Articles about Security

As more and more devices that we might not conventionally think of as 'IT' become connected, the risks to enterprises increase.

To address this concern Claroty is launching xDome, a new cloud-based industrial cybersecurity platform that drives cyber and operational resilience for modern industrial businesses.

Continue reading →

New research from Accenture shows that data stolen in ransomware and other cyberattacks is being weaponized in order to carry out business email compromise (BEC) attacks.

Underground forums have sets of credentials for sale for as little as $10 that provide access to genuine corporate email accounts, making malicious emails seem genuine.

Continue reading →

Office macros have long been a favorite attack method for cybercriminals but now that Microsoft has started blocking them by default the bad guys have started to turn to other methods.

A new report from HP Wolf Security shows a shift to shortcut (LNK) files being used to deliver malware. Attackers often place shortcut files in ZIP email attachments, to help them evade email scanners.

Continue reading →

With more people working remotely, messaging and email have become even more essential tools, but the sharing of sensitive data via these routes also presents risks.

Concentric AI is using this week's Black Hat USA to launch an AI-based solution that protects sensitive data shared as text or attachments across today’s most popular business messaging platforms, including email, Slack, and Microsoft Teams.

Continue reading →

The US Cybersecurity and Infrastructure Security Agency has issued a warning about a security issue with the UnRAR tool for Linux-based systems.

The vulnerability is being tracked as CVE-2022-30333, and if successfully exploited, the flaw could allow an attacker to use the process of unpacking an archive to write data to an area of storage.

Continue reading →

In the second quarter of this year malware events increased over 25 percent, botnets doubled and exploit activity grew by nearly 150 percent, according to a new report.

The report from managed security services provider Nuspire, based on threat intelligence analyzed from Nuspire's trillion traffic logs from client sites and associated with thousands of devices from around the world, shows a substantial increase in botnet activity near the end of Q2, attributed to Torpig Mebroot botnet, a banking trojan designed to scrape and collect credit card and payment information from infected devices.

Continue reading →

It is that time of the month again -- the time that Microsoft releases updates for Windows 11. This time around, the company has released the KB5016629 update to not only fix a problem that prevented the Start menu from opening, but also to address various security issues.

This is a cumulative update which also includes the changes that were part of the KB5015882 update that was made available last month. This means that the KB5016629 update fixes problems with File Explorer as well as introducing new Focus Assist features and better Windows 11 updating.

Continue reading →

A new study reveals that while 80 percent of enterprises are using open source software (OSS) -- set to rise to 99 percent in the next year -- a mere one percent say they aren't worried about security.

The report from Synopsys, based on research by Enterprise Strategy Group (ESG), shows that in response to high profile supply chain attacks 73 percent of respondents say they have increased their efforts significantly to secure their organizations' software supply chain.

Continue reading →

The power of software supply chain attacks was amply demonstrated by SolarWinds but two years on some organizations are still vulnerable thanks to the use of source code management (SCM) systems.

IBM's X-Force Red ethical hacking team has been able to successfully gain access to SCM systems during an adversary simulation engagement in most cases.

Continue reading →

WhatsApp is not only one of the popular messaging apps out there, it is also one that is subject to some of the fastest development work. Existing features are constantly being tweaked, new options are being added all the time, and Mark Zuckerberg has just revealed three exciting new privacy-focused features.

In an announcement on his personal Facebook page, the CEO of Meta teased a trio of new features which will help to improve the privacy of group and one-on-one chats. The upcoming additions are part of a new global campaign from WhatsApp that focuses on and promotes privacy and security features.

Continue reading →

Despite the fast changing nature of the world of cybersecurity, it seems that when it comes to vulnerabilities there's still a place for the golden oldies.

New research by Rezilion find that more that 4.5 million internet-facing devices are still vulnerable to vulnerabilities discovered between 2010 to 2020. What's more, for most of these vulnerabilities, active scanning/exploitation attempts have taken place in the past 30 days too.

Continue reading →

Governments are keen for enterprises to improve their cyber resilience, but research from Skurio finds just under half of private and public sector organisations surveyed say that lack of resources and in-house expertise prevent their organisation from keeping up with and protecting against new cyber threats.

We talked to Jeremy Hendy, CEO of Skurio, about the barriers to businesses becoming more cyber resilient and the calls to action for C-suite, info-security departments, and the industry

Continue reading →

Twitter has confirmed that a hacker was able to exploit a security vulnerability on the social platform earlier this year, gaining access to the private data of millions of users.

In total, 5.4 million accounts were affected, with the attacker able to link account names to email addresses and phone numbers. While the incident took place back in January this year, Twitter has also revealed that the exposed user data was made available to buy just last month. In what will be regarded by many as something of an understatement, the company says that "it is unfortunate that this happened".

Continue reading →

It might still be a bit early to begin thinking about next year, but new research from Intel 471 analyzes recent and commonly used tactics, techniques and procedures (TTPs) that have been adopted by prominent threat actors.

It also looks at how these threats have affected enterprises, along with predictive intelligence assessments on threats that organizations should be prepared to thwart over the next year.

Continue reading →

A large majority of companies are only at an entry level in terms of their cloud security capabilities according to a new study.

The research, carried out for cloud infrastructure security company Ermetic by Osterman Research, surveyed 326 organizations in North America with 500 or more employees and who spend a minimum of $1 million or more each year on cloud infrastructure.

Continue reading →