Articles about Security

We all make mistakes from time to time, but a cybersecurity error could cost you your job according to a new report.

The study from email security company Tessian finds almost one in four respondents (21 percent) lost their job as a result of a security mistake that compromised their company’s security -- up from 12 percent in 2020.

Continue reading →

The average time to known exploitation of vulnerabilities is 12 days, down from 42 days last year, according to the latest Rapid7 Annual Vulnerability Intelligence report.

Of 50 2021 vulnerabilities looked at in the report, 43 were exploited in the wild and 52 percent of the known exploited vulnerabilities in this report came under attack within one week of public disclosure.

Continue reading →

Google has released an emergency patch for the Windows, macOS and Linux versions of Chrome after the discovery of a zero-day vulnerability that the company says is being actively exploited.

The security fix comes as Microsoft releases a patch of its own for the same vulnerability (CVE-2022-1096) in Edge, its Chromium-based browser. While neither company has given much detail about the problem, Google describes it as being of high severity.

Continue reading →

The Federal Communications Commission has added Kaspersky to its blacklist in a move that has been branded as political. The FCC says that the Russian security firm has been "deemed to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons".

What this means in practice is that Kaspersky is ineligible to receive FCC funding, joining companies such as Huawei and ZTE. Kaspersky has also been sanctioned by HackerOne, with its bug bounty program being indefinitely suspended.

Continue reading →

Security is always a hot topic, but recent world events have made it more critical than ever to review -- and potentially change -- the security you use to protect your PC. With governments worldwide reiterating their warnings about using Russian-made antivirus tools, now is the time to look for a trusted alternative, and we’ve got just the tool to protect your entire household for the next two years.

Developed in Europe, Avast Ultimate 2022 is designed to protect up to 10 devices across Windows, Mac, iOS and Android. It’s a suite of four products: Avast Premium Security 2022, Avast SecureLine VPN 2022, Avast Cleanup Premium 2022, and Avast AntiTrack Premium 2022. Combined, you get comprehensive protection from all kinds of threats, not just against malware.

Continue reading →

Though the overall number fell slightly, DDoS attacks became both bigger and more complicated in 2021 according to a new report from cloud-based managed security services platform F5 Silverline.

By the final quarter of last year the mean attack size recorded was above 21 Gbps, more than four times the level at the beginning of 2020. Last year also saw the record for the largest-ever attack broken on several occasions.

Continue reading →

The annual tax season is inevitably the cue for a spate of attacks impersonating official sites or popular accounting software.

In a new twist for this year researchers at email security firm Avanan have uncovered attacks spoofing fintech apps such as Stash and Public to steal credentials and give users a false sense of security that they've compiled the right tax documents.

Continue reading →

More than three-quarters (78 percent) of respondents to a new survey say managing user identities between multiple clouds is their number one challenge.

The study carried out by Forrester for Strata Identity finds 70 percent want to migrate to the cloud increase security and protect data. But at the same time 28 percent of companies are using four or more public/private clouds today and that's expected to more than double in two years to 65 percent.

Continue reading →

New research from Splunk's SURGe team looks at how quickly ten major ransomware strains, including Lockbit, Revil and Blackmatter, can encrypt 100,000 files.

The research shows that the median ransomware variant can encrypt nearly 100,000 files totaling 53.93GB in 42 minutes and 52 seconds. Encryption speeds vary between ransomware variants though with individual ransomware samples ranging from four minutes to three and a half hours to encrypt the same data.

Continue reading →

Almost a third (29 percent) of workers still use the same passwords for both personal and work accounts, potentially compromising their organisation if a personal account gets hacked.

A new study of 2,000 UK adults carried out by OnePoll for professional services company Gemserv also shows 39 percent of respondents access corporate accounts and content from their personal devices often or always, with another 24 percent doing so sometimes.

Continue reading →

A new report shows that 81 percent of organizations have experienced at least two or more disruptive outages caused by expired certificates in the past two years, up from 77 percent last year.

The report from machine identity platform Keyfactor, based on research by the Ponemon Institute, finds the cut in SSL/TLS certificate lifespans to one year in September 2020 has made it much more difficult to keep the pace with certificate issuance and management.

Continue reading →

Nearly 90 percent of device assets in the modern organization are cloud-based, meaning physical devices such as laptops, tablets, smartphones, routers, and IoT hardware represent less than 10 percent of total devices.

However, the latest State of Cyber Assets report from JupiterOne analyzed nearly 10 million security policies and finds that cloud-specific ones represent less than 30 percent of the total.

Continue reading →

Legitimate penetration testing tools like Cobalt Strike, Impacket and RMM, are being used by threat actors because it's more efficient to use existing tools that are proven to be successful than to create new software.

The latest Threat Detection Report from managed detection and response firm Red Canary shows Cobalt Strike in particular has never been more popular, impacting eight percent of its customers in 2021.

Continue reading →

Cybersecurity company F-Secure is rebranding its corporate security business under the new name WithSecure and with a snazzy new logo, above.

Previously known as F-Secure Business, WithSecure will focus on corporate security products and solutions, while consumer security products and services remain available under the existing F-Secure name.

Continue reading →

The COVID-19 pandemic sparked a shift towards work-from-home or telecommuting arrangements, which many companies are saying they are likely to retain even after the pandemic. This new way of working or doing business has raised the demand for collaboration platforms and virtual rooms, which in turn create new cyber security challenges.

One recent flaw is referred to as a cross-site leak or XS-Leak and is linked to Slack's file-sharing feature. If exploited, malicious actors can potentially identify users outside of the workforce messaging platform. It allows cybercriminals to circumvent the web browser security feature called "same-origin policy," which stops browser tabs and frames of different domains from accessing each other’s data.

Continue reading →