Articles about Security

As organizations move to fully embrace cloud, the significant benefits of running IT infrastructure via cloud services are becoming even more evident. Not only do cloud-based services come at a far lower cost than physical platforms and deployments, IT leaders are also able to side-step much of the risk and 'heavy lifting' around tech investment and maintenance by moving this out of local data centers. They can also enjoy expert third-party systems management and reliable service delivery, without having to give up much of the control for end users.

Microsoft 365 is a great case in point. The procurement model for this ever-expanding suite of high-qual­ity IT services is based around a price per user. It is easily scalable as teams and organizations grow and can therefore help to optimise budgets, avoiding payment for infrastructure that may go unused. It’s also growing, with new features and functionality added every day that will keep IT departments at the cutting edge of optimal business processes.

Continue reading →

A new study shows that 69 percent of tech executives believe shadow IT is a top security concern related to SaaS adoption.

The report from automated SaaS management platform Torii reveals 41 percent of executives say challenges with SaaS spend visibility and optimization have impacted the way their organization operates.

Continue reading →

We're all used to those irritating questions you have to answer when you contact a company: the make of your first car, the town where you were born, the dog's maiden name, etc. But it seems that criminals may actually be better at answering them than we are.

Fraudsters are able to pass knowledge based authentication (KBA) questions 92 percent of the time, based on a national contact center case study, while genuine customers only pass KBA's 46 percent of the time.

Continue reading →

Attackers are finding new ways to target cloud-native environments according to a new report from Aqua Security's Nautilus threat research team.

While cryptominers are the most common malware observed, with increasing frequency researchers have discovered an increased usage of backdoors, rootkits and credential stealers.

Continue reading →

Cybercrime tends to follow the money when it comes to selecting targets, so it’s perhaps not too surprising to learn that 63 percent of financial institutions admit experiencing an increase in destructive attacks.

The latest Modern Bank Heists report from VMWare surveyed the financial industry's top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift in the sector.

Continue reading →

While the Russian security firm has fallen out of favor in recent months, Kaspersky has announced that it has managed to crack the Yanluowang ransomware.

Yanluowang was discovered by Symantec last year, and now Kaspersky has identified a vulnerability in the encryption algorithm it uses. This has enabled the company to develop a free decryption tool which can be used by ransomware victims to get their data back without having to pay a cent.

Continue reading →

A team of security researchers at ESET have unearthed a trio of vulnerabilities with Lenovo laptops. More than one hundred different models of laptop are affected, meaning that millions of owners are at risk.

Two of the vulnerabilities (CVE-2021-3971 and CVE-2021-3972) affect UEFI firmware drivers and are extremely worrying because of the potential implications of exploitation. CVE-2021-3970 is a slightly less serious memory corruption problem, but it remains concerning.

Continue reading →

A new report from compliance and risk management firm Kiteworks shows 51 percent of organizations are inadequately protected against third-party security and compliance risks related to sensitive content communications.

It also reveals that most organizations share sensitive content with a long list of third-party entities. Two-thirds do so with more than 1,000 third parties, while one-third have over 2,500.

Continue reading →

A new report from Enterprise Strategy Group (ESG), sponsored by Keepit, shows that granular and air-gapped backup are critical to data recovery when businesses are hit by ransomware.

Of more than 600 respondents to the survey, 79 percent have experienced a ransomware attack within the last year, with 17 percent experiencing attacks weekly and 13 percent daily.

Continue reading →

Millions of dollars are lost to online scams each year and the fraudsters are getting ever more sophisticated in the targeting of their attacks.

Much of today's fraud is executed using information about the consumer's habits and personal details, usually captured in phishing attacks or data breaches. The fact that we’re conducting more of our transactions online as a result of the pandemic has created even more opportunity for fraudsters.

Continue reading →

Traditional rule-based security techniques centered on malware signatures and perimeter protection are increasingly unable to cope with the latest, more sophisticated threats.

Taking a more behavior-based approach to spotting unusual or risky activity offers a solution, but what is required to make it work? We spoke to Sanjay Raja, VP of product marketing and solutions at cybersecurity specialist Gurucul, to find out.

Continue reading →

It's hard not to feel just a little bit sorry for the Russians at the moment. First the Ukrainians keep blowing up their tanks, and now it seems the country has topped the charts in terms of breached accounts from January to March this year.

A study by Surfshark shows that since the start of the invasion of Ukraine in March, 136 percent more Russian accounts have been breached than in February. Ukraine meanwhile appeared in 67 percent fewer breaches than in the quarter before the war.

Continue reading →

Phishing emails that mention holidays are most likely to entice employees to click, according to security awareness training company KnowBe4.

The Q1 2022 top-clicked phishing report finds successful subjects globally include: 'HR: Change in Holiday Schedule', 'St. Patrick's Day: Employee Behavior/Company Policies', and 'Starbucks: Happy Holidays! Have a drink on us'.

Continue reading →

Cyberattacks are something every organization fears. Perhaps those who should be most concerned, and which should scare us most, are the ones that control vital infrastructure -- nuclear power plants (recall Stuxnet in Iran?), banks, telephone carriers, healthcare and power grids. 

Today, security firm Trellix releases its latest report on the current state of affairs in the industry and, as expected, the news isn’t all rainbows and unicorns. 

Continue reading →

A new Risk Insights Index released today by Corvus Insurance reveals that the rate of ransomware claims reached in the final quarter of last year was just half of the peak seen in Q1.

At the same time the average ransom paid was around $167k, 44.2 percent less than the Q3 figure. Fewer ransoms are being paid compared to those demanded too. The percentage for the last quarter of 2021 held steady in the low twenties, down significantly from figures that once were over 50 percent. As recently as Q3 2020, the ratio was 44 percent.

Continue reading →