Articles about Security

The widespread use of open source software within modern application development leads to significant security risks, according to a new report.

The research from developer security firm Snyk and the Linux Foundation finds 41 percent of organizations don't have high confidence in their open source software security.

Continue reading →

New managed detection and response (MDR) offerings launched by Trustwave aim to give organizations real-time 24x7 monitoring of their hybrid multi-cloud environments for active threats and anomalies.

Trustwave MDR and Trustwave MDR Elite are backed by a team of global threat operators, threat hunters, and malware experts. Clients also get a free subscription to Trustwave Security Colony -- a battle-tested resource specifically built for CISOs that includes toolkits, guidelines, playbooks, and assessment capabilities.

Continue reading →

Water is -- said without pathos -- our elixir of life. After the air we breathe, we depend on nothing more to survive. We are made up of about 70 percent water and can survive only a few days without its replenishment. So it's fair to say that few other areas of critical infrastructure are as important to us as the supply of pure drinking water. But in the face of rising global tensions, there is growing concern that water supplies, which are as important as they are vulnerable, could become the target of cyberattacks.

Earlier this year, on January 11, 2022, the Joint Research Center of the European Reference Network for Critical Infrastructure Protection (ERNCIP) published its Water Security Plan in the form of a handbook. This addresses the implementation of security measures to protect the physical and digital integrity of water supply systems. The plan is intended to enable drinking water supply operators to lay the groundwork for implementing specific measures to improve water system security against threats and attacks.

Continue reading →

We've become familiar with the widespread use of ransomware, but researchers at Rapid7 have been examining the rise of a newer phenomenon, 'double extortion'.

Pioneered by the Maze ransomware group, double extortion involves cybercriminals collecting files before encrypting them. Then if the target organization refuses to pay they threaten to release sensitive information.

Continue reading →

Choosing a partner business with a poor security posture makes an organization 360-times more likely to be at risk compared to choosing a top security performer, according to a new study.

The risk surface research from Cyentia Institute and RiskRecon shows that single demographic factors, such as industry, size and region, aren't enough to assess the risk posed by third parties.

Continue reading →

Only 16 percent of respondents to a new survey have a fully mature identity and access management (IAM) strategy in place, yet 56 percent have experienced identity-related incidents in the last three years.

The study carried out by the Ponemon Institute for enterprise identity specialist Saviynt shows that the 84 percent without a mature strategy are currently dealing with inadequate budgets, programs stuck in a planning phase, and a lack of senior-level awareness.

Continue reading →

New research released today from Cyren shows that business email perimeter defenses are often incapable of preventing well-crafted email attacks.

During an average month, there are 75 malicious messages per 100 mailboxes that slip past email security filters like Microsoft 365 Defender. This means that an enterprise with 5,000 mailboxes would need to detect and respond to 3,750 confirmed malicious inbox threats each month.

Continue reading →

Almost all (99 percent) of IT decision makers say they have backup strategies in place, but 26 percent admit they were unable to fully restore all data or documents when recovering from a backup.

These findings come from a survey conducted for encrypted USB drive company Apricorn by Vanson Bourne, which also finds that 27 percent have automated backups to both central and personal repositories.

Continue reading →

It's the time of the month for Microsoft to release updates for Windows, and having done so for Windows 11, the company has also published updates for Windows 10.

There are two security updates to consider here. For users of Windows 10 version 1809, there is the KB5014692 update; for users of Windows 10 versions 20H2, 21H1 and 21H2, there is the KB5014699 update. Both are important security updates that should be installed immediately.

Continue reading →

Organizational cybersecurity has significantly improved over the last year, following positive shifts in influence by CISOs and changing attitudes towards security culture, according to a new report.

The ninth annual Information Security Maturity report, published by ClubCISO in collaboration with Telstra Purple, surveyed more than 100 information security leaders around the world and finds 54 percent report that 'no material incident occurred', in the past year, compared to 27 percent in 2021.

Continue reading →

While 83 percent of respondents to a new survey of small and medium businesses agree that they have seen an increased awareness of cybersecurity in their organization, only 36 percent have adopted new security policies.

The report from Dashlane is based on a survey of more than 600 employees and managers and over 300 IT decision makers (leaders) at SMBs across multiple industries.

Continue reading →

New analysis by CybSafe of data from the UK Information Commissioner's Office shows 80 percent of data breaches reported in 2021 were caused by user error.

A total of 2,692 reports were sent to the ICO last year 80 percent of which could be attributed to actions taken by end-users, though this is down from 90 percent in 2020.

Continue reading →

A new report reveals that 53 percent of organizations have experienced a cyberattack on their cloud infrastructure within the last 12 months.

The 2022 Cloud Security Report from Netwrix shows that was the most common type of attack, experienced by 73 percent of respondents.

Continue reading →

Surfshark is one of the best VPNs on the market for several reasons -- not just its affordable pricing and reliability. The service is cross-platform and available on all major operating systems, including Windows, macOS, iOS, iPadOS, and Android. In fact, there is even a Linux version of Surfshark (with a GUI) for Debian-based distributions and derivatives, such as Ubuntu, Linux Mint, and Pop!_OS.

Recently, Surfshark added an antivirus service at no added cost, making it even more of an incredible value. However, people were understandably hesitant to depend on a brand-new antivirus service to protect their computers and devices. Well, folks, it seems any concerns were unwarranted. You see, today, Surfshark announces it has received the coveted VB100 certification from Virus Bulletin.

Continue reading →

When it comes to fraud, you can never be too careful. Especially when you hear about the brass neck of some criminal gangs that are increasingly adopting the persona of legitimate businesses to peddle stolen credit card details and other financial information.

Fraud-as-a-service (FaaS), as it’s known, has become an industry in itself, with criminals able to provide a one-stop-shop for scammers to rip-off customers and businesses. These organized fraud rings -- often manned by career professionals who know how to bypass rules-based systems -- are becoming increasingly sophisticated.

Continue reading →