Articles about Security

While software-based password managers are incredibly popular these days, it is still terrifyingly common to find that people store passwords on sticky notes attached to their monitor. A slightly more up to date means of recording passwords is to type them into a text document, and this is something Microsoft is seeking to discourage with the latest update to Windows 11.

With Window 11 2022 Update, the company added a new enhanced phishing protection feature of Microsoft Defender Smartscreen. This security feature can, among other things, issue a warning if it detects that you are entering one of your passwords into a document or, for that matter, a potentially insecure website. The feature is not enabled by default, so here's how to bolster your security.

Continue reading →

In late August, the UK government introduced new cybersecurity rules aimed at protecting telecommunication networks against cyber attacks. The rules, which allow the government to boost the security standards of the UK’s mobile and broadband networks, come at a time when attacks on critical infrastructure are becoming more frequent and more dangerous.

Earlier this year, for example, Costa Rica was thrown into crisis after a ransomware attack affected 30 government institutions, including critical ministries and its social security fund. The group behind the attack, known as Conti, threatened to overthrow the government unless the US$10 million ransom was paid. With the help of international partners -- including the United States, Israel, Spain, and Microsoft -- it was able to get all its systems back online, but it took weeks. Montenegro, meanwhile, also saw critical digital infrastructure crippled following a cyber attack blamed on state-sponsored actors. The attack effectively sent some government departments back to the analogue era and was still being wrestled with more than three weeks after it was first detected.    

Continue reading →

Almost half of respondents to a new survey say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. 46 percent are relying on primary backup and recovery infrastructure that was designed in, or before, 2010.

The study commissioned by Cohesity from Censuswide also finds 62 percent expressed some level of concern over whether their IT and security teams would be able to mobilize efficiently to respond to an attack.

Continue reading →

We've already seen that cyberattacks have played a role in the war in Ukraine. But what about the prospect of more widespread cyber warfare. Could Ukraine be just a testing ground?

Education advice site Security Degree Hub has produced an infographic looking at the prospects of a cyber war and what it might look like.

Continue reading →

With the decline of the traditional enterprise network perimeter, more and more organizations are turning to a zero trust approach to securing their systems.

This not only reduces the attack surface, it ensures that if an attack does succeed it's much less likely to spread laterally within the network. We talked to Tim Silverline, VP of security at network automation specialist Gluware, to find out more about what implementing zero trust means.

Continue reading →

The desire for software supply chain integrity and transparency has left many organizations struggling to build in software security measures like signatures, provenance, and SBOMs to legacy systems and existing Linux distributions.

This has prompted Chainguard to produce Wolfi, a new Linux '(un)distribution' and build toolchain, that's been designed from the ground up to produce container images that meet the requirements of a secure software supply chain.

Continue reading →

Without training, 21 percent of the workforce don't not know who to go to when faced with a cybersecurity threat.

A new report from security awareness training platform KnowBe4 shows that annual security training reduces that percentage to 17 percent.

Continue reading →

New data reveals a significant increase in activities to secure open source components and integrate security into developer toolchains in order to protect the software supply chain.

The 13th edition of the Building Security In Maturity Model (BSIMM) report from Synopsys analyzes the software security practices of 130 organizations -- including Adobe, PayPal and Lenovo -- in their efforts to secure more than 145,000 applications built and maintained by nearly 410,000 developers.

Continue reading →

Major cyberattacks invariably make the headlines, but it seems that rather than take a proactive approach, many CISOs wait for a new threat to emerge before protecting their business. They simply hope they won't be caught up in the first wave of a new attack.

Dave Mitchell, CTO of cybersecurity investigation specialist HYAS Infosec, believes there is a better approach, one that detects threats by monitoring the communications that form the foundations of internet architecture. We recently talked to him to learn more.

Continue reading →

Identity fraud is on the rise, with cybercriminals employing increasingly sophisticated techniques including realistic 2D/3D masks and deploying display attacks (e.g. showing a picture of a person on a screen) to try to spoof biometric verification systems.

Identity verification specialist Onfido is launching a new 'biometric liveness solution' called Motion which is aimed at increasing verification speed and ensuring that it’s seeing a real person.

Continue reading →

A new study from Deloitte shows 50.2 percent of professionals at organizations considering quantum computing benefits believe that their organizations are at risk from 'harvest now, decrypt later' (HNDL) cybersecurity attacks.

In HNDL attacks, threat actors harvest data from unsuspecting organizations, anticipating that data can be decrypted later when quantum computing gets sufficiently mature to render some existing cryptographic algorithms obsolete.

Continue reading →

Despite increased spending on cybersecurity, a new report reveals that 90 percent of organizations were affected by ransomware in some way over the past 12 months, up from last year's 72.5 percent.

The study from SpyCloud shows that security efforts are being stepped up, the number of organizations that have implemented or plan to implement multi-factor authentication jumped 71 percent, from 56 percent the previous year to 96 percent. Monitoring for compromised employee credentials also increased from 44 percent to 73 percent.

Continue reading →

Fintech firm Revolut has been hit by a cyberattack that resulted in personal data of tens of thousands of users being exposed.

Described as a "highly targeted" attack -- although it is not clear who was targeted or why -- the security incident took place on the night of September 11. The attack gave an unauthorized third-party access to a range of data including postal and email addresses, account information, and phone numbers.

Continue reading →

Privacy and security are something that all browser manufacturers like to brag about in relation to their products, with Google and Microsoft being no different to others in this regard. But if you are making use of the Enhanced Spellcheck in Chrome or Microsoft Editor in Edge, some highly sensitive information can be sent to the two software giants.

In addition to passwords, we are talking about personal information entered into online forms such as your social security number, date of birth, username and so on. The worrying discovery was made by security researchers from JavaScript security firm otto-js who warn that this is something that will be of particular concern to enterprise users.

Continue reading →

Last month, LastPass suffered a cyberattack and the company shared some details about what had happened shortly afterwards. Now, having conducted further investigations, more information has been revealed including the fact that the attacker had access to the LastPass development environment for four days.

The company concedes that it is not clear how the attacker was able to gain access but says: "the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication". LastPass has also revealed the impact of the four-day security incident in the name of providing "transparency and peace-of-mind to [its] consumer and business communities".

Continue reading →