Articles about Security

There have been several knock-on effects from the Supreme Court ruling on Roe v Wade, but few people would have predicted a change in app use habits out of fear of criminal proceedings. But this is precisely what has happened as growing numbers of users are concerned about the potential for data stored in apps to be used against them

It's just one of the reasons there has been numerous instances of users either ditching period tracking apps altogether, or switching to options considered to be more secure. Now encryption firm Evervault has offered up another solution, announcing it will offer its encryption services free of charge to women's health apps.

Continue reading →

Ransomware attacks continue to impact organizations worldwide with high costs, but businesses are still largely unprepared to deal with them.

New data from Arcserve shows half of IT decision makers surveyed by Dimensional Research have been targeted by ransomware, 35 percent report their organizations were asked to pay over $100,000 in ransom payments, and 20 percent were asked to pay between $1 million to $10 million.

Continue reading →

Digital transformation is still very much flavor of the month, and businesses face an increasing level of cyber threats. But what is sometimes overlooked is that these things aren't all about technology.

People are an important part of the equation too, driving change and reacting to events. We spoke to James Harrison, head of UK at Telstra, to find out more about why it's important to build a corporate culture that doesn't neglect the human angle.

Continue reading →

Continuing global supply chain disruption caused by the pandemic and the war in Ukraine is putting enterprises at increased risk from things like ransomware attacks, according to new research from Citrix.

The survey of 200 UK IT decision makers carried out by OnePoll finds 80 percent of security leaders believe that supply chain issues or delays have put their organization at increased risk from ransomware -- for example, by being unable to replace unsupported hardware.

Continue reading →

The increasing threat of data breaches and ransomware is leading more business to encrypt all of their data according to a new report.

The report, from hardware-encrypted USB drive maker Apricorn, is based on a study of 100 UK IT decision makers carried out by Vanson Bourne and finds 47 percent now require the encryption of all data both at rest and in transit.

Continue reading →

Popular NFT marketplace OpenSea has started issuing emails to its users warning them of a leak of customer data.

OpenSea says that an employee of its email delivery vendor, Customer.io, abused their position to access and share email addresses with an unauthorized third party. The company has not given an indication of the number of users affected by the data breach, but has warned of an increased risk of phishing attacks. With the number of active users of OpenSea reported to be around 2 million -- and this does not include people who have just signed up for a newsletter -- the potential impact is huge.

Continue reading →

Phishing emails referencing corporate issues and delivery problem notifications are the ones most likely to induce people to click links according to new research.

Data on simulated phishing attacks from Kaspersky's Security Awareness Platform shows emails with these subjects were successful in getting people to click 16 to 18 percent of the time.

Continue reading →

New research from HP Wolf Security finds that 80 percent of IT leaders are concerned about their capacity to respond to firmware attacks.

The study shows that 67 percent of IT leaders say protecting against, detecting, and recovering from firmware attacks has become more difficult and time-consuming due to the increase in home working, with 64 percent saying the same of analyzing the security of firmware configuration.

Continue reading →

The world of ransomware is becoming increasingly professional and it’s easier than ever for new entrants to get into the business.

A new report from Tenable looks at the ransomware ecosystem and how it has become one of the biggest threats to organizations as well as being lucrative for the criminals behind it.

Continue reading →

Data is often referred to as 'the new oil' that is now playing a major part in shaping economies the world over. In today’s digital world, around 85 percent of organizations see data as one of their most valuable assets.

Back in 2010, IDC calculated that the world had created around 64.2 zettabytes (ZB) of digital information and Seed Scientific estimates that by 2025, the amount of data generated each day is expected to reach 463 exabytes globally, with a total of 175 zettabytes!

Continue reading →

Shadow IT applications acquired without the knowledge of the IT department present problems for businesses as they can create security holes or may not be compliant with industry standards.

The problem isn't going to go away. Gartner reports that shadow IT spending represents 30 percent to 40 percent of the overall IT outlay in large enterprises.

Continue reading →

The age of what might be called the hobbyist hacker is long gone, replaced by a much more serious trend towards organized crime and nation states being behind hacking and cyberattacks.

In an era where data can be weaponized, both businesses and governments need to take the threat seriously. It's important for security teams to understand how attacks are carried out and the motivations that lie behind them.

Continue reading →

The NSA might not be the first organization that you think of turning to for advice about how to secure your computer, but the agency has offered up various tips about how to use PowerShell to do just this.

In conjunction with the Cybersecurity and Infrastructure Security Agency (CISA), the New Zealand National Cyber Security Centre (NZ NCSC) and the United Kingdom National Cyber Security Centre (NCSC-UK), the NSA has published a Cybersecurity Information Sheet. The document is entitled Keeping PowerShell: Security Measures to Use and Embrace, and it advises properly configuring and monitoring PowerShell, rather than removing or disabling it as is often recommended.

Continue reading →

John McAfee was a British-American software engineer who founded one of the most prominent anti-virus companies in the world. The self-titled McAfee Associates, Inc. released its first anti-virus program in 1987, under the simple name 'VirusScan.' Before that, McAfee had previously worked for such notables as NASA, Xerox and Lockheed. 

Of course, he became much more notable in his later life, with two failed runs for the Libertarian Party’s presidential nomination in 2016 and 2020, and began his road to trouble by announcing in 2019 that he believed taxes were illegal and stated that he hadn’t filed a tax return since 2010. 

Continue reading →

More and more organizations are enrolling users in Multi-Factor Authentication (henceforth referred to as MFA) wherein a secondary form of authentication takes place following a user inputting their credentials into a service to ensure a user is who they say they are. It’s an added layer of security and authentication that can help prevent compromise. But this isn’t bulletproof.

Recently a few blog posts and papers have begun to come out detailing a bypass technique known as "MFA bombing", "MFA Fatigue", "Push Notification Spamming", and many other terms, detailing high-profile threat actors such as LAPSUS$ who have abused the technique to gain access to otherwise protected areas. The technique was one we at Lares (and other red teams!) have used with overwhelming success in the past. We know it as Push Fatigue.

Continue reading →