Articles about Security

As the number of breaches shows no sign of reducing, cybersecurity and development professionals are feeling the pressure to maintain their organizations’ security postures.

New research from Invicti Security finds DevSecOps professionals spend more than four hours each workday addressing security issues that never should have happened in the first place.

Continue reading →

How do you know if you're being targeted by an agent of a foreign power? It used to be easy, as soon as he ordered red wine with his fish* you knew he wasn't the right sort of chap.

Nowadays when nation states are more likely to befriend you on social media in order to try to steal sensitive data you can no longer rely on the wine list to help you spot a bad guy.

Continue reading →

A new study finds that 26 percent of UK respondents admit to not using strong and unique passwords for their various work applications.

Worse still, the report, from MFA provider Beyond Identity, shows 11 percent never change their work password, while almost a quarter (24 percent) maintain the same personal passwords.

Continue reading →

An increasing volume of regulations surrounding the security and privacy of data have been implemented in recent years. This represents a challenge for businesses that need to ensure they remain compliant.

The challenge has become even greater due to the pandemic and the consequent shift in working patterns. So how can enterprises ensure that they remain compliant and don't fall foul of the rules?

Continue reading →

In early March 2022, authentication security company Okta reported that there had been an attempt to compromise the account of a third-party customer support engineer from Sitel in January. The organization released a statement claiming that the matter had been investigated and contained.

Okta CSO David Bradbury later admitted that up to 366 customers may have been breached, apologizing for not notifying customers earlier. In the weeks since the attack, Okta has released a conflicting statement arguing that the attack affected just two customers, although this is perhaps naïve and hard to prove. Okta has said it recognizes the broad toll this kind of compromise can have on customers, but there is little to suggest that the attackers aren’t already lying dormant inside the networks of further customers.

Continue reading →

White House officials, The Linux Foundation, OpenSSF and 37 private sector tech companies have announced a 10-point open source and software supply chain mobilization plan and $150 million of funding over two years.

At a summit meeting yesterday several participating organizations came together to collectively pledge an initial tranche of funding towards implementation of the plan. Those companies are Amazon, Ericsson, Google, Intel, Microsoft, and VMWare, pledging over $30M.

Continue reading →

The latest Threat Insights Report from HP Wolf Security shows a 27-fold increase in detections resulting from Emotet malicious spam campaigns in the first quarter of 2022.

Based on findings from millions of endpoints running HP Wolf Security, this makes Emotet the most seen malware family in the period accounting for nine percent of all malware captured.

Continue reading →

In recent years we've seen a trend towards attacks targeting the software supply chain rather than being directly against businesses.

Attacks can include poisoning the software components, stealing secrets to compromise an account, or modifying code repositories to allow for exploits.

Continue reading →

Making payments online is fraught with potential dangers, and there is risk involved with making purchases with your credit card. To help offer a level of protection, many companies -- including the likes of Revolut -- enable their customers to create virtual, disposable credit cards.

Inspired by this, Google is building the same functionality into Chrome. The company announced the upcoming payment security feature at Google I/O, saying that there will be support for autofilling details to help speed up transactions.

Continue reading →

Today marks the fifth anniversary of the notorious WannaCry ransomware attack which hit a number of large organizations around the world and was many people's first encounter with ransomware.

Five years on then, what have we learned from the attack and what long-term effect has it had on the industry?

Continue reading →

New analysis by AtlasVPN of primary data from Check Point shows business social network LinkedIn was related to over 52 percent of all phishing scams globally in the first quarter of 2022.

This is the first time that a social media network has been seen in campaigns much more often than any tech giant brand name like Apple, Google and Microsoft.

Continue reading →

Enterprises are able to put considerable resources into securing their networks, which has led hackers to target executives via their personal accounts on social media and elsewhere outside the organization.

A survey by Influential Executive shows that in 2020, 94 percent of Fortune 500 CEOs were on LinkedIn and 62 percent on Facebook, YouTube, or Twitter, up from 39 percent five years before.

Continue reading →

The NewProfilePic app has been taking Facebook by storm in recent days, allowing users to upload a photograph and have it turned into a piece of digital artwork.

However, it's sparked concern in the cybersecurity community because it collects data and sends it to Russia. Linerock Investments, the company behind the app, is based in Moscow alongside Russia's defense ministry.

Continue reading →

Several older botnets have seen a resurgence in activity in the first quarter of 2022, including Mirai, STRRAT and Emotet, according to the latest threat report from Nuspire.

Mirai, known for co-opting IoT devices to launch DDoS attacks and first seen in 2016, showed a spike in activity in February of this year. This corresponded with the discovery of Spring4Shell, a zero-day attack on popular Java web application framework, Spring Core. The attack allows for unauthenticated remote code execution, and data show Mirai exploited this vulnerability to its botnet.

Continue reading →

A new report has identified over 687 million exposed credentials and PII tied to Fortune 1000 employees, a 26 percent increase over last year's analysis.

The study from SpyCloud, based on its database of over 200 billion recaptured assets, also shows a 64 percent password reuse rate, widespread use of easy-to-guess passwords, and a spike in malware-infected devices.

Continue reading →