture and at the same time support under-pressure employees by reducing reliance on manual processes. But in what is a relatively new approach, how far have organizations progressed along the cybersecurity automation maturity curve and is everyone on the same journey?

Continue reading

Why your security strategy needs to be pre-emptive [Q&A]

Business security

As cyberattacks become more sophisticated, so traditional security techniques may no longer be up to the task of protecting systems.

What's needed is an approach that can spot the routes an attacker may use and help close them down. We spoke to Todd Carroll, CISO at CybelAngel and with over 20 years previous experience in the FBI's cyber, counter intelligence, and counter terrorism branches, to discuss the need for a pre-emptive attitude to cybersecurity and how such an approach can work.

Continue reading

Google brings passkey support to Chrome so you can ditch passwords

Password on a sticky note

Passwords are a problem. They are difficult to remember, often easily guessed or cracked, and generally just a pain. Google is looking to help by adding secure, password-free login to Chrome 108 thanks to newly added passkey support.

The security feature is available to users of Windows 11, macOS and Android, and it follows a short period of beta testing. Backed by the likes of the FIDO Alliance, Microsoft, Apple, and -- of course -- Google, passkeys are a step away from the password managers so many of us have become reliant on.

Continue reading

Number of vulnerable Log4j downloads remains high one year on

This week marks the first anniversary of the Log4j/Log4Shell vulnerability affecting the Java logging library and as we noted recently many organizations are still vulnerable even though patched versions were quickly available.

Sonatype has produced a resource center to show the current state of the vulnerability, along with a tool to help businesses scan their open source code to see if it's affected.

Continue reading

Active defense: Going on the offensive against cyber criminals

security meter

With the UK government reporting that nearly 40 percent of UK businesses were hit by cyber attacks last year, keeping on top of cyber security has become a mission critical need.

Of those UK businesses and charities that were impacted, 83 percent identified phishing as being the most common attack vector. The government is urging these organizations to strengthen against phishing attacks such as business email compromise as they continue to grow in volume and frequency.

Continue reading

Big but not so clever -- ID fraudsters go for quantity over quality

A new report reveals that 'less sophisticated' fraud -- in which doctored identity documents are readily spotted -- has jumped 37 percent in 2022.

The report from Onfido also shows that while in 2019 fraudsters tended to keep regular office hours, in 2022, fraud levels were consistent across 24 hours, seven days a week. Thanks to technology, fraudsters are more connected across the globe and are able to traverse regions and time zones, and can easily take advantage of businesses’ closed hours when staff are likely offline.

Continue reading

Why air-gapping may not be enough to protect your critical systems

The classic way of preventing critical systems, such as industrial controls, from attack is to air-gap them. That is to say ensure they don't have a connection to the internet.

But while they may not have a web connection they still often require DNS services in order to resolve a company's internal DNS records. New research from Pentera shows that this can provide a weak point to be exploited by attackers.

Continue reading

67 percent of companies lose business deals over security strategy concerns

New research from LogRhythm shows 67 percent of respondents say their company had lost a business deal due to the customer's lack of confidence in their security strategy.

The survey of 1,175 security professionals and executives across five continents, conducted by Dimensional Research, finds 91 percent report that their company's security strategy and practices must now align to customers' security policies and standards.

Continue reading

62 percent of companies say cybersecurity incidents have impacted their operations

Cybersecurity resilience is a top priority for companies as they look to defend against a rapidly evolving threat landscape, according to the latest annual Security Outcomes Report from Cisco.

The report reveals that 62 percent of organizations surveyed say they have experienced a security event that impacted business in the past two years. The leading types of incidents are network or data breaches (51.5 percent), network or system outages (51.1 percent), ransomware events (46.7 percent) and distributed denial of service attacks (46.4 percent).

Continue reading

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.