Articles about Security

Late last week, Microsoft confirmed the existence of two actively exploited zero-day vulnerabilities in Exchange Server. Tracked as CVE-2022-41082 and CVE-2022-41040, both security flaws are worrying as they are known to be actively exploited.

While it works on a fix, Microsoft offered up instructions to mitigate the vulnerabilities. But it turns out that it is incredibly easy to bypass, with security experts warning that the method used is too specific, rendering it ineffective.

Continue reading →

Cyberattacks can cause significant harm to businesses, not least financial losses. According to recent findings from the Atlas VPN team, 37 percent of companies lose over $100,000 per cyberattack on average.

Some lose even more, with 22 percent of companies suffering significant losses ranging from $100,000 up to $499,999. Cybercriminals stole even more money, between $500,000 and $999,999, from 11 percent of businesses. Lastly, four percent of companies claim to have lost over $1 million after a successful cyberattack. A worrying two percent of businesses say they don't know their actual losses.

Continue reading →

Cybersecurity is a priority for all enterprises. We regularly see news of data breaches across a wide range of industries, and as workforces increasingly move to a hybrid model the issue becomes more acute.

As businesses undergo digital transformation they need to update not only their tools but also their attitude toward keeping systems secure. We spoke to Pravin Kothari, executive vice president, product and strategy at cloud security company Lookout to find out why in a cloud-native world security needs a different approach.

Continue reading →

Some trends come quickly and disappear from the scene. For example, artificial intelligence was going to be the savior of cybersecurity, but this trend has turned out to be a smokescreen.

Here are five SAP application security trends that are here to stay.

Continue reading →

Undocumented malware only makes up a small proportion of files, yet it presents a high risk of infection. Sandboxing and analyzing everything in order to eliminate risk, however, has a major impact on performance.

To address this Cyren has produced Hybrid Analyzer. Using emulation -- effectively automatically reverse engineering the code contained in a file -- this new offering operates 100 times faster than a malware sandbox and between five and 20 times faster than alternative file analysis solutions.

Continue reading →

Microsoft has issued a security notice about two zero-day vulnerabilities with its own Microsoft Exchange Server. Versions 2013, 2016 and 2019 of the software are affected.

One vulnerability (CVE-2022-41082) allows for remote code execution when an attacker has access to PowerShell; the second (CVE-2022-41040) is a Side Request Forgery (SSRF) vulnerability. Both vulnerabilities are being exploited in the wild.

Continue reading →

Every year, thousands of code vulnerabilities are discovered, patched and publicly disclosed to improve security for current and potential users.

But many of these vulnerabilities share common features, so what can developers do to write better code that prevents vulnerabilities from entering their apps and services in the first place? We talked to Johannes Dahse, head of R&D at clean code specialist SonarSource, to find out. 

Continue reading →

Phishing is one of the most common methods of launching a cyberattack, yet new research from Red Sift shows that only a small percentage of publicly traded companies have fully adopted the latest email standards that could protect them and their customers.

DMARC (Domain-based Message Authentication, Reporting and Conformance) and BIMI (Brand Indicators for Message Identification) help prevent spoofing and allow businesses to display their logo on authenticated emails.

Continue reading →

Revenue loss from bot-driven account fraud and web scraping continues to increase according to a new report, with 69 percent of companies that have a bot management solution report losing more than six percent of their revenue due to account fraud this year.

Account fraud includes account takeovers and new account fraud, where fraudsters create fake accounts to gain access to loyalty programs and take advantage of promotional discounts.

Continue reading →

A new study of 3,000 individuals across the US, UK and Canada finds that although 58 percent of tech users that had access to cybersecurity training or education say they are better at recognizing phishing messages and related attacks, 34 percent still fell victim to at least one type of cybercrime.

The research from The National Cybersecurity Alliance and CybSafe shows that of more than 1,700 incidents of cybercrime that were disclosed by participants, 36 percent were phishing attacks that led to a loss of money or data, while 24 percent report falling victim to identity theft.

Continue reading →

According to a new report 81 percent of organizations have experienced a cloud-related security incident over the last 12 months, with almost half (45 percent) suffering at least four incidents.

The findings, from machine identity management specialist Venafi, reveal that the underlying issue for these security incidents is a dramatic increase in security and operational complexity connected with cloud deployments.

Continue reading →

According to a new report from Sysdig, the unified container and cloud security company, it costs $430,000 in cloud bills for an attacker to generate $8,100 in cryptocurrency revenue. This works out at a $53 cost to the victim for every $1 the cryptojacker makes.

The report takes an extensive look at TeamTNT, a notorious cloud-targeting threat actor that generates the majority of its criminal profits through cryptojacking. TeamTNT is best known for its crypto‐jacking worm activity, which began in 2019, exploiting vulnerable instances of popular key‐value store Redis.

Continue reading →

US companies are the most affected by ransomware, with 46 percent of all ransomware attacks happening there, according to new research by cybersecurity company NordLocker.

But just who is being targeted? The research finds that out of 18 industries identified, construction accounts for 12 percent of all attacks. Next most likely to be hit are manufacturing (9.6 percent), transportation (8.2 percent), healthcare (7.8 percent), and tech/IT (7.6 percent).

Continue reading →

Cybercriminals have become more adept at bypassing defenses with new DDoS attack vectors and successful methodologies, according to the latest DDoS Threat Intelligence Report from NETSCOUT.

The report is based on intelligence on attacks occurring in over 190 countries, 550 industries, and 50,000 autonomous system numbers (ASNs). It finds there were over six million DDoS attacks in first half of 2022, with TCP-based flood attacks (SYN, ACK, RST) still the most used attack vector, accounting for around 46 percent.

Continue reading →

Nearly eight out of ten (79 percent) of UK and Irish IT decision makers and professionals say there are gaps between their data dependency, backup frequency, SLAs and ability to get back to productive business.

The results of the Data protection Trends Report from Veeam Software also show that 76 percent of respondents admit falling prey to at least one ransomware attack in the past year, with 65 percent now using cloud services as part of their data protection strategy to increase resiliency.

Continue reading →