Articles about Security

When the Log4Shell vulnerability appeared in December last year the effects rippled across the cybersecurity world with potentially millions of devices affected.

A new study from Qualys takes a look at how enterprises responded to the vulnerability and how successful their remediation efforts were.

Continue reading →

Businesses are investing more in site reliability engineering but are being held back by outdated and manual processes, according to a new report.

A study of 450 site reliability engineers carried out by software intelligence company Dynatrace finds 88 percent say there is now more understanding of the strategic importance of their role than there was three years ago.

Continue reading →

The threat landscape is becoming more challenging from every angle. Security teams are understaffed and overworked and are still catching up after the wide-ranging effects of the pandemic. There’s unfortunately no end in sight as the skills gap widens and the complexity around IT management continues to grow with remote work programs going from sticking plaster to get through the initial lockdown to 'business as usual.' Bad actors are becoming more sophisticated each day. It has never before been this hard to keep your organization secure.

It’s no wonder that many security professionals fall into the trap of adopting numerous security tools to help them cope with these problems. In the hope of using the latest and seemingly greatest technology, CISOs think adding another security layer will reduce their risk exposure. If only it were that easy. Adding more technology can solve some of the issues, but it can also dilute team attention spans further, leading to more problems over time.

Continue reading →

It never takes long for threat actors to jump on a bandwagon and the Ukraine conflict is the latest event to prompt a wave of cryptocurrency phishing emails.

A new report of February's attack vectors from managed detection and response company Expel shows attempts to impersonate legitimate aid organizations to exploit people's desire to support refugees and victims with donations.

Continue reading →

New research by Trustwave SpiderLabs has uncovered a phishing attack that is able to adapt itself to the user's email service in order to trick them into revealing their login credentials.

The attack acts like a chameleon, putting up a fake login page tailored for whatever email service the victim is using. So Gmail users for example will see a different page from Apple, Outlook or Yahoo! Mail users.

Continue reading →

New research shows that hackers are regularly gaining access to servers with the same commonly used -- often default -- passwords.

The data from Bulletproof also reveals that default Raspberry Pi usernames and logins feature prominently on the list of top default credentials used by hackers.

Continue reading →

Amid our first global, multilateral, wholly unpredictable cyberwar, it is up to each of us to defend ourselves. No intelligence agency is certain how the cyber dimension of the Ukraine conflict will evolve; no military can stop a cyberattack. The situation catapults every digital organization into unknown territory.

If you think the battles on air, land and sea so far have defied expectations, consider the parallel cyber conflict. Three sober truths make this a perilous moment for us all -- especially as the Russian army’s logistical setbacks may make heightened cyber aggression against private interests more enticing.

Continue reading →

Generating, managing and accessing secrets within development workflows can be a complex process and lead to the inadvertent introduction of risks.

Security and privacy specialist 1Password is launching a new set of developer tools that aim to simplify complex processes and improve security practices to ensure data is protected, without slowing down the development pipeline. This will also provide developers with secure access to the secrets they need wherever they are.

Continue reading →

Russia’s invasion of Ukraine has provoked a massive rally of hackers to join both sides of the conflict and take up arms in the cyber-war. As has been the case in cyberattacks of recent years, the consequences of this will affect organizations way beyond the initial intended target. For example, in June 2017 French company Saint-Gobain was forced to halt its operations as a result of the NotPetya attack, a Russian cyberattack targeting Ukraine that resulted in over €80 million of losses in company revenue.

As a result of a sharp increase of cyber-attacks since the beginning of the conflict, from DDoS, new data wipers, phishing campaigns and malware, organizations worldwide should take immediate action to improve their cyber-resilience and limit the damages that any spillover could have on their business.

Continue reading →

A new survey of more than 800 IT professionals finds that 55 percent of respondents are using three or more cloud providers and 57 percent have five or more cloud security tools.

But the study from Orca Security shows this combination of multi-cloud adoption and disparate tooling is overwhelming security teams with inaccurate alerts. For example, 59 percent of respondents receive more than 500 public cloud security alerts a day, and 38 percent receive more than 1,000 a day.

Continue reading →

As we reported last week, cyberattacks are being used on both sides of the Russia-Ukraine conflict. Two new reports out today take a deeper look at how the cyber aspect of the conflict is developing.

Accenture's Cyber Threat Intelligence team has been looking at how threat actors have been dividing along ideological lines. Meanwhile Aqua Security's Team Nautilus has been analyzing the cloud technologies used in the conflict.

Continue reading →

Antivirus software was one of the earliest cybersecurity solutions, with the first commercial programs appearing in the 1980s, and it remains at the core of protecting computer systems today.

But as threats evolve and become more sophisticated, does traditional antivirus still have a role to play or will it be overtaken by technologies like artificial intelligence?

Continue reading →

The number of malicious web application requests grew 88 percent between 2020 and 2021, with broken access control and injection attacks making up over 75 percent of them.

The latest threat analysis report from Radware shows the most attacked industries were banking and finance, along with SaaS providers, together accounting for more than 28 percent of web application attacks.

Continue reading →

We're used to a high volume of cyberattacks originating from Russia, but in an interesting turnaround following the invasion of Ukraine, 70 percent of cyberattacks in March have been targeted at Russia.

Research from Atlas VPN shows a further 19 percent of attacks targeting Ukraine. The USA is the third biggest target but attacks targeting the country accounted for only five percent of the total.

Continue reading →

Microsoft has been working on a new security tool for a while now and today announces a preview build for Windows Insiders to try out, although there are some restrictions to be aware of.

The Microsoft Defender app, which is available for Windows, Android, and iOS, helps protect you and your family’s data and devices against online threats, such as malware and phishing attacks.

Continue reading →