Articles about Security

Three quarters of C-suite executives responding to a new survey say that compliance challenges and security challenges limit their company's ability to innovate.

The study from software delivery platform CloudBees also shows executives overwhelmingly favor a shift left approach, a strategy of moving software testing and evaluation to earlier in the development lifecycle, placing the burden of compliance on development teams.

Continue reading →

Over three-quarters (76 percent) of respondents in a new survey have suffered an API security incident in the last 12 months, primarily caused by dormant/zombie APIs, authorization vulnerabilities, and web application firewalls.

The research from Noname Security also shows that 74 percent of cybersecurity professionals don’t have a complete API inventory or know which APIs return sensitive data.

Continue reading →

Researchers from cybersecurity firm Vectra have issued a warning that Microsoft Teams stores authentication tokens in an unprotected form that could easily be abused by hackers.

The desktop apps for Windows, macOS and Linux all store authentication tokens in cleartext, and this can be used by an attacker to steal an identity and log into accounts. This is clearly worrying, but what is more concerning is Microsoft's reaction; the company says that the issue does not require "immediate servicing".

Continue reading →

Uber is working with law enforcement after it became the latest company to fall victim to a cyber attack. Hackers were able to breach its internal systems and gain access to a range of data including emails, vulnerability reports, its HackerOne bug bounty program and more.

The attackers were also able to access Uber's Slack server, going as far as posting messaging to it. At the moment, it is not clear whether customer data has been exposed in the attack which seems to have come as the result of extracting passwords from an employee via social engineering.

Continue reading →

A new report from 1Password reveals that 43 percent of employees admit to risky online behaviors such as sharing logins, offloading tasks to others, or even abandoning certain tasks altogether to circumvent complicated login procedures.

Having to remember multiple logins heightens stress levels and strains mental health according to 41 percent of respondents. While 37 percent say that the onboarding process at their current job was time-consuming, confusing or challenging when it came to logging into work-related accounts.

Continue reading →

The average US business faces around three successful cyberattacks each year, and while most agree that attacks are set to increase, 32 percent still lack a management platform for IT secrets, like API keys, database passwords and privileged credentials, posing a significant risk to organizational security.

A new US Cybersecurity Census Report from Keeper Security shows most organizations think they're prepared to fend off cyberattacks, with 64 percent of respondents rating their preparedness at least an eight on a 10-point scale and 28 percent rating themselves as a 10/10.

Continue reading →

The McAfee name is one that has been somewhat tainted by the activities of John McAfee, but it is one that also remains firmly associated with security. The company has just announced a new product line called McAfee+, available in three tiers, that includes an unlimited VPN at all levels.

Currently only available to users in the US, McAfee+ has Premium, Advanced and Ultimate options, each of which have Individual and Family variants, with prices ranging from $49.99 to $219.99 per year.

Continue reading →

We've all heard of the Great Resignation, a pandemic-driven shift in people's work preferences. But new research from Cyberhaven suggests that this has gone hand-in-hand with a huge stealing of data.

Based on anonymized details from over 1.4 million workers and spanning 360,000 data exfiltration incidents and a broad sample of companies, including 11 percent of the Fortune 100, it reveals data ranging from customer information to software source code being exfiltrated in large volumes.

Continue reading →

According to 90 percent of IT security leaders their organizations are falling short in addressing cybersecurity risks.

Research from Foundry finds that this perception comes from a number of issues including convincing all or parts of their organization of the severity of risk (27 percent), and believing their organization isn’t investing enough resources to address risks (26 percent).

Continue reading →

Organizations are losing thousands of hours in time and productivity dealing with a massive backlog of vulnerabilities that they have neither the time or resources to tackle effectively, according to a new report.

The State of Vulnerability Management in DevSecOps report from vulnerability management platform Rezilion and the Ponemon Institute, shows 47 percent of security leaders report that they have a backlog of applications that have been identified as vulnerable.

Continue reading →

A new report from cyber risk insurance provider Coalition shows that while overall incidents are down, and ransomware attacks are declining as demands go unpaid, smaller businesses have become bigger targets.

In the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, 58 percent higher than levels during the first half of 2021.

Continue reading →

The public cloud has been widely adopted by organizations of all sizes, but a new report from Orca Security reveals some alarming shortcomings in security.

Among the key findings, 72 percent of organizations have at least one Amazon S3 bucket that allows public read access, and 70 percent have a Kubernetes API server that is publicly accessible.

Continue reading →

A new report finds 80 percent of organizations have experienced at least one severe cloud security incident in the past year, and 41 percent say cloud native services increase complexity, further complicating their security efforts

On a positive note though the study, from developer security specialist Snyk, shows 49 percent of organizations now find deployment is faster as a result of improved cloud security.

Continue reading →

Every organization has its own data and digital assets that need to be protected against an ever-growing threat landscape that compromises the availability, integrity, and confidentiality of crucial data.

Therefore, it is important to train professionals in the latest defensive security skills and tools to secure them. Mastering Defensive Security provides you with in-depth knowledge of the latest cybersecurity threats along with the best tools and techniques needed to keep your infrastructure secure.

Continue reading →

New research from Sevco Security shows that more than 10 percent of enterprise IT assets are missing endpoint protection, and that roughly five percent are not covered by enterprise patch management solutions.

Nearly 20 percent of Windows servers lack endpoint protection, far more than Windows clients and MacOS assets, which are just over 10 percent.

Continue reading →