Articles about Security

Maintaining a secure cloud environment is one of the most important responsibilities of any CISO today, given that over 50 percent of all cyberattacks now originate in the cloud. However, this is a daunting task, as security must now be balanced against other priorities such as maintaining agile operations and the need to innovate.

Organizations today are racing to accelerate their cloud adoption due to the need for greater scalability and cost-efficiency. It has, therefore, become a critical business strategy to ensure efficiency, accessibility, and sustainability in operations. As a result, cloud investments are soaring across the board. Gartner predicts that end-user spending on public cloud services will reach $679 billion by the end of this year and exceed $1 trillion by 2027.

Continue reading →

We lose a bit of our digital privacy with every data breach that occurs. A breach like the one at AT&T -- which exposed Social Security numbers and other personal information needed for identity theft -- is particularly serious in the landscape of data breaches. The percentage of users with Social Security numbers exposed in our data bases following the AT&T breach increased from less than 1 percent to almost 15 percent. Sensitive personal information getting out -- especially when it's easily accessible on the public internet, not just the dark web, which requires special software to be accessed -- opens you up to a huge risk of abuse.

The most notable threat users face is the potential for identity theft, where malicious actors access email, bank, and credit card accounts to impersonate victims. This can also include gaining unauthorized access to accounts by resetting passwords and even taking control of your phone number to bypass text message confirmations. What’s more, if a thief has access to your personal details, they might go as far as taking out loans or credit cards in your name -- a tactic that remains one of the most common types of identity theft.

Continue reading →

AI is one of the most powerful innovations of the decade, if not the most powerful. Yet with that power also comes the risk of abuse.

Whenever any new, disruptive technology is introduced to society, if there is a way for it to be abused for the nefarious gain of others, wrongdoers will find it. Thus, the threat of AI is not inherent to the technology itself, but rather an unintended consequence of bad actors using it for purposes that wreak havoc and cause harm. If we do not do something about these cyber threats posed by the misuse of AI, the legitimate, beneficial uses of the technology will be undermined.

Continue reading →

Think you’ve been hit by a cyber-attack? You need to move fast, but what immediate actions should you take, or should you not take?  Here’s a Cyber Incident Responder’s guide to steer you through the turmoil. The actions your team takes -- or doesn’t take -- can greatly impact the overall duration of recovery, cost, and the potential to uncover vital evidence left by threat actors within your infrastructure.

Identifying a cyber security incident can be challenging. Many threat actors have mastered the art of quietly infiltrating IT systems and hiding their digital footprints. Not all cyber-attacks are as overt as encryption-based ransomware or mandate fraud. The rise of encryption-less ransomware and corporate and state-level espionage is concerning. These silent intruders can lead to data and intellectual property (IP) loss, diminished competitive edge or market share, potential regulatory fines, and reputational damage.  All of which can be just as devastating, if not more so, to an organization, its employees, and investors, than a single ransomware incident.

Continue reading →

Streaming video services have clamped down on password sharing and have -- as Netflix has shown -- reaped the financial benefits. But while many companies are keen to stamp out the practice of sharing passwords, Google is actively embracing it.

A policy change that was talked about back in February is now rolling out, bringing a new password sharing option to Google Password Manager. The feature makes it possible to share a password in a secure way, without having to write it down.

Continue reading →

As the foundational component of the internet, DNS has been around for over 40 years and yet, it remains a major vector for bad actors even today. You might think that DNS wouldn’t be such a big security concern today given how much time we’ve had to come up with a better way to secure it, but lo and behold, it’s still at least partially responsible for a large percentage of cyber-attacks.

DNS-based attacks can include everything from malware to phishing, to domain theft and DDoS (Distributed Denial of Service) attacks, among others. And these can have major consequences for the organizations hit by them. While there are countless examples, some of the most recent and well-publicized ones have included takedowns of ChatGPT and Google Cloud, though almost every bit of modern malware leverages DNS in some way.

Continue reading →

The decentralized nature of the cloud provides great flexibility for users, but it also introduces great vulnerabilities for data center operators. As an abundant source of valuable data, the modern data center has become a prime target for cybercriminals, from small business facilities to the huge hyperscale colocation data centers run by Amazon, Google, and Microsoft.

Protecting these interconnected facilities and the hardware and software systems that they physically host provides a perpetual job for security teams. But it’s important to recognize the clear distinction between securing information technology (IT) inside a data center facility, versus securing the operational technology (OT), or what’s called “cyber-physical systems” needed to run the facility itself. IT and OT involve two complementary but distinct categories of security and risk.

Continue reading →

In the current era of digitalization, cybersecurity has become a topmost priority for businesses, regardless of their size and nature. With the growing dependence on digital infrastructure and data, safeguarding against cyber threats has become crucial to ensure uninterrupted business operations. However, the evolving nature of cyberattacks poses significant challenges for traditional security measures.

This is where Artificial Intelligence (AI) emerges as a game-changer, offering substantial benefits and inherent risks in cybersecurity.

Continue reading →

Cryptocurrency has been increasingly professionalized in recent years, offering millions of transactions to a global base of everyday users. However, this trend of mainstream investment has happened in tandem with recent high-profile prosecutions of former crypto leaders.

The decentralized nature of cryptocurrency still presents opportunities for bad actors to exploit, particularly for laundering money. Approximately $72 billion a year of illicit transactions is being paid for with crypto, a large portion of which is cleaning dirty money, according to a recent Europol report.

Continue reading →

Microsoft has released its monthly patches for Windows 11 in the form of the KB5037771 update. There are lots of fixes in this release including for problems with domain controllers, VPNs, and SMB clients.

There are a number of security fixes, but also more controversial changes -- including ads in the Start menu (or app recommendations as Microsoft calls them). Other changes include improvements to Widgets and Windows Subsystem for Linux 2 (WSL2).

Continue reading →

In The DevSecOps Playbook: Deliver Continuous Security at Speed, Wiley CISO and CIO Sean D. Mack delivers an expert analysis of how to keep your business secure, relying on the classic triad of people, process, and technology to examine -- in depth -- every component of DevSecOps.

In the book, you'll learn why DevSecOps is as much about people and collaboration as it is about technology and how it impacts every part of our cybersecurity systems.

Continue reading →

The race to successfully build quantum computers is on. With the potential to solve all manner of problems for humanity, players across the globe -- from tech companies to academic institutions to governments -- have been busy investing significant resources into quantum computing initiatives for some years now.

But what are they exactly? A traditional (digital) computer processes zeros and ones, so called bits. These, to a first order approximation, are represented as on/off electrical signals. Quantum computers, on the other hand, leverage quantum mechanics to process information using quantum-bits or qubits, which can represent multiple states simultaneously. And it’s this capability that enables quantum computers to tackle computational tasks that are currently out of the question for classical computers - think factoring large numbers, simulating quantum systems, optimizing complex systems or solving certain types of optimization and machine learning problems.

Continue reading →

The critical national infrastructure that underpins the UK has undergone a tremendous amount of digital transformation in recent years. Areas like water treatment, energy and food production are still heavily reliant on operational technology (OT) systems that were often designed and implemented long before the digital revolution.

Digitizing these systems and connecting them to standard IT networks has allowed operators to boost efficiency and bring in practices like remote working and data collection that weren’t possible in an analogue environment.

Continue reading →

The digital revolution continues at pace. Yet, whilst many industries are looking to harness the transformative impact of AI and other innovative tech, there are many firms in financial services that are simply unprepared and unable to capitalize on the latest advancements.

A reliance on legacy systems and the use of paper-based forms of communication and record-keeping is holding the sector back. Now is the time for the industry to fully embrace digital transformation strategies or risk being left behind. The benefits of going digital for businesses in the financial services industry are huge, encompassing benefits from streamlining operations and cutting costs, to improving customer experience and overall functionality. Whilst adopting new technologies undoubtedly comes with risks, the sector can ill-afford to stand still in the face of such a rapidly changing world.

Continue reading →

A serious security vulnerability exists in Cisco Integrated Management Controller (IMC) which can be used by an attacker to elevate privileges to root.

The company has issued a warning about the vulnerability and acknowledged the availability of proof-of-concept exploit code for it. The high severity warning is accompanied by the release of patches, as well as a note that there is no workaround other than a software update.

Continue reading →