Articles about Security

Monitoring of backups has long been a necessary chore for IT professionals, but a report out today shows that new issues are also impacting the category and creating greater challenges.

The study from Bocada, a company which specializes in the automation of backup reporting and monitoring, is based on a survey of over 260 IT professionals. Varied environments and growing data volumes are revealed as a major concern, with securing data across backup applications the most-cited backup management challenge, followed by protecting growing data volume.

Continue reading →

The IT infrastructure of a modern enterprise is made up of a complex architecture of dynamic networks, cloud deployments, software applications, and endpoint devices.

Each of these has its own set of security controls, which form a critical part of the technology ecosystem, but managing these systems can hinder efficient threat detection and response, which in turn compromises visibility, allowing vulnerabilities and gaps to flourish.

Continue reading →

Verizon recently released its 2022 Data Breach Investigations Report, giving businesses vital insights into the state of cybersecurity around the world. Containing an analysis of over 23,000 incidents and 5,200 confirmed breaches over 15 years, Verizon attributes the number-one motive of cyberattacks to financial gain. Almost four out of five breaches were attributable to organized crime seeking to extort businesses of hefty ransomware sums, backed by insurance pay-out.

Verizon has also estimated that there has been a 13 percent increase in ransomware breaches -- this is more than in the last 5 years combined. Additionally, 82 percent of cyber breaches involved a human element, namely through stolen credentials, phishing, misuse or simply an error.

Continue reading →

There has been a 90 percent increase in the number of healthcare organizations targeted by cyber-attacks, in comparison with the first quarter of 2022.

The latest cyber threat Landscape report from Kroll finds that while phishing continues to be the vector used for initial access, there has been a vast increase in external remote services (such as VPNs and RDP environments) being compromised, up 700 percent.

Continue reading →

As more and more devices that we might not conventionally think of as 'IT' become connected, the risks to enterprises increase.

To address this concern Claroty is launching xDome, a new cloud-based industrial cybersecurity platform that drives cyber and operational resilience for modern industrial businesses.

Continue reading →

New research from Accenture shows that data stolen in ransomware and other cyberattacks is being weaponized in order to carry out business email compromise (BEC) attacks.

Underground forums have sets of credentials for sale for as little as $10 that provide access to genuine corporate email accounts, making malicious emails seem genuine.

Continue reading →

Office macros have long been a favorite attack method for cybercriminals but now that Microsoft has started blocking them by default the bad guys have started to turn to other methods.

A new report from HP Wolf Security shows a shift to shortcut (LNK) files being used to deliver malware. Attackers often place shortcut files in ZIP email attachments, to help them evade email scanners.

Continue reading →

With more people working remotely, messaging and email have become even more essential tools, but the sharing of sensitive data via these routes also presents risks.

Concentric AI is using this week's Black Hat USA to launch an AI-based solution that protects sensitive data shared as text or attachments across today’s most popular business messaging platforms, including email, Slack, and Microsoft Teams.

Continue reading →

The US Cybersecurity and Infrastructure Security Agency has issued a warning about a security issue with the UnRAR tool for Linux-based systems.

The vulnerability is being tracked as CVE-2022-30333, and if successfully exploited, the flaw could allow an attacker to use the process of unpacking an archive to write data to an area of storage.

Continue reading →

In the second quarter of this year malware events increased over 25 percent, botnets doubled and exploit activity grew by nearly 150 percent, according to a new report.

The report from managed security services provider Nuspire, based on threat intelligence analyzed from Nuspire's trillion traffic logs from client sites and associated with thousands of devices from around the world, shows a substantial increase in botnet activity near the end of Q2, attributed to Torpig Mebroot botnet, a banking trojan designed to scrape and collect credit card and payment information from infected devices.

Continue reading →

It is that time of the month again -- the time that Microsoft releases updates for Windows 11. This time around, the company has released the KB5016629 update to not only fix a problem that prevented the Start menu from opening, but also to address various security issues.

This is a cumulative update which also includes the changes that were part of the KB5015882 update that was made available last month. This means that the KB5016629 update fixes problems with File Explorer as well as introducing new Focus Assist features and better Windows 11 updating.

Continue reading →

A new study reveals that while 80 percent of enterprises are using open source software (OSS) -- set to rise to 99 percent in the next year -- a mere one percent say they aren't worried about security.

The report from Synopsys, based on research by Enterprise Strategy Group (ESG), shows that in response to high profile supply chain attacks 73 percent of respondents say they have increased their efforts significantly to secure their organizations' software supply chain.

Continue reading →

The power of software supply chain attacks was amply demonstrated by SolarWinds but two years on some organizations are still vulnerable thanks to the use of source code management (SCM) systems.

IBM's X-Force Red ethical hacking team has been able to successfully gain access to SCM systems during an adversary simulation engagement in most cases.

Continue reading →

WhatsApp is not only one of the popular messaging apps out there, it is also one that is subject to some of the fastest development work. Existing features are constantly being tweaked, new options are being added all the time, and Mark Zuckerberg has just revealed three exciting new privacy-focused features.

In an announcement on his personal Facebook page, the CEO of Meta teased a trio of new features which will help to improve the privacy of group and one-on-one chats. The upcoming additions are part of a new global campaign from WhatsApp that focuses on and promotes privacy and security features.

Continue reading →

Despite the fast changing nature of the world of cybersecurity, it seems that when it comes to vulnerabilities there's still a place for the golden oldies.

New research by Rezilion find that more that 4.5 million internet-facing devices are still vulnerable to vulnerabilities discovered between 2010 to 2020. What's more, for most of these vulnerabilities, active scanning/exploitation attempts have taken place in the past 30 days too.

Continue reading →