Articles about Security

Google has announced today that it's bringing passkey support to both Chrome and Android. Passkeys offer a significantly safer replacement for passwords and other phishable authentication factors and mark another step towards a passwordless future.

If you're unfamiliar with passkeys, they're a joint initiative from Apple, Google, and Microsoft. Unlike a password the key is stored exclusively on your devices and never gets shared with anyone else.

Continue reading →

Information and work overload, insufficient downtime, lack of tool integration, and alert fatigue mean that 71 percent of security operations center professionals say they're likely to quit their job.

A new report from logging and security analytics company Devo Technology shows SOC leaders continue to face a tricky balancing act when it comes to retaining SOC analysts amid major talent shortages and turnover.

Continue reading →

Cyberattacks and other threats aren't limited to large organizations, indeed SMBs are often targeted as they are seen as having fewer resources to devote IT security defenses, particularly related to remote workers.

A new survey from software company Devolutions bears out this view, with only 18 percent of SMBs checking all the requisite IT security boxes and 13 percent not implementing any essential IT security measures at all.

Continue reading →

According to new research from Tessian, 18 percent of UK and US security leaders work over 25 hours extra a week, double the amount of overtime they reported in 2021.

On average, they work 16.5 hours over their contracted weekly hours, up from 11 hours in 2021. Also three-quarters of security leaders say they aren't able to always switch off from work, 16 percent of these say they can rarely or never switch off.

Continue reading →

The virtual world of the Metaverse is already attracting people to attend virtual events and play games. It also has the potential for businesses to make money -- research from McKinsey suggests it could be a $5 trillion industry by 2030.

However businesses are still wary of the additional challenges, particularly with regard to security. New research carried out by YouGov for app security company F5 shows six out of 10 respondents say the Metaverse has introduced security complexities that their organization may not be equipped to address.

Continue reading →

In what was a far-sighted move back in 2004, the President of the United States and Congress declared October to be Cybersecurity Awareness Month, dedicated to helping individuals protect themselves online as threats to technology and confidential data become more commonplace.

This has now become a regular event on the calendar and the theme of this year's campaign is 'See Yourself in Cyber', aiming to underline the fact that cybersecurity is ultimately about people rather than technology.

Continue reading →

The short-term costs of a cyberattack are significant. Investigating and containing a breach, rebuilding IT systems and implementing new security controls, as well as the loss of productivity, can all cause severe financial strain.

However, the long-term costs of a breach are often even more damaging. Enterprises that do not handle an attack well can suffer a number of further consequences, including reputational damage, a loss of customer loyalty and a drop in share prices.

Continue reading →

Ransomware operators have turned their attention away from politically motivated attacks focusing on Russia back to their usual targets such as the United States, China, and Israel.

The latest T2 2022 threat report from ESET also shows the total number of RDP attack attempts has declined by a further 89 percent. The likely reasons for the decline are post-COVID return to offices, improved security, and the Russia-Ukraine war.

Continue reading →

Since Microsoft acknowledged the existence of two actively exploited zero-day vulnerabilities in Exchange Server, security experts were quick to point out that the company was providing bad advice in response.

The URL blocking recommended by Microsoft was found to be sadly lacking, and hackers could easily bypass it. Now Microsoft has provided updated mitigation advice, as well as providing automated protection options.

Continue reading →

October is Cybersecurity Awareness Month, and this year’s overarching theme is "It’s Easy to Stay Safe Online."

While cybersecurity news often centers around massive data breaches and hacks, it can be overwhelming to citizens and consumers who feel powerless against such threats. However, this year’s theme serves as a reminder that we all have a part to play in making the online world a safer place, whether that be at work, home or school. 

Continue reading →

Resource Public Key Infrastructure -- or RPKI -as it's better known -- is a security framework that is designed to prevent cybercriminals or rogue states from diverting internet traffic.

National research center for Cybersecurity ATHENE says it has found a way to easily bypass this security mechanism, and in a way that means affected network operators are unable to notice.

Continue reading →

The average enterprise uses more than 130 cybersecurity point solutions, creating siloed data that is hard for security teams to apply in meaningful ways.

To address this problem, Tenable is launching a new exposure management platform, aimed at giving customers a unified view into their organization's assets and vulnerabilities across the whole attack surface.

Continue reading →

The amount of DDoS attacks increased by 75.6 percent compared to the second half of 2021, but the average (0.59 Gbps) and maximum (232.0 Gbps) attack sizes each decreased by 56 percent and 66.8 percent, respectively.

New research from Nexusguard shows that single-vector attacks represented 85 percent of all attacks globally in the first half of this year. Of these User Datagram Protocol (UDP) attacks accounted for 39.6 percent, an increase of 77.5 percent from the first half of 2021, the remainder being HTTPS flood attacks.

Continue reading →

Spending more money on cybersecurity tools doesn't necessarily mean you're less likely to suffer from a cyberattack. Until now though it's been hard to tell whether what you do spend is actually delivering a good return on investment.

Safe Security is today launching a new Return on Security Investment (ROSI) calculator that enables CISOs and CFOs to quantify the reduction in risk for each dollar invested in cybersecurity.

Continue reading →

 More than a decade after the concept of Zero Trust was first introduced, it’s become one of the biggest buzzwords in the industry. According to Microsoft, 96 percent of security decision-makers believe Zero Trust is ‘critical’ to their organization’s success, with 76 percent in the process of implementation currently. 

Zero Trust is on the rise because traditional security models that assume everything inside an organization’s network can be trusted is no longer valid. As enterprises manage their data across multiple applications and environments, on-prem or hosted in the cloud, and as users have more access to data at more interfaces, a network’s perimeter becomes porous and less defined. This causes the threat surface to expand as the edge becomes indefensible. This change has seen many organizations embrace Zero Trust principles to improve their security posture.

Continue reading →