Articles about Security

According to new research only three percent of 'critical' code vulnerabilities are attackable, which means developers should be able to better prioritize efforts and significantly reduce their workload.

The study from automated security testing firm ShiftLeft finds that focusing on the three percent allows teams to greatly speed up and simplify efforts. ShiftLeft saw a 37 percent improvement from last year in mean time to remediate new vulnerabilities with a median scan time of 1 minute 30 seconds.

Continue reading →

We all know that you shouldn't share passwords. But we also know that there are occasions when it's useful to do so -- giving temporary access to a Wi-Fi network example or sharing data with contractors.

Keeper Security has come up with an innovative solution that allows users to securely share records with anyone on a time-limited basis.

Continue reading →

According to a new report 84 percent of respondents say their organization has experienced an identity-related breach in the last year, with 78 percent citing a direct business impact as a result.

The report, from the Identity Defined Security Alliance (IDSA), finds that 98 percent of respondents report that the number of identities is increasing, primarily driven by cloud adoption, third-party relationships and machine identities.

Continue reading →

Although ransomware remained the most common threat last year the number of new ransomware families and unique variants discovered in 2021 decreased significantly compared to previous years.

Researchers from WithSecure suggest that this could highlight a potential opportunity to disrupt the cybercrime ecosystem that's exacerbated the problem in recent years.

Continue reading →

According to a new report, 60 percent of enterprises have low confidence in their ability to manage attack surface risk.

The study from technology management firm Oomnitza finds businesses increasingly dealing with a hybrid workplace, hybrid cloud, and digital business growth, which makes the ability to manage cyber risk more challenging.

Continue reading →

The widespread use of open source software within modern application development leads to significant security risks, according to a new report.

The research from developer security firm Snyk and the Linux Foundation finds 41 percent of organizations don't have high confidence in their open source software security.

Continue reading →

New managed detection and response (MDR) offerings launched by Trustwave aim to give organizations real-time 24x7 monitoring of their hybrid multi-cloud environments for active threats and anomalies.

Trustwave MDR and Trustwave MDR Elite are backed by a team of global threat operators, threat hunters, and malware experts. Clients also get a free subscription to Trustwave Security Colony -- a battle-tested resource specifically built for CISOs that includes toolkits, guidelines, playbooks, and assessment capabilities.

Continue reading →

Water is -- said without pathos -- our elixir of life. After the air we breathe, we depend on nothing more to survive. We are made up of about 70 percent water and can survive only a few days without its replenishment. So it's fair to say that few other areas of critical infrastructure are as important to us as the supply of pure drinking water. But in the face of rising global tensions, there is growing concern that water supplies, which are as important as they are vulnerable, could become the target of cyberattacks.

Earlier this year, on January 11, 2022, the Joint Research Center of the European Reference Network for Critical Infrastructure Protection (ERNCIP) published its Water Security Plan in the form of a handbook. This addresses the implementation of security measures to protect the physical and digital integrity of water supply systems. The plan is intended to enable drinking water supply operators to lay the groundwork for implementing specific measures to improve water system security against threats and attacks.

Continue reading →

We've become familiar with the widespread use of ransomware, but researchers at Rapid7 have been examining the rise of a newer phenomenon, 'double extortion'.

Pioneered by the Maze ransomware group, double extortion involves cybercriminals collecting files before encrypting them. Then if the target organization refuses to pay they threaten to release sensitive information.

Continue reading →

Choosing a partner business with a poor security posture makes an organization 360-times more likely to be at risk compared to choosing a top security performer, according to a new study.

The risk surface research from Cyentia Institute and RiskRecon shows that single demographic factors, such as industry, size and region, aren't enough to assess the risk posed by third parties.

Continue reading →

Only 16 percent of respondents to a new survey have a fully mature identity and access management (IAM) strategy in place, yet 56 percent have experienced identity-related incidents in the last three years.

The study carried out by the Ponemon Institute for enterprise identity specialist Saviynt shows that the 84 percent without a mature strategy are currently dealing with inadequate budgets, programs stuck in a planning phase, and a lack of senior-level awareness.

Continue reading →

New research released today from Cyren shows that business email perimeter defenses are often incapable of preventing well-crafted email attacks.

During an average month, there are 75 malicious messages per 100 mailboxes that slip past email security filters like Microsoft 365 Defender. This means that an enterprise with 5,000 mailboxes would need to detect and respond to 3,750 confirmed malicious inbox threats each month.

Continue reading →

Almost all (99 percent) of IT decision makers say they have backup strategies in place, but 26 percent admit they were unable to fully restore all data or documents when recovering from a backup.

These findings come from a survey conducted for encrypted USB drive company Apricorn by Vanson Bourne, which also finds that 27 percent have automated backups to both central and personal repositories.

Continue reading →

It's the time of the month for Microsoft to release updates for Windows, and having done so for Windows 11, the company has also published updates for Windows 10.

There are two security updates to consider here. For users of Windows 10 version 1809, there is the KB5014692 update; for users of Windows 10 versions 20H2, 21H1 and 21H2, there is the KB5014699 update. Both are important security updates that should be installed immediately.

Continue reading →

Organizational cybersecurity has significantly improved over the last year, following positive shifts in influence by CISOs and changing attitudes towards security culture, according to a new report.

The ninth annual Information Security Maturity report, published by ClubCISO in collaboration with Telstra Purple, surveyed more than 100 information security leaders around the world and finds 54 percent report that 'no material incident occurred', in the past year, compared to 27 percent in 2021.

Continue reading →