Articles about Security

Popular NFT marketplace OpenSea has started issuing emails to its users warning them of a leak of customer data.

OpenSea says that an employee of its email delivery vendor, Customer.io, abused their position to access and share email addresses with an unauthorized third party. The company has not given an indication of the number of users affected by the data breach, but has warned of an increased risk of phishing attacks. With the number of active users of OpenSea reported to be around 2 million -- and this does not include people who have just signed up for a newsletter -- the potential impact is huge.

Continue reading →

Phishing emails referencing corporate issues and delivery problem notifications are the ones most likely to induce people to click links according to new research.

Data on simulated phishing attacks from Kaspersky's Security Awareness Platform shows emails with these subjects were successful in getting people to click 16 to 18 percent of the time.

Continue reading →

New research from HP Wolf Security finds that 80 percent of IT leaders are concerned about their capacity to respond to firmware attacks.

The study shows that 67 percent of IT leaders say protecting against, detecting, and recovering from firmware attacks has become more difficult and time-consuming due to the increase in home working, with 64 percent saying the same of analyzing the security of firmware configuration.

Continue reading →

The world of ransomware is becoming increasingly professional and it’s easier than ever for new entrants to get into the business.

A new report from Tenable looks at the ransomware ecosystem and how it has become one of the biggest threats to organizations as well as being lucrative for the criminals behind it.

Continue reading →

Data is often referred to as 'the new oil' that is now playing a major part in shaping economies the world over. In today’s digital world, around 85 percent of organizations see data as one of their most valuable assets.

Back in 2010, IDC calculated that the world had created around 64.2 zettabytes (ZB) of digital information and Seed Scientific estimates that by 2025, the amount of data generated each day is expected to reach 463 exabytes globally, with a total of 175 zettabytes!

Continue reading →

Shadow IT applications acquired without the knowledge of the IT department present problems for businesses as they can create security holes or may not be compliant with industry standards.

The problem isn't going to go away. Gartner reports that shadow IT spending represents 30 percent to 40 percent of the overall IT outlay in large enterprises.

Continue reading →

The age of what might be called the hobbyist hacker is long gone, replaced by a much more serious trend towards organized crime and nation states being behind hacking and cyberattacks.

In an era where data can be weaponized, both businesses and governments need to take the threat seriously. It's important for security teams to understand how attacks are carried out and the motivations that lie behind them.

Continue reading →

The NSA might not be the first organization that you think of turning to for advice about how to secure your computer, but the agency has offered up various tips about how to use PowerShell to do just this.

In conjunction with the Cybersecurity and Infrastructure Security Agency (CISA), the New Zealand National Cyber Security Centre (NZ NCSC) and the United Kingdom National Cyber Security Centre (NCSC-UK), the NSA has published a Cybersecurity Information Sheet. The document is entitled Keeping PowerShell: Security Measures to Use and Embrace, and it advises properly configuring and monitoring PowerShell, rather than removing or disabling it as is often recommended.

Continue reading →

John McAfee was a British-American software engineer who founded one of the most prominent anti-virus companies in the world. The self-titled McAfee Associates, Inc. released its first anti-virus program in 1987, under the simple name 'VirusScan.' Before that, McAfee had previously worked for such notables as NASA, Xerox and Lockheed. 

Of course, he became much more notable in his later life, with two failed runs for the Libertarian Party’s presidential nomination in 2016 and 2020, and began his road to trouble by announcing in 2019 that he believed taxes were illegal and stated that he hadn’t filed a tax return since 2010. 

Continue reading →

More and more organizations are enrolling users in Multi-Factor Authentication (henceforth referred to as MFA) wherein a secondary form of authentication takes place following a user inputting their credentials into a service to ensure a user is who they say they are. It’s an added layer of security and authentication that can help prevent compromise. But this isn’t bulletproof.

Recently a few blog posts and papers have begun to come out detailing a bypass technique known as "MFA bombing", "MFA Fatigue", "Push Notification Spamming", and many other terms, detailing high-profile threat actors such as LAPSUS$ who have abused the technique to gain access to otherwise protected areas. The technique was one we at Lares (and other red teams!) have used with overwhelming success in the past. We know it as Push Fatigue.

Continue reading →

According to new research only three percent of 'critical' code vulnerabilities are attackable, which means developers should be able to better prioritize efforts and significantly reduce their workload.

The study from automated security testing firm ShiftLeft finds that focusing on the three percent allows teams to greatly speed up and simplify efforts. ShiftLeft saw a 37 percent improvement from last year in mean time to remediate new vulnerabilities with a median scan time of 1 minute 30 seconds.

Continue reading →

We all know that you shouldn't share passwords. But we also know that there are occasions when it's useful to do so -- giving temporary access to a Wi-Fi network example or sharing data with contractors.

Keeper Security has come up with an innovative solution that allows users to securely share records with anyone on a time-limited basis.

Continue reading →

According to a new report 84 percent of respondents say their organization has experienced an identity-related breach in the last year, with 78 percent citing a direct business impact as a result.

The report, from the Identity Defined Security Alliance (IDSA), finds that 98 percent of respondents report that the number of identities is increasing, primarily driven by cloud adoption, third-party relationships and machine identities.

Continue reading →

Although ransomware remained the most common threat last year the number of new ransomware families and unique variants discovered in 2021 decreased significantly compared to previous years.

Researchers from WithSecure suggest that this could highlight a potential opportunity to disrupt the cybercrime ecosystem that's exacerbated the problem in recent years.

Continue reading →

According to a new report, 60 percent of enterprises have low confidence in their ability to manage attack surface risk.

The study from technology management firm Oomnitza finds businesses increasingly dealing with a hybrid workplace, hybrid cloud, and digital business growth, which makes the ability to manage cyber risk more challenging.

Continue reading →