Articles about Security

Russia’s invasion of Ukraine has provoked a massive rally of hackers to join both sides of the conflict and take up arms in the cyber-war. As has been the case in cyberattacks of recent years, the consequences of this will affect organizations way beyond the initial intended target. For example, in June 2017 French company Saint-Gobain was forced to halt its operations as a result of the NotPetya attack, a Russian cyberattack targeting Ukraine that resulted in over €80 million of losses in company revenue.

As a result of a sharp increase of cyber-attacks since the beginning of the conflict, from DDoS, new data wipers, phishing campaigns and malware, organizations worldwide should take immediate action to improve their cyber-resilience and limit the damages that any spillover could have on their business.

Continue reading →

A new survey of more than 800 IT professionals finds that 55 percent of respondents are using three or more cloud providers and 57 percent have five or more cloud security tools.

But the study from Orca Security shows this combination of multi-cloud adoption and disparate tooling is overwhelming security teams with inaccurate alerts. For example, 59 percent of respondents receive more than 500 public cloud security alerts a day, and 38 percent receive more than 1,000 a day.

Continue reading →

As we reported last week, cyberattacks are being used on both sides of the Russia-Ukraine conflict. Two new reports out today take a deeper look at how the cyber aspect of the conflict is developing.

Accenture's Cyber Threat Intelligence team has been looking at how threat actors have been dividing along ideological lines. Meanwhile Aqua Security's Team Nautilus has been analyzing the cloud technologies used in the conflict.

Continue reading →

Antivirus software was one of the earliest cybersecurity solutions, with the first commercial programs appearing in the 1980s, and it remains at the core of protecting computer systems today.

But as threats evolve and become more sophisticated, does traditional antivirus still have a role to play or will it be overtaken by technologies like artificial intelligence?

Continue reading →

The number of malicious web application requests grew 88 percent between 2020 and 2021, with broken access control and injection attacks making up over 75 percent of them.

The latest threat analysis report from Radware shows the most attacked industries were banking and finance, along with SaaS providers, together accounting for more than 28 percent of web application attacks.

Continue reading →

We're used to a high volume of cyberattacks originating from Russia, but in an interesting turnaround following the invasion of Ukraine, 70 percent of cyberattacks in March have been targeted at Russia.

Research from Atlas VPN shows a further 19 percent of attacks targeting Ukraine. The USA is the third biggest target but attacks targeting the country accounted for only five percent of the total.

Continue reading →

Microsoft has been working on a new security tool for a while now and today announces a preview build for Windows Insiders to try out, although there are some restrictions to be aware of.

The Microsoft Defender app, which is available for Windows, Android, and iOS, helps protect you and your family’s data and devices against online threats, such as malware and phishing attacks.

Continue reading →

A new report and infographic released today by Elevate Security shows that a mere three percent of a company's internal users are to blame for 92 percent of malware incidents, while just four percent are responsible for 80 percent of phishing incidents.

The research, carried out for Elevate by the Cyentia Institute, also shows 12 percent of users are responsible for 71 percent of browsing incidents with one percent triggering 200 events every week.

Continue reading →

Humans are often the weak link in the cybersecurity chain, but it's human capabilities that are also key to dealing with attacks and their aftermath, according to a new report from Immersive Labs.

The inaugural Cyber Workforce Benchmark report analyzed cyber knowledge, skills and judgment from over half a million exercises and simulations run by more than 2,100 organizations over the last 18 months.

Continue reading →

Analysis of security events across more than 120,000 user accounts last year shows that the vast majority of attacks on top SaaS platforms such as Microsoft 365, Google Workspace, Slack and Dropbox are coming from Russia and China.

The latest SaaS Application Security Insights (SASI) Report from SaaS Alerts also suggests these countries may be coordinating attack efforts. Attack trend lines that compare Russia and China show almost exactly the same pattern.

Continue reading →

We all know that we should use complex passwords and different ones for each account but managing them is undoubtedly a chore. It's no surprise then that Bitdefender research shows 50 percent of people use a single password for all online accounts and 32 percent reuse just a few passwords across multiple accounts.

To simplify the creation and management of secure passwords for online accounts across multiple platforms, including mobile, Bitdefender is today launching its own Password Manager.

Continue reading →

Frustrated by poor user experience and weak security, enterprises are moving towards adopting passwordless, continuous authentication, according to a new report.

The research from Enterprise Strategy Group, sponsored by SecureAuth also shows that multi-factor authentication (MFA) fatigue can result in more friction, loss of productivity and higher IT costs.

Continue reading →

Researchers at Forescout's Vedere Labs have discovered a set of vulnerabilities targeting the PTC Axeda agent which is commonly used in medical and IoT devices.

The Axeda agent enables device manufacturers to remotely access and manage connected devices, making these vulnerabilities reminiscent of the Kaseya hack and the SolarWinds Orion compromise.

Continue reading →

Organizations are taking nearly two months to remediate critical risk vulnerabilities, with an average mean time to remediate (MTTR) across of 60 days.

A new report from smart vulnerability management firm Edgescan, based on analysis of over 40,000 web application and API assessments, three million network endpoint assessments, and circa 1000 penetration tests, finds high rates of known, patchable vulnerabilities that have working exploits in the wild.

Continue reading →

Today’s Wi-Fi printers possess an array of features that make printing easy, which are especially useful in a world where remote working is commonplace and employees use a range of different devices for producing documents. Despite their advantages, there remain some serious security gaps that hackers can easily exploit if an organization doesn’t have a robust print security strategy in place.

While most businesses do well when it comes to protecting core IT infrastructure including computers, servers and applications, they do often fall short when it comes to secondary assets such as multifunction printers (MFPs). With cybercriminals constantly circling and searching for different ways to infiltrate a company’s network, unsecured connected printers can be a key point of weakness leading to a major breach.

Continue reading →