Articles about Security

As long ago as 2004 no less a figure than Bill Gates was predicting the death of the password. But here we are almost 20 years on and passwords are still the primary authentication method.

So passwords look set to be with us for a while yet, however, 90 percent of internet users are worried about getting their passwords hacked. Cybersecurity company Ping Identity has been looking at passwords and how to use them safely for both businesses and consumers.

Continue reading →

A new survey of cybersecurity professionals attending this week's RSA conference shows that cloud security is their main concern.

The study by Delinea shows 37 percent think cloud security is the main cybersecurity concern of the year, followed by ransomware (19 percent) and remote workers (17 percent).

Continue reading →

Fans of Linux-based operating systems often cite greater security as the basis for the love of their chosen distro. Whether Linux distros have better security track records than the likes of Windows 11 and macOS because they are inherently more secure or because they are simply not targeted as much as very much open to debate, but Linux remains fallible, nonetheless.

Going some way to prove this is the Symbiote malware discovered by security researchers from BlackBerry and Intezer Labs. Symbiote is worrying for a number of reasons including the fact that it is described as "nearly-impossible-to-detect". It is also extremely dangerous piece of malware that "parasitically infects" systems, infecting all running processes and giving threat actors rootkit functionality, remote access and more.

Continue reading →

While most IT and security operations (SecOps) decision-makers believe they should jointly share the responsibility for their organization's data security strategy, many of these teams are not collaborating as effectively as possible to address growing cyber threats.

This is one of the findings of a new report from data management firm Cohesity which also shows that of those respondents who believe collaboration is weak between IT and security, nearly half think their organization is more exposed to cyber threats as a result.

Continue reading →

Enterprise IT spending is continuing to increase, with 64 percent of respondents to a new study expecting to increase IT budgets in the next 12 months. This is up from 49 percent in January of 2021, though down from 71 percent before sanctions against Russia began in February.

The latest Flexera 2022 Tech Spend Pulse report -- based on a survey of 501 IT executives working in large enterprises with 2,000 or more employees, headquartered in North America and Europe -- shows organizations with 2,001 to 5,000 employees spend 10 percent of revenue on IT. For the largest companies (more than 10,000 employees), this drops to six percent.

Continue reading →

Achieving digital resilience is a prominent concern for enterprise organizations, as they face increasingly sophisticated cyberthreats and adjust to a hybrid working environment.

A new report from A10 Networks, based on a survey of almost 2,500 network infrastructure, security, and cloud migration decision makers in larger businesses worldwide, shows nine out of 10 respondents have some level of concern around digital resilience.

Continue reading →

A security breach can lead to serious reputational and legal issues for enterprises. The speed and effectiveness with which they are able to respond to incidents is therefore crucial.

Larry Gagnon, senior vice president, global incident response at eSentire, believes that the way to address this is by greater automation incident response. We talked to him to find out more.

Continue reading →

Without a doubt, cybersecurity will continue to be a topic riding high on the C-Suite agenda throughout 2022. With intensifying trade disputes, an escalating threat landscape, a highly distributed workforce, supply chains stretched to breaking point by the pandemic, and extra pressure exerted by the ongoing effects of Brexit in the UK and other geo-political issues, having a secure, productive, agile and cost-effective security framework in place will be paramount.

It’s evident that today’s enterprises conduct business and use digital technologies in ways that are evolving constantly. This digital transformation is making traditional perimeter-based cybersecurity IT infrastructure redundant. The days when every user and every device operating from within an organization’s premises or firewall could be automatically trusted, are over for good.

Continue reading →

According to a new report, 45 percent of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up five percent from the previous year.

The latest Cloud Security Report from Thales also shows multi-cloud adoption is accelerating with 72 percent of organizations using multiple IaaS providers compared to 57 percent in 2021.

Continue reading →

Yesterday we reported on the introduction of the passwordless password manager, but as ever in the security industry other companies are never far behind a new innovation. Today LogMeOnce introduces a patented passwordless authentication method using a QR code.

With QR Code Login, rather than having to use or enter a master password to unlock the password manager, when a user wants to log into a web account, a unique QR Code will appear on the computer monitor screen. Users then use a mobile phone to scan the code and they are securely authenticated.

Continue reading →

Although we tend to focus on frauds as a result of online account takeovers, more traditional social engineering methods are still a major problem, as are newer threats like deepfakes.

Voice technology company Pindrop is using this week's RSA Conference to launch new features that boost the level of intelligence that can be gained from voice analysis.

Continue reading →

For a company whose business is to protect passwords, going passwordless might seem a bit self-defeating, but stick with us, because there is method in this madness.

LastPass is announcing that its customers can now access their vault, and all sites stored in it, with a simple and secure passwordless login using the LastPass Authenticator.

Continue reading →

Security and compliance specialist Qualys is releasing the latest version of its Vulnerability Management, Detection and Response (VMDR) solution with TruRisk, which offers risk-based vulnerability management for insights into an organization's unique risk posture, allowing it to prioritize its most critical threats.

Qualys VMDR 2.0 gives security and IT teams a shared context and the ability to create workflows via drag and drop technology to quickly align and respond to threats.

Continue reading →

Researchers at anti-bot specialist Kasada have recently uncovered the use of 'Solver Service' bots -- an API-as-a-service tool created to bypass the majority of bot management systems.

By 'solving' a bot detection system's defense, these allow enterprising cybercriminals to now commercialize the Solver Service they deciphered and sell it for a profit. This means buyers can successfully conduct automated bot attacks without any technical skills -- and without having to worry about what bot defenses a site may have in place.

Continue reading →

As we reported a few weeks ago, OpenSSF in conjunction with the White House and others has launched a 10-point plan and funding with the aim of improving the security of the software supply chain.

OpenSSF has also announced a number of new members including premier members, Atlassian and Sonatype, who will join the OpenSSF governing board.

Continue reading →