Articles about Security

Microsoft has introduced a change to Windows 11 that makes it much harder to use brute force attacks to crack passwords. Starting with the latest Insider builds, there is a new account lockout policy in place by default.

The policy means that should an incorrect password be entered 10 times, the account will be locked for 10 minutes. While this does not make brute forcing impossible, by any means, it makes it much harder and more time consuming, boosting security in an important area.

Continue reading →

Much like the legitimate eCommerce world, trust and reputation have become essential parts of the cybercriminal trade. New research by HP Wolf Security finds 77 percent of cybercriminal marketplaces analyzed require a vendor bond -- a license to sell -- which can cost up to $3,000.

In other evidence of a professional approach, 85 percent of these sites use escrow payments, and 92 percent have a third-party dispute resolution service. Every marketplace provides vendor feedback scores too. Cybercriminals also try to stay a step ahead of law enforcement by transferring reputations between websites -- as the average lifespan of a dark net website is only 55 days.

Continue reading →

A new study from secure access specialist Appgate based on research by the Ponemon Institute finds 60 percent of IT and security leaders are not confident in their organization's ability to ensure secure cloud access.

The survey of nearly 1,500 IT decision makers and security professionals worldwide sets out to examine the pain points experienced in securing cloud environments and how zero trust security methods can enable digital transformation.

Continue reading →

A new survey shows that 47 percent of organizations have experienced a vishing (voice phishing) or social engineering attack via their voice networks in the past year.

The study by voice traffic protection specialist Mutare also finds most are unaware of the volume of unwanted phone calls traversing their network, or the significance of threats lurking in unwanted traffic, which includes robocalls, spoof calls, scam calls, spam calls, spam storms, vishing, smishing and social engineering.

Continue reading →

Quantum computing with its vastly improved processing capability offers the chance of many positive developments in research and science. But it also represents a potential threat to our current encryption models.

How big is quantum's threat to cybersecurity? And should we be taking action on this now? We talked to Skip Sanzeri, QuSecure co-founder and COO, to find out.

Continue reading →

Software supply chain risk has become mainstream, with 52 percent of respondents to a new survey being concerned about it.

The study from cybersecurity company Coalfire also finds 50 percent of boards of directors with software-buying companies are raising concerns, which means that responsibility for software supply chain risk is no longer confined to technical teams.

Continue reading →

New research from Specops Software finds major cybersecurity weaknesses in popular web services including Shopify, Zendesk, Trello, and Stack Overflow.

The study shows several popular business web applications have failed to implement critical password and authentication requirements to protect customers from cybercrime.

Continue reading →

A new report released today by ForgeRock shows the average cost of a breach in the US has increased by 16 percent to $9.5m, making the US the costliest place in the world to recover from a breach.

It also reveals a massive 297 percent surge in breaches caused primarily by security issues associated with supply chain and third-party suppliers and representing almost 25 percent of all breaches.

Continue reading →

Email security continues to be a top concern of organizations, with 94 percent of all cyber attacks being delivered through email. As the most frequently used communication channel across all industries -- no wonder threat actors love exploiting it!

The conventional approach to email security is failing. Our latest research found that an average of 75 malicious messages per 100 mailboxes slip past traditional email security filters every month. Consequently, organizations put employees through countless hours of security training with hopes they spot and report these threats to security operations centers. The so-called Human Firewall.

Continue reading →

"Automation" has become a buzzword in cybersecurity circles. That is not surprising in an environment where security specialists are in short supply and under intense pressure to defend the business against a huge variety of threats from innumerable different sources. Using technology to do at least some of the work seems like a no-brainer. Nevertheless, it seems that organizations are finding it hard to get the right approach to cybersecurity automation.

Threat Quotient conducted research last year that found resources, time and a lack of trust in outcomes are preventing companies from realizing the benefits of automation. In a recent webinar, myself, Nabil Adouani, CEO of Strange Bee and co-founder of The Hive Project, and our Global VP of Threat Intelligence Engineering Chris Jacobs discussed the current state of automation, the expectations around what automation can actually achieve, and what this means for implementation in the real world.

Continue reading →

For anyone concerned about privacy and security online, Tor Browser is an extremely important alternative to mainstream browsers. Designed to help keep users anonymous and to bypass restrictions put in place by governments, version 11.5 has landed complete with even more powerful options.

Over the years, it has become easier and easier to use Tor Browser, with complex configuration options being made available to the average user without the need for special knowledge. With the release of version 11.5 of the software, things have been made even easier thanks to the introduction of automatic censorship detection and circumvention with the new Connection Assist feature.

Continue reading →

It's a rare cybersecurity product these days that doesn't claim to have some form of AI capability. But exactly what benefits does AI deliver? And is there a risk of an arms race as threat actors also turn to the technology?

We spoke to Corey Nachreiner, CSO at WatchGuard Technologies, to find out more about the role of AI in cybersecurity.

Continue reading →

The top three priorities for IT professionals are improving IT security overall (52 percent), increasing IT productivity through automation (33 percent), and migrating to the cloud (32 percent), according to a new report.

A survey of almost 2,000 IT pros from Kaseya also reveals the main three challenges are cybersecurity and data protection (49 percent), insufficient IT budgets and resources to meet demands (29 percent), and legacy systems that hamper growth and innovation (21 percent).

Continue reading →

Risk-based strategies are most successful in preventing security breaches, according to a new study from Skybox Security.

Of companies taking a risk-based approach 48 percent suffered no breaches, 50 percent were top performers in time to mitigate issues, and 46 percent top performers in response time.

Continue reading →

The average enterprise now manages approximately 135,000 endpoint devices. But in spite of large budgets spent on endpoint protection, an average of 48 percent of devices -- or 64,800 per enterprise -- are at risk because they are no longer detected by the organization's IT department or because operating systems have become outdated.

A new study conducted by the Ponemon Institute for Adaptiva also finds 63 percent of respondents find that the lack of visibility into endpoints is the most significant barrier to achieving a strong security posture.

Continue reading →