Articles about Security

At its Windows Powers the Future of Hybrid Work event earlier this week, Microsoft revealed various new features that are coming to Windows 11. As well as additions such as tabs in File Explorer and folders in the Start menu, the company revealed a lot of upcoming security features.

One of the security highlights is Smart App Control, which works like an enhanced version of the SmartScreen filter already found in Windows. It will help to block malicious apps, but there is a serious downside that will put off a lot of people.

Continue reading →

In today’s business environment, data is one of the most valuable assets any organization owns. Consequently, a great deal of time and money is spent trying to ensure that the most effective data security measures are in place to protect it. But with so many options available, knowing which approach to take is becoming increasingly difficult.

Escalating cybercrime, the adoption of cloud computing, an explosion in mobile device usage, and varying technology and applications means there’s so much to consider. No matter the industry, a data security breach is now an increasingly likely scenario that all businesses could face. Security teams should therefore consider a strategy that is focused on protecting actual data throughout its entire lifecycle, rather than just focusing on the infrastructure around it. 

Continue reading →

New research from Vectra AI shows 94 percent of IT security leaders have felt increased pressure to keep their company safe from cyberattacks in the past year, while half say they feel burned out and ready to quit.

The survey of 200 UK IT security decision-makers finds 51 percent of respondents have experienced negative emotions such as depression, anger, or anxiety due to feeling overwhelmed by work.

Continue reading →

Whether it's down to the Great Resignation or a lack of the correct skills, security and development teams are struggling to find and retain enough skilled staff.

A new study released today by cybersecurity company Cobalt finds that 45 percent of security respondents say their department is currently experiencing a shortage of employees.

Continue reading →

The latest research from Cado Security reveals the first publicly known malware that is specifically designed to execute in the AWS Lambda serverless environment.

Named Denonia, the malware downloads and runs crypto mining software, and demonstrates how attackers are exploiting newer cloud computing use cases to take advantage of their ephemeral nature to evade detection.

Continue reading →

Launched last year, Avast One aimed to offer a comprehensive protection suite with both free and paid for editions.

The company has now announced significant enhancements to the product, with new features designed to protect people from online scams, fraud, and other personal privacy threats.

Continue reading →

Over half (56 percent) of IT security leaders say that their non-technical staff are only 'somewhat' or 'not at all' prepared, for a cyberattack.

A new survey by Egress of 600 IT security leaders also shows that 77 percent of respondents have seen an increase in security compromises since going remote twp years ago, and there's a continued significant risk to organizations.

Continue reading →

A new study into financial fraud from Feedzai finds that fraud attempts globally are up by 233 percent over the last two years.

Over the same period there has also been a whopping 794 percent increase in fraud on digital entertainment transactions. The effects of the pandemic are evident too with a 65 percent increase in online transactions and a 75 percent drop in US cash withdrawals.

Continue reading →

A new study from Israel-based XM Cyber, based on findings from nearly two million endpoints, files, folders and cloud resources throughout 2021, shows 94 percent of critical assets can be compromised within just four steps of the initial breach point.

The research team analyzed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-premise, multi-cloud and hybrid environments, and developed tips for thwarting them.

Continue reading →

A new multi-vector endpoint detection and response (EDR) solution from Qualys aims to reduce the risk of compromise with vulnerability management and patching all from a single agent.

Traditional EDR solutions still focus solely on endpoint activity to detect attacks and incorporate only MITRE ATT&CK techniques -- not tactics. This means security teams are forced to rely on additional tools to strengthen their risk management.

Continue reading →

A record 71 percent of organizations were impacted by successful ransomware attacks last year, according to the 2022 Cyberthreat Defense Report (CDR) from CyberEdge Group, up from 55 percent in 2017.

Of those that fell victim, almost two-thirds (63 percent) paid the requested ransom, up from 39 percent in 2017.

Continue reading →

It has been a very long time coming, but Microsoft appears to have finally understood the value and importance of HTTPS. For reasons best known to the company, anyone looking to download updates from the Microsoft Update Catalog have had to do so via HTTP links -- but no longer.

In the last few days, Microsoft made a server-side change that means Microsoft Update Catalog downloads now use HTTPS connections. The switch to HTTPS affects everything from Windows 11 to Office, and everything in between.

Continue reading →

It's now over three months since the Log4Shell vulnerability, affecting the Log4j logging framework, first appeared.

But new research from Randori shows that it's still giving headaches to enterprises and identifies the top 10 attackable targets.

Continue reading →

With the COVID-19 pandemic and drive for digital transformation the shift to a new distributed workforce model continues at pace.

But this can also leave businesses vulnerable as attack vectors have become more sophisticated -- resulting in a continued shortage of security experts.

Continue reading →

A new study commissioned by Imperva from Forrester Research finds 58 percent of sensitive data security incidents are caused by insider threats.

And yet 31 percent of firms don't believe insiders are a substantial threat. Indeed only 37 percent of participants report having dedicated insider threat teams, and 70 percent of organizations in the EMEA region don't have a strategy for stopping insider threats.

Continue reading →