Continuous response needed to combat cyber attacks
As the threat landscape continues to rapidly evolve, businesses need to be able to react quickly and have an effective strategy to deal with attacks.
Security specialist F-Secure is calling for greater emphasis on both preparing for a breach as well as fast and effective containment that has the correct balance of people, process and technology.
90 percent of tech companies are vulnerable to email spoofing
Phishing is a major problem for large organizations, but while there are standards to authenticate email and prevent phishers from spoofing domains with fake emails, a majority of companies have not made full use of them.
The tech sector has moved faster than some but while they are beginning to implement protection many companies in this sector are still at an early stage with the result that 90 percent are still vulnerable to impersonation.
Russia orders NordVPN, ExpressVPN, HideMyAss and other VPNs to block numerous sites
VPNs are frequently used by people to increase security, improve privacy, to browse the internet as if in another country, and to bypass restrictions put in place by ISPs and governments. Aware of this, authorities in Russia have ordered ten big-name VPNs to block access to various sites banned in the country.
Among those to have been contacted by the authorities are NordVPN, ExpressVPN, IPVanish, HideMyAss and TorGuard. At least one of these VPN providers has decided to pull out of Russia.
UK watchdog says Huawei poses a national security risk
In its fifth annual report, the UK's Huawei oversight board says that the Chinese firm poses a threat to national security. It reached the conclusion after discovering that the company has made "no material progress" in addressing the security flaws highlighted in last year's report.
But while the report was damning of Huawei, saying it found additional "significant technical issues in Huawei’s engineering processes leading to new risks in the UK telecommunications networks", the board stopped short of calling for a ban on Huawei's involvement in 5G in the UK.
Large enterprises face problems with unsecured applications
A new survey of more than 200 CISOs in the US and Canada finds that large enterprises typically operate 1,300 or more complex applications but only protect 60 percent of them, leaving more than 500 applications unprotected at a time where adversarial attacks are increasing.
The study from crowdsourced security company Bugcrowd along with the Enterprise Strategy Group (ESG), also shows strong interest in using DevOps to automate security.
Encryption backdoors raise the likelihood of attack
Countries with government-mandated encryption backdoors are more susceptible to nation-state attacks according to 73 percent of security professionals.
A survey from machine identity protection company Venafi also finds 69 percent believe countries with encryption backdoors suffer economic disadvantages in the global marketplace as a result.
Data breaches more common than rain in the UK
The UK has something of a reputation for its wet climate, and its citizens for constantly talking about the weather. So it may come as a surprise to find that in the UK the chance of experiencing a data breach is higher than that of encountering a rainy day.
A survey by technology services company Probrand shows 43 percent of UK businesses having suffered a cyber breach or attack in the last 12 months as against just 36.4 percent chance on average of encountering a wet day.
Almost half of industrial computers hit by malicious cyber activity in 2018
Kaspersky has released the results of an astonishing study that found that almost half of world's Industrial Control System (ICS) computers was subjected to malicious cyber activity last year.
While malware and cyber attacks have been a problem for some time, there is particular concern about the rising numbers of ICS computers being affected. In the case of downtime for such systems, there is the risk of material losses and production downtime at industrial facilities.
Digital cold war and other emerging threats we'll face in the next two years
A new report from the Information Security Forum looks at the threats organizations can expect to face over the next two years as a result of increasing developments in technology.
The Threat Horizon 2021 report highlights three major themes that will present particularly difficult cyber security challenges for businesses.
Next generation cyber defense driven by analytics and machine learning
The biggest problem for security teams is often too much data and many are addressing this by turning to analytics and machine learning, according to a new report.
The study from CyberEdge Group surveyed 1,200 IT security decision makers and practitioners and finds 47 percent intend to deploy advanced analytics solutions in the next year.
ASUS Live Update Utility hacked to deliver ShadowHammer backdoor malware to a million systems
Kaspersky Lab reports that the software update system used by ASUS was hijacked by hackers and used to deliver a backdoor-laden piece of malware to users. The company estimates that around a million users may have been affected by what it describes as "one of the biggest supply-chain incidents ever".
Back in January, the security firm discovered that a threat actor interfered with the ASUS Live Update Utility, adding a backdoor to it. Signed with an official ASUS certificate and carefully crafted to be precisely the same size as the official tool, the malware -- dubbed ShadowHammer -- went unnoticed for some time.
61 percent of CISOs believe employees have leaked data maliciously
A new study reveals that 79 percent of IT leaders believe that employees have put company data at risk accidentally in the last 12 months, and 61 percent believe they have done so maliciously.
The research from data security company Egress also explores how employees and executives differ in their views of what constitutes a data breach and what is acceptable behavior when sharing data.
Trend micro calls in artists to make cybersecurity beautiful
When you think of cybersecurity, art and beauty probably aren't the first things that come to mind. But if Trend Micro has its way that could be about to change.
The company has commissioned a number of artists to create what it calls The Art of Cybersecurity. This is a series of works based on security data, with the idea of shifting the perception of protecting systems from a burden, to something beautiful.
Panic Button secures data -- by destroying it
One of the biggest worries about someone gaining unauthorized access to your computer is that they can view and steal your data.
The CyberYozh security group has launched a product that protects your sensitive files, browser data and more, by taking the nuclear option of destroying it.
Facebook stored millions of users' passwords in searchable plain text for years
Just when you think things couldn't get any worse with Facebook, something else comes along to lower your opinion of the social network even further. The latest security slip-up relates to passwords: it turns out that for up to six years, millions of user passwords were stored in plain text.
As well as being stored in plain text, passwords were searchable by thousands of Facebook employees. An investigation by Facebook suggests that somewhere between 200 million and 600 million user accounts were affected, some as far back as 2012.