Articles about Security

The latest research from Cado Security reveals the first publicly known malware that is specifically designed to execute in the AWS Lambda serverless environment.

Named Denonia, the malware downloads and runs crypto mining software, and demonstrates how attackers are exploiting newer cloud computing use cases to take advantage of their ephemeral nature to evade detection.

Continue reading →

Launched last year, Avast One aimed to offer a comprehensive protection suite with both free and paid for editions.

The company has now announced significant enhancements to the product, with new features designed to protect people from online scams, fraud, and other personal privacy threats.

Continue reading →

Over half (56 percent) of IT security leaders say that their non-technical staff are only 'somewhat' or 'not at all' prepared, for a cyberattack.

A new survey by Egress of 600 IT security leaders also shows that 77 percent of respondents have seen an increase in security compromises since going remote twp years ago, and there's a continued significant risk to organizations.

Continue reading →

A new study into financial fraud from Feedzai finds that fraud attempts globally are up by 233 percent over the last two years.

Over the same period there has also been a whopping 794 percent increase in fraud on digital entertainment transactions. The effects of the pandemic are evident too with a 65 percent increase in online transactions and a 75 percent drop in US cash withdrawals.

Continue reading →

A new study from Israel-based XM Cyber, based on findings from nearly two million endpoints, files, folders and cloud resources throughout 2021, shows 94 percent of critical assets can be compromised within just four steps of the initial breach point.

The research team analyzed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-premise, multi-cloud and hybrid environments, and developed tips for thwarting them.

Continue reading →

A new multi-vector endpoint detection and response (EDR) solution from Qualys aims to reduce the risk of compromise with vulnerability management and patching all from a single agent.

Traditional EDR solutions still focus solely on endpoint activity to detect attacks and incorporate only MITRE ATT&CK techniques -- not tactics. This means security teams are forced to rely on additional tools to strengthen their risk management.

Continue reading →

A record 71 percent of organizations were impacted by successful ransomware attacks last year, according to the 2022 Cyberthreat Defense Report (CDR) from CyberEdge Group, up from 55 percent in 2017.

Of those that fell victim, almost two-thirds (63 percent) paid the requested ransom, up from 39 percent in 2017.

Continue reading →

It has been a very long time coming, but Microsoft appears to have finally understood the value and importance of HTTPS. For reasons best known to the company, anyone looking to download updates from the Microsoft Update Catalog have had to do so via HTTP links -- but no longer.

In the last few days, Microsoft made a server-side change that means Microsoft Update Catalog downloads now use HTTPS connections. The switch to HTTPS affects everything from Windows 11 to Office, and everything in between.

Continue reading →

It's now over three months since the Log4Shell vulnerability, affecting the Log4j logging framework, first appeared.

But new research from Randori shows that it's still giving headaches to enterprises and identifies the top 10 attackable targets.

Continue reading →

With the COVID-19 pandemic and drive for digital transformation the shift to a new distributed workforce model continues at pace.

But this can also leave businesses vulnerable as attack vectors have become more sophisticated -- resulting in a continued shortage of security experts.

Continue reading →

A new study commissioned by Imperva from Forrester Research finds 58 percent of sensitive data security incidents are caused by insider threats.

And yet 31 percent of firms don't believe insiders are a substantial threat. Indeed only 37 percent of participants report having dedicated insider threat teams, and 70 percent of organizations in the EMEA region don't have a strategy for stopping insider threats.

Continue reading →

Credential phishing continues to be the top threat facing organizations, increasing 10 percentage points since 2020, accounting for 67 percent of all phishing emails now observed.

The latest Annual State of Phishing Report from Cofense also reveals that 52 percent of all credential phishing attempts observed by the Cofense Phishing Defense Center (PDC) were branded as Microsoft.

Continue reading →

Microsoft is giving Windows users an easy way to avoid drivers that are known to contain vulnerabilities, helping to improve security.

The company is adding a vulnerable driver blocklist option to Windows Defender Application Control (WDAC) which will help to ensure that only trusted drivers can be installed. The new security measure is available to users of Windows 10, Windows 11 and Windows Server 2016 on systems with hypervisor-protected code integrity (HVCI) enabled, and Windows 10 in S Mode.

Continue reading →

A new study carried out by the Ponemon Institute and sponsored by passwordless authentication platform company Nok Nok Labs, shows the significant costs to businesses that result from authentication failures and weaknesses.

According to the study, which surveyed 1,007 IT staff, IT security leaders, and line of business leaders, the average business losses across all types of authentication weaknesses range from $39 million to $42 million.

Continue reading →

In the light of President Biden's new legislation requiring critical infrastructure organizations to disclose cyber incidents to the government within 72 hours, new research from BitSight shows how unprepared many are to meet the strict disclosure requirements.

Based on analysis of more than 12,000 publicly disclosed cyber incidents between 2019 and 2022, the research finds it takes the average organization 105 days to discover and disclose an incident from the date it occurred.

Continue reading →