Articles about Security

According to 90 percent of IT security leaders their organizations are falling short in addressing cybersecurity risks.

Research from Foundry finds that this perception comes from a number of issues including convincing all or parts of their organization of the severity of risk (27 percent), and believing their organization isn’t investing enough resources to address risks (26 percent).

Continue reading →

Organizations are losing thousands of hours in time and productivity dealing with a massive backlog of vulnerabilities that they have neither the time or resources to tackle effectively, according to a new report.

The State of Vulnerability Management in DevSecOps report from vulnerability management platform Rezilion and the Ponemon Institute, shows 47 percent of security leaders report that they have a backlog of applications that have been identified as vulnerable.

Continue reading →

A new report from cyber risk insurance provider Coalition shows that while overall incidents are down, and ransomware attacks are declining as demands go unpaid, smaller businesses have become bigger targets.

In the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, 58 percent higher than levels during the first half of 2021.

Continue reading →

The public cloud has been widely adopted by organizations of all sizes, but a new report from Orca Security reveals some alarming shortcomings in security.

Among the key findings, 72 percent of organizations have at least one Amazon S3 bucket that allows public read access, and 70 percent have a Kubernetes API server that is publicly accessible.

Continue reading →

A new report finds 80 percent of organizations have experienced at least one severe cloud security incident in the past year, and 41 percent say cloud native services increase complexity, further complicating their security efforts

On a positive note though the study, from developer security specialist Snyk, shows 49 percent of organizations now find deployment is faster as a result of improved cloud security.

Continue reading →

Every organization has its own data and digital assets that need to be protected against an ever-growing threat landscape that compromises the availability, integrity, and confidentiality of crucial data.

Therefore, it is important to train professionals in the latest defensive security skills and tools to secure them. Mastering Defensive Security provides you with in-depth knowledge of the latest cybersecurity threats along with the best tools and techniques needed to keep your infrastructure secure.

Continue reading →

New research from Sevco Security shows that more than 10 percent of enterprise IT assets are missing endpoint protection, and that roughly five percent are not covered by enterprise patch management solutions.

Nearly 20 percent of Windows servers lack endpoint protection, far more than Windows clients and MacOS assets, which are just over 10 percent.

Continue reading →

A new survey of over 500 IT decision makers at small and medium businesses, from threat detection and response specialist Vade, shows 69 percent say a serious breach had bypassed their current email security solution.

It's perhaps not surprising then that SMBs are increasingly likely to turn to managed service providers, with 96 percent of organizations either currently outsourcing at least some of their needs to MSPs or planning to do so in the future.

Continue reading →

HP has issued a warning about a security issue with its HP Support Assistant software. Pre-installed on numerous HP systems, and included with the installation of various products from the company, HP Support Assistant has been found to have a privilege escalation vulnerability.

Tracked as CVE-2022-38395 and assigned a score of 8.2, the vulnerability is of high severity. The good news is that a fix is available.

Continue reading →

While for many people September 7 meant finding out about the latest iPhone and Apple Watch, for Cisco it was the day on which it pushed out security patches for various medium- and high-severity vulnerabilities.

The company posted a series of advisory notices in its security center and released four patches for a variety of flaws. The patches address the high-severity CVE-2022-20696, a vulnerability in the binding configuration of Cisco SD-WAN vManage Software, as well as CVE-2022-28199, a flaw in the NVIDIA Data Plane Development Kit. There are also patches for two medium-severity flaws -- CVE-2022-20863, a vulnerability in the messaging interface of Cisco Webex App, and CVE-2022-2092, a vulnerability in the IPSec VPN Server authentication functionality of several Cisco Small Business routers.

Continue reading →

Detecting threats today isn't just about deciding which methods to use, but also which data. Endpoint server and workstation logs are a start, but major blind spots still exist unless threat detection visibility extends to network and cloud as well.

In order to be effective, security teams need to look at what data to use, what the science says can be done with the data, and what to expect. We spoke to Andrew Hollister, CISO at LogRhythm to find out more.

Continue reading →

Some form of cybersecurity awareness training has been implemented in 97 percent of enterprises this year, according to a new survey of 1,900 security professionals from ThriveDX.

However, only 42 percent report involving their employees in security detection with the use of such measures as a Phishing Incident Button, while 65 percent agree that their training program needs expansion.

Continue reading →

A new study reveals that 47 percent of educational institutions have suffered a cyberattack on their cloud infrastructure within the last 12 months.

The research from Netwrix shows that for 27 percent of these incidents in the cloud were associated with unplanned expenses being incurred to fix security gaps.

Continue reading →

New data unveiled by the Atlas VPN team shows that cloud servers are now the number one way in for cyberattacks on businesses, with 41 percent of companies reporting them as the first point of entry.

The data, based on the Cyber Readiness Report 2022 by insurer Hiscox, also shows a 10 percent increase in cloud server attacks over the year before.

Continue reading →

Samsung has revealed limited details of a security incident that took place earlier in the year, exposing the personal data of customers in the US.

The technology giant says that the data breach took place back in July when "an unauthorized third party acquired information from some of Samsung's US systems". No details about who may have been responsible have been released, and Samsung has issued a warning for customers to exercise caution.

Continue reading →