Articles about Security

Over 30 percent of cybersecurity professionals think that malicious actors are more adept at using AI to attack their organization than they are at leveraging AI in-house for defense.

A new survey carried out by Wakefield Research for Devo Technology also shows how organizations are struggling to effectively implement AI to aid and augment cybersecurity efforts, with more than 50 percent having to undertake major changes, or reset and start again.

Continue reading →

Microsoft has announced that its security tool for small to medium-sized businesses is now generally available. The standalone version of Microsoft Defender for Business helps to protect against ransomware and other cyber threats bringing, Microsoft says, "enterprise-grade endpoint security to SMBs".

Highlighting the importance of its solution, the company says that nearly a quarter of SMBs have experienced a security breach in the last year, often because they do not have the staff and resources available to enterprises. To help with this and to simplify deployment, Defender for Business comes with built-in policies to get customers up and running quickly.

Continue reading →

Most of us don't think too much about the 'From' address field on our emails, it's filled in by your mail program or web service. At the recipient's end security tools can check this against the sending server to verify that the mail is legitimate.

But hold on a second, an SMTP relay server between the server and the inbox allows messages through even though the addresses don't match. This is how organizations send out mass mailings without them getting blocked.

Continue reading →

Networks and the internet are reliant on domain name servers, dynamic host control protocol, and IP address management. These three technologies -- grouped together as DDI (DNS, DHCP, IPAM) -- are central to the way things work but that also makes them a tempting target.

We spoke to Ronan David, chief of strategy at EfficientIP to find out why DDI is so vital to online security and how automation can help with defense.

Continue reading →

Digital transformation, a shift to hybrid and remote working, and increasing regulatory pressure have seen major changes to the enterprise IT landscape in recent years.

CISOs have been at the heart of this, facing new challenges and taking on additional responsibilities. We spoke to Ben Smith, field CTO of NetWitness, to discuss these changes and find out what makes a good, or bad, CISO.

Continue reading →

The Log4Shell vulnerability proved to be one of the major cybersecurity events of last year and its repercussions continue to rumble on.

Research from network security platform Valtix shows 95 percent of IT leaders say Log4Shell was a wake up call for cloud security, changing it permanently, and 87 percent feel less confident about their cloud security now than they did before the incident.

Continue reading →

Search engine optimization (SEO) is used to boost the ranking of websites by ensuring they offer quality content and a good user experience.

But new research from global threat intelligence firm Cybersixgill shows, perhaps not too surprisingly, that similar techniques are being exploited by threat actors to boost trust in their sites.

Continue reading →

Microsoft has teamed up with Mastercard to launch a new identity protection solution which has been designed to help tackle digital fraud.

Mastercard has boosted its existing Digital Transaction Insights solution by adding next-generation authentication and real-time decisioning intelligence capabilities. The system helps merchants to verify customers' identities, and Microsoft will be providing its own insights and integrating the technology across its business.

Continue reading →

Every day, there seems to be a new headline about the latest ransomware threat, supply chain attack or malware strain.

And, while these are very real risks that organizations need to take seriously, an equally important security issue, albeit a much less publicized one, is the divide between security teams and professionals responsible for IT service management (ITSM).

Continue reading →

Security researchers at Microsoft have found a series of vulnerabilities affecting Linux. Collectively named Nimbuspwn, the security flaws can be chained together to allow an attacker to gain root access to a system.

Microsoft warns that the vulnerabilities, which are being tracked as CVE-2022-29799 and CVE-2022-29800, could also be exploited to execute ransomware attacks and more.

Continue reading →

The first quarter of 2022 has seen a rise in cybercriminals deceiving victims through new deepfakes and crypto scams to gain access to their financial or personal information.

The latest quarterly Consumer Cyber Safety Pulse Report from Norton Labs reveals deepfakes -- computer-generated images and videos -- are on the rise and being utilized by bad actors to spread disinformation.

Continue reading →

New research from Vectra AI reveals that 74 percent of respondents experienced a significant cybersecurity event in the past year.

The study surveyed 1,800 global IT security decision-makers at companies with over 1,000 employees and finds that 92 percent of respondents say that they had felt increased pressure to keep their organization safe from cyberattacks over the past year.

Continue reading →

The FBI has warned food and agriculture companies to be prepared for ransomware operatives to attack agricultural entities during planting and harvest seasons.

The FBI warning notes previous ransomware attacks during these seasons against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer.

Continue reading →

New phishing sites are launched on a regular basis, even back in 2017 1.4 million were launching every month according to Webroot, and most of them exist for less than 24 hours.

This makes it hard for security teams to pre-empt attacks, but email and brand protection company Red Sift has come up with an answer in the launch of a new platform that proactively uncovers impersonation domains and takes them down before they can be exploited.

Continue reading →

To celebrate the first anniversary of its Autofill tool, Microsoft has added new capabilities to its password security utility.

Available to use with Microsoft Edge natively, on iPhones and Android devices via an app, and in Chrome using an extension, Microsoft Autofill makes it easy to store and sync passwords in the cloud and have them automatically entered in logon forms. A new update to Microsoft Authenticator app means that it can now be used to generate strong passwords on demand.

Continue reading →