Articles about Security

The short-term costs of a cyberattack are significant. Investigating and containing a breach, rebuilding IT systems and implementing new security controls, as well as the loss of productivity, can all cause severe financial strain.

However, the long-term costs of a breach are often even more damaging. Enterprises that do not handle an attack well can suffer a number of further consequences, including reputational damage, a loss of customer loyalty and a drop in share prices.

Continue reading →

Ransomware operators have turned their attention away from politically motivated attacks focusing on Russia back to their usual targets such as the United States, China, and Israel.

The latest T2 2022 threat report from ESET also shows the total number of RDP attack attempts has declined by a further 89 percent. The likely reasons for the decline are post-COVID return to offices, improved security, and the Russia-Ukraine war.

Continue reading →

Since Microsoft acknowledged the existence of two actively exploited zero-day vulnerabilities in Exchange Server, security experts were quick to point out that the company was providing bad advice in response.

The URL blocking recommended by Microsoft was found to be sadly lacking, and hackers could easily bypass it. Now Microsoft has provided updated mitigation advice, as well as providing automated protection options.

Continue reading →

October is Cybersecurity Awareness Month, and this year’s overarching theme is "It’s Easy to Stay Safe Online."

While cybersecurity news often centers around massive data breaches and hacks, it can be overwhelming to citizens and consumers who feel powerless against such threats. However, this year’s theme serves as a reminder that we all have a part to play in making the online world a safer place, whether that be at work, home or school. 

Continue reading →

Resource Public Key Infrastructure -- or RPKI -as it's better known -- is a security framework that is designed to prevent cybercriminals or rogue states from diverting internet traffic.

National research center for Cybersecurity ATHENE says it has found a way to easily bypass this security mechanism, and in a way that means affected network operators are unable to notice.

Continue reading →

The average enterprise uses more than 130 cybersecurity point solutions, creating siloed data that is hard for security teams to apply in meaningful ways.

To address this problem, Tenable is launching a new exposure management platform, aimed at giving customers a unified view into their organization's assets and vulnerabilities across the whole attack surface.

Continue reading →

The amount of DDoS attacks increased by 75.6 percent compared to the second half of 2021, but the average (0.59 Gbps) and maximum (232.0 Gbps) attack sizes each decreased by 56 percent and 66.8 percent, respectively.

New research from Nexusguard shows that single-vector attacks represented 85 percent of all attacks globally in the first half of this year. Of these User Datagram Protocol (UDP) attacks accounted for 39.6 percent, an increase of 77.5 percent from the first half of 2021, the remainder being HTTPS flood attacks.

Continue reading →

Spending more money on cybersecurity tools doesn't necessarily mean you're less likely to suffer from a cyberattack. Until now though it's been hard to tell whether what you do spend is actually delivering a good return on investment.

Safe Security is today launching a new Return on Security Investment (ROSI) calculator that enables CISOs and CFOs to quantify the reduction in risk for each dollar invested in cybersecurity.

Continue reading →

 More than a decade after the concept of Zero Trust was first introduced, it’s become one of the biggest buzzwords in the industry. According to Microsoft, 96 percent of security decision-makers believe Zero Trust is ‘critical’ to their organization’s success, with 76 percent in the process of implementation currently. 

Zero Trust is on the rise because traditional security models that assume everything inside an organization’s network can be trusted is no longer valid. As enterprises manage their data across multiple applications and environments, on-prem or hosted in the cloud, and as users have more access to data at more interfaces, a network’s perimeter becomes porous and less defined. This causes the threat surface to expand as the edge becomes indefensible. This change has seen many organizations embrace Zero Trust principles to improve their security posture.

Continue reading →

Late last week, Microsoft confirmed the existence of two actively exploited zero-day vulnerabilities in Exchange Server. Tracked as CVE-2022-41082 and CVE-2022-41040, both security flaws are worrying as they are known to be actively exploited.

While it works on a fix, Microsoft offered up instructions to mitigate the vulnerabilities. But it turns out that it is incredibly easy to bypass, with security experts warning that the method used is too specific, rendering it ineffective.

Continue reading →

Cyberattacks can cause significant harm to businesses, not least financial losses. According to recent findings from the Atlas VPN team, 37 percent of companies lose over $100,000 per cyberattack on average.

Some lose even more, with 22 percent of companies suffering significant losses ranging from $100,000 up to $499,999. Cybercriminals stole even more money, between $500,000 and $999,999, from 11 percent of businesses. Lastly, four percent of companies claim to have lost over $1 million after a successful cyberattack. A worrying two percent of businesses say they don't know their actual losses.

Continue reading →

Cybersecurity is a priority for all enterprises. We regularly see news of data breaches across a wide range of industries, and as workforces increasingly move to a hybrid model the issue becomes more acute.

As businesses undergo digital transformation they need to update not only their tools but also their attitude toward keeping systems secure. We spoke to Pravin Kothari, executive vice president, product and strategy at cloud security company Lookout to find out why in a cloud-native world security needs a different approach.

Continue reading →

Some trends come quickly and disappear from the scene. For example, artificial intelligence was going to be the savior of cybersecurity, but this trend has turned out to be a smokescreen.

Here are five SAP application security trends that are here to stay.

Continue reading →

Undocumented malware only makes up a small proportion of files, yet it presents a high risk of infection. Sandboxing and analyzing everything in order to eliminate risk, however, has a major impact on performance.

To address this Cyren has produced Hybrid Analyzer. Using emulation -- effectively automatically reverse engineering the code contained in a file -- this new offering operates 100 times faster than a malware sandbox and between five and 20 times faster than alternative file analysis solutions.

Continue reading →

Microsoft has issued a security notice about two zero-day vulnerabilities with its own Microsoft Exchange Server. Versions 2013, 2016 and 2019 of the software are affected.

One vulnerability (CVE-2022-41082) allows for remote code execution when an attacker has access to PowerShell; the second (CVE-2022-41040) is a Side Request Forgery (SSRF) vulnerability. Both vulnerabilities are being exploited in the wild.

Continue reading →