Articles about Security

A new study reveals that while 80 percent of enterprises are using open source software (OSS) -- set to rise to 99 percent in the next year -- a mere one percent say they aren't worried about security.

The report from Synopsys, based on research by Enterprise Strategy Group (ESG), shows that in response to high profile supply chain attacks 73 percent of respondents say they have increased their efforts significantly to secure their organizations' software supply chain.

Continue reading →

The power of software supply chain attacks was amply demonstrated by SolarWinds but two years on some organizations are still vulnerable thanks to the use of source code management (SCM) systems.

IBM's X-Force Red ethical hacking team has been able to successfully gain access to SCM systems during an adversary simulation engagement in most cases.

Continue reading →

WhatsApp is not only one of the popular messaging apps out there, it is also one that is subject to some of the fastest development work. Existing features are constantly being tweaked, new options are being added all the time, and Mark Zuckerberg has just revealed three exciting new privacy-focused features.

In an announcement on his personal Facebook page, the CEO of Meta teased a trio of new features which will help to improve the privacy of group and one-on-one chats. The upcoming additions are part of a new global campaign from WhatsApp that focuses on and promotes privacy and security features.

Continue reading →

Despite the fast changing nature of the world of cybersecurity, it seems that when it comes to vulnerabilities there's still a place for the golden oldies.

New research by Rezilion find that more that 4.5 million internet-facing devices are still vulnerable to vulnerabilities discovered between 2010 to 2020. What's more, for most of these vulnerabilities, active scanning/exploitation attempts have taken place in the past 30 days too.

Continue reading →

Governments are keen for enterprises to improve their cyber resilience, but research from Skurio finds just under half of private and public sector organisations surveyed say that lack of resources and in-house expertise prevent their organisation from keeping up with and protecting against new cyber threats.

We talked to Jeremy Hendy, CEO of Skurio, about the barriers to businesses becoming more cyber resilient and the calls to action for C-suite, info-security departments, and the industry

Continue reading →

Twitter has confirmed that a hacker was able to exploit a security vulnerability on the social platform earlier this year, gaining access to the private data of millions of users.

In total, 5.4 million accounts were affected, with the attacker able to link account names to email addresses and phone numbers. While the incident took place back in January this year, Twitter has also revealed that the exposed user data was made available to buy just last month. In what will be regarded by many as something of an understatement, the company says that "it is unfortunate that this happened".

Continue reading →

It might still be a bit early to begin thinking about next year, but new research from Intel 471 analyzes recent and commonly used tactics, techniques and procedures (TTPs) that have been adopted by prominent threat actors.

It also looks at how these threats have affected enterprises, along with predictive intelligence assessments on threats that organizations should be prepared to thwart over the next year.

Continue reading →

A large majority of companies are only at an entry level in terms of their cloud security capabilities according to a new study.

The research, carried out for cloud infrastructure security company Ermetic by Osterman Research, surveyed 326 organizations in North America with 500 or more employees and who spend a minimum of $1 million or more each year on cloud infrastructure.

Continue reading →

According to a new report 94 percent of companies have experienced security problems in production APIs in the past year, with 20 percent saying the organization suffered a data breach as a result.

The latest State of API Security Report from Salt Security also finds that found that API attack traffic has more than doubled in the past 12 months with a 117 percent increase. In the same period overall API traffic grew 168 percent, highlighting the continued explosion of enterprise API usage.

Continue reading →

The latest OT/IoT security report from Nozomi Networks shows that wiper malware and IoT botnets dominate threats to industrial control systems.

Researchers have observed the robust usage of wiper malware, and seen the emergence of an Industroyer variant, dubbed Industroyer2, developed to misuse the IEC-104 protocol, which is commonly used in industrial environments.

Continue reading →

Microsoft has launched two new security products, bolstering the capabilities of Microsoft Defender. The company says that the aim of the two tools is to help organizations lock down their infrastructure and reduce their overall attack surface.

The tools, Microsoft says, also provide "deeper context into threat actor activity" making it easier to predict malicious activity and secure resources. Microsoft Defender Threat Intelligence works by mapping the internet every day, so that security teams have the data needed to understand current attack techniques, while with Microsoft Defender External Attack Surface Management lets security teams see their system as attackers do.

Continue reading →

A new study reveals that 87 percent of the ransomware found on the dark web can be delivered via malicious macros in order to infect targeted systems.

The research from Venafi, in partnership with criminal intelligence provider, Forensic Pathways, looked at 35 million dark web URLs and forums to uncover a thriving ransomware community with highly damaging macro-enabled strains readily available.

Continue reading →

Phishing is one of the most common forms of cyberattack, fooling people into thinking they're dealing with a trusted organization in order to get them to part with credentials.

But what are the hallmarks of a phishing attack? Atlas VPN has collected some phishy statistics to find out.

Continue reading →

Governments, utilities and other key industries are prime targets for attack including from nation state actors and cybercriminals seeking to extract a ransom.

But David Anteliz, technical director at Skybox, believes that given the increase in tensions across the world threat actors will evolve their tactics with the use of a 'three-headed dragon approach' that goes beyond the probing we have seen so far.

Continue reading →

Securing endpoints used to be a simple matter of installing a firewall and antivirus solution and then keeping them updated.

But as threats have become more sophisticated, networks more complex and working patterns have shifted away from the office, securing and managing endpoints has become a much greater problem for enterprises.

Continue reading →