Articles about Security

A new report shows that 81 percent of organizations have experienced at least two or more disruptive outages caused by expired certificates in the past two years, up from 77 percent last year.

The report from machine identity platform Keyfactor, based on research by the Ponemon Institute, finds the cut in SSL/TLS certificate lifespans to one year in September 2020 has made it much more difficult to keep the pace with certificate issuance and management.

Continue reading →

Nearly 90 percent of device assets in the modern organization are cloud-based, meaning physical devices such as laptops, tablets, smartphones, routers, and IoT hardware represent less than 10 percent of total devices.

However, the latest State of Cyber Assets report from JupiterOne analyzed nearly 10 million security policies and finds that cloud-specific ones represent less than 30 percent of the total.

Continue reading →

Legitimate penetration testing tools like Cobalt Strike, Impacket and RMM, are being used by threat actors because it's more efficient to use existing tools that are proven to be successful than to create new software.

The latest Threat Detection Report from managed detection and response firm Red Canary shows Cobalt Strike in particular has never been more popular, impacting eight percent of its customers in 2021.

Continue reading →

Cybersecurity company F-Secure is rebranding its corporate security business under the new name WithSecure and with a snazzy new logo, above.

Previously known as F-Secure Business, WithSecure will focus on corporate security products and solutions, while consumer security products and services remain available under the existing F-Secure name.

Continue reading →

The COVID-19 pandemic sparked a shift towards work-from-home or telecommuting arrangements, which many companies are saying they are likely to retain even after the pandemic. This new way of working or doing business has raised the demand for collaboration platforms and virtual rooms, which in turn create new cyber security challenges.

One recent flaw is referred to as a cross-site leak or XS-Leak and is linked to Slack's file-sharing feature. If exploited, malicious actors can potentially identify users outside of the workforce messaging platform. It allows cybercriminals to circumvent the web browser security feature called "same-origin policy," which stops browser tabs and frames of different domains from accessing each other’s data.

Continue reading →

When the Log4Shell vulnerability appeared in December last year the effects rippled across the cybersecurity world with potentially millions of devices affected.

A new study from Qualys takes a look at how enterprises responded to the vulnerability and how successful their remediation efforts were.

Continue reading →

Businesses are investing more in site reliability engineering but are being held back by outdated and manual processes, according to a new report.

A study of 450 site reliability engineers carried out by software intelligence company Dynatrace finds 88 percent say there is now more understanding of the strategic importance of their role than there was three years ago.

Continue reading →

The threat landscape is becoming more challenging from every angle. Security teams are understaffed and overworked and are still catching up after the wide-ranging effects of the pandemic. There’s unfortunately no end in sight as the skills gap widens and the complexity around IT management continues to grow with remote work programs going from sticking plaster to get through the initial lockdown to 'business as usual.' Bad actors are becoming more sophisticated each day. It has never before been this hard to keep your organization secure.

It’s no wonder that many security professionals fall into the trap of adopting numerous security tools to help them cope with these problems. In the hope of using the latest and seemingly greatest technology, CISOs think adding another security layer will reduce their risk exposure. If only it were that easy. Adding more technology can solve some of the issues, but it can also dilute team attention spans further, leading to more problems over time.

Continue reading →

It never takes long for threat actors to jump on a bandwagon and the Ukraine conflict is the latest event to prompt a wave of cryptocurrency phishing emails.

A new report of February's attack vectors from managed detection and response company Expel shows attempts to impersonate legitimate aid organizations to exploit people's desire to support refugees and victims with donations.

Continue reading →

New research by Trustwave SpiderLabs has uncovered a phishing attack that is able to adapt itself to the user's email service in order to trick them into revealing their login credentials.

The attack acts like a chameleon, putting up a fake login page tailored for whatever email service the victim is using. So Gmail users for example will see a different page from Apple, Outlook or Yahoo! Mail users.

Continue reading →

New research shows that hackers are regularly gaining access to servers with the same commonly used -- often default -- passwords.

The data from Bulletproof also reveals that default Raspberry Pi usernames and logins feature prominently on the list of top default credentials used by hackers.

Continue reading →

Amid our first global, multilateral, wholly unpredictable cyberwar, it is up to each of us to defend ourselves. No intelligence agency is certain how the cyber dimension of the Ukraine conflict will evolve; no military can stop a cyberattack. The situation catapults every digital organization into unknown territory.

If you think the battles on air, land and sea so far have defied expectations, consider the parallel cyber conflict. Three sober truths make this a perilous moment for us all -- especially as the Russian army’s logistical setbacks may make heightened cyber aggression against private interests more enticing.

Continue reading →

Generating, managing and accessing secrets within development workflows can be a complex process and lead to the inadvertent introduction of risks.

Security and privacy specialist 1Password is launching a new set of developer tools that aim to simplify complex processes and improve security practices to ensure data is protected, without slowing down the development pipeline. This will also provide developers with secure access to the secrets they need wherever they are.

Continue reading →

Russia’s invasion of Ukraine has provoked a massive rally of hackers to join both sides of the conflict and take up arms in the cyber-war. As has been the case in cyberattacks of recent years, the consequences of this will affect organizations way beyond the initial intended target. For example, in June 2017 French company Saint-Gobain was forced to halt its operations as a result of the NotPetya attack, a Russian cyberattack targeting Ukraine that resulted in over €80 million of losses in company revenue.

As a result of a sharp increase of cyber-attacks since the beginning of the conflict, from DDoS, new data wipers, phishing campaigns and malware, organizations worldwide should take immediate action to improve their cyber-resilience and limit the damages that any spillover could have on their business.

Continue reading →

A new survey of more than 800 IT professionals finds that 55 percent of respondents are using three or more cloud providers and 57 percent have five or more cloud security tools.

But the study from Orca Security shows this combination of multi-cloud adoption and disparate tooling is overwhelming security teams with inaccurate alerts. For example, 59 percent of respondents receive more than 500 public cloud security alerts a day, and 38 percent receive more than 1,000 a day.

Continue reading →