Articles about Security

Log data is important for tasks such as tracking performance of applications and capacity resources, informing product improvements, and identifying threats and anomalous activity.

But a new report from LogDNA, based on a Harris poll of more than 200 professionals responsible for observability and log data management across the US, shows 74 percent of companies are still struggling to achieve true observability despite substantial investments in tools.

Continue reading →

Ransomware is being targeted at organizations seven days a week, leaving no time for enterprises to shore up their security operations, according to a new report.

Analysis of publicly reported ransomware events by RiskRecon looks at the dates on which ransomware activated to encrypt systems, a metric that which was disclosed in 473 of the 654 events examined.

Continue reading →

Microsoft is improving the security of one-on-one Teams chats by adding end-to-end encryption. After a couple of months of testing the feature as part of a public preview the company says that the optional security boost is now generally available.

In order for calls to be protected, both parties need to have end-to-end encryption enabled. And if you're wondering why you might want to have E2EE disabled in Microsoft Teams, it's because having the security feature enabled means that some other call features do not work.

Continue reading →

At the end of November a vulnerability targeting Minecraft servers was uncovered. If you don't play Minecraft you probably didn't pay it much attention.

Since then, however, 'Log4Shell' has surged across the web sending tremors through the security community and prompting the US government to describe it as a 'severe risk'. So, what's going on and is it time to panic?

Continue reading →

Segmentation is an approach that separates critical areas of the network to control traffic, prevent lateral movement, and ultimately reduce the attack surface.

But according to a new study from Guardicore -- based on a survey of over 1,000 IT decision makers by Vanson Bourne -- while 96 percent of organizations claim to be implementing segmentation in their networks, only two percent are segmenting all six mission-critical asset classes, including critical applications, public-facing applications, domain controllers, endpoints, servers, and business critical assets/data.

Continue reading →

Anything that's connected to the internet can be a possible attack route for hackers, but organizations are often forced to use multiple solutions for protection, adding complexity and risk.

Cybereason and Google Cloud are launching an AI-powered XDR (Extended Detection and Response) solution to enhance and simplify the ability to predict, detect, and respond to cyberattacks.

Continue reading →

If you are running a version of Apache Log4j between 2.0-beta9 to 2.14.1 (inclusive) the Log4Shell vulnerability is something you need to be aware off. Tracked as CVE-2021-44228, this is a serious and easily exploited RCE flaw in the open-source Java-based logging utility.

An attacker can exploit the security flaw to execute a remote attack by simply using a particular string as the browser user agent. Although the Apache Software Foundation has released a patched version of Log4j 2.15.0, not everyone is able to update straight away, and this is something that attackers are taking advantage of. Thankfully, security firm Cybereason has released a "vaccine" called Logout4Shell that protects against Log4Shell.

Continue reading →

The current cyberthreat landscape can feel like a dark cloud hanging over the head of every organization, the same way Covid loomed over us for so long. But just as advances in health have offered light at the end of the tunnel for the pandemic, new approaches to cyber wellness can help us stay healthy and secure in the digital realm.

By taking proactive measures to ward off digital diseases like ransomware, and fighting off any infections that do occur through individually tailored therapies and treatments, we can go about our business with confidence, feeling and performing our best. 

Continue reading →

Over time enterprises amass lots of applications, each of which has its own means of authentication and authorization for users. This inevitably leads to 'identity sprawl' with information being held in multiple different silos.

In order to unify identity data from all sources within an organization and turn it into a flexible resource that can deliver verification on demand, Radiant Logic is launching its RadiantOne Intelligent Identity Data Platform.

Continue reading →

A new report from Venafi, based on in-depth security analysis of the world's top million websites over the last 18 months, shows the internet is becoming more secure.

Use of encryption is increasing and the adoption of newer TLS protocols is rising. However, many companies continue to use legacy RSA encryption algorithms to generate keys, despite stronger protocols being available.

Continue reading →

The Linux Foundation has announced that it will host the Cloud Hypervisor project, aiming to deliver a Virtual Machine Monitor for modern cloud workloads.

Written in Rust, the project has a strong focus on security, features include CPU, memory and device hot plugging; support for running Windows and Linux guests; device offload with vhost-user; and a minimal and compact footprint.

Continue reading →

Bots tend to have a poor reputation, launching cyber attacks, beating you to the best bargains on eCommerce sites and generally being a bit of a pain in the Net.

Nowadays bots are frequently available 'as-a-service' so it's possible to rent one for a period of time to execute an attack. But, according to research for Cequence Security, 32 percent of respondents say they've used a shopping bot before and 38 percent say they might in the future. So that's 70 percent of people who are thinking, 'If you can't beat them, join them.'

Continue reading →

In the last year, 47 percent of all identity document fraud was classed as 'medium' sophisticated, a 57 percent increase over the previous 12 months.

A report from identity verification and authentication company Onfido says this points to organized groups attempting to create 'verified' accounts with fake documents before using them to embark on other types of fraud.

Continue reading →

A new survey of 2,500 adults looks at how workforce burnout has opened businesses to attacks, with trends such as remote and hybrid work, the Great Resignation and worse behavior by cybersecurity professionals being the driving forces behind the threat.

The research, from password manager 1Password, finds that 84 percent of security professionals and 80 percent of other workers are feeling burned out, leading to serious backsliding around security protocols.

Continue reading →

A new survey of over 1,000 IT security professionals finds that 75 percent of organizations recognize zero trust as being important to bolstering their overall cybersecurity posture.

However, the study conducted by Dimensional Research for One Identity also shows only 14 percent have fully implemented a zero trust solution. Another 39 percent of organizations have begun to address this need, and an additional 22 percent say they plan to implement zero trust over the course of the next year.

Continue reading →