Articles about Security

Security researchers have managed to use the encryption algorithm used by the Hive ransomware to determine the master key needed to decrypt files for free.

Ordinarily, victims of a Hive ransomware attack would have to pay up to receive their individual decryption key. But a team of researchers from the Department of Financial Information Security, at Korea's Kookmin University, have been able to calculate the master key. This has then been used in what is believed to be the "first successful attempt at decrypting Hive ransomware"

Continue reading →

Cloud is an enabler of productivity and provides the infrastructure which supports modern distributed workforces. But it also poses a serious security risk to businesses that are unprepared to cope with modern threats. Figures from 451 Research show that 40 percent of organizations have experienced a cloud-based data breach in the past 12 months.

Organizations are spending millions on firewalls, endpoint protection and other security measures. What these organizations are missing, however, is visibility and control of security policies that govern 'what can talk to what' and 'who can talk to who' across the entire organizational infrastructure, including on-premise, cloud-native, and hybrid cloud. This creates security blind spots and misconfigurations.

Continue reading →

Data breaches not only lead to a loss of reputation and drive customers elsewhere, they also have a significant financial cost.

A new study from Surfshark applies IBM's 'Cost of a Data Breach' calculations to the largest data breaches of the last two years in order to find the estimated cost of some of the biggest data breaches.

Continue reading →

Whether Linux distributions are more secure than Windows or macOS is the source of on-going debate, but Google's Project Zero has some interesting findings relating to the patching of security holes.

The security research program at Google has published information relating to security flaws found in software over the course of two years. Between January 2019 and December 2021 the Project Zero team found that Linux developers addresses problems far faster than Apple, Microsoft or Google itself.

Continue reading →

Patching is an essential part of keeping systems secure and it has been for almost as long as computers have existed.

Why then is it something that many organizations still seem to struggle with? We talked to Tom Bridge, principal product manager at JumpCloud to find out and to learn how companies can get to grips with patch management.

Continue reading →

Worried about becoming a victim of cybercrime? A new study from Surfshark reveals the places where your fears are most likely to be justifed, the countries where cybercrime density -- the number of attacks per million of population -- is highest.

The UK tops the list with 3,409 victims per million internet users, almost twice as many as the US (1,724 per million). The number of victims in the UK also grew by 130 percent compared to 2019, which is the second-highest year-on-year growth worldwide after South Africa which faced the sharpest rise of 277 percent.

Continue reading →

Cloud take up is showing no signs of slowing down, with 97 percent of IT leaders in a new survey saying that their strategy includes the expansion of cloud deployments, however, 63 percent say that cyberthreats are the main obstacle to their cloud plans.

The study, from cloud security company Confluera, looks at how IT leaders detect, evaluate, and act against cybersecurity threats in today's cloud environment.

Continue reading →

Revenue generated by cybersecurity firms in the UK rose by 14 percent to £10.1 billion ($13.7 billion) last year according to the latest Annual Cyber Sector Report from the Department for Culture Media and Sport (DCMS).

The report, which tracks the growth and performance of the UK's cyber security industry, reveals the sector contributed around £5.3 billion to the UK economy in 2021, rising by a third on the previous year from £4 billion -- the largest increase since the report began in 2018.

Continue reading →

Over a quarter of businesses (28 percent) have critical vulnerabilities that could easily be exploited by cyberattack.

But even when these vulnerabilities are flagged by penetration testing, they are still being left unaddressed.

Continue reading →

The final quarter of 2021 saw a 356 percent growth in the number of attacks where the infection vectors were CVE or zero day vulnerabilities compared to Q3.

The latest Threat Landscape report from Kroll shows CVE/zero day exploitation accounted for 26.9 percent of initial access cases over the period, indicating that attackers are becoming more adept at exploiting vulnerabilities, in some cases leveraging them on the same day that the proof-of-concept exploit appears.

Continue reading →

Digital supply chain breaches are becoming more common, as supply chains increase in complexity so the attack surface grows and even smaller businesses can have complex webs of connections.

But how do supply chain breaches impact businesses? And what can they do to cut the risk? We spoke to Jeremy Hendy, CEO of digital risk protection specialist Skurio, to find out.

Continue reading →

New research from multi-factor authentication specialist Beyond Identity finds that 83 percent of employees admit to maintaining continued access to accounts from a previous employer.

More worrying is that over half of these employees (56 percent) say they have used this continued digital access with the specific intent of harming their former employer. This figure jumps to 70 percent among those who had been dismissed.

Continue reading →

The Internet Society (ISOC) is one of the oldest and most important international non-profit organizations related to the internet, but that doesn't make it immune to problems and it's revealed today that ISOC members' details have been exposed in a data security breach

Independent cybersecurity researcher Bob Diachenko, in collaboration with cybersecurity company Clario, discovered an open and unprotected Microsoft Azure blob repository containing millions of files with personal and login details of ISOC members.

Continue reading →

The 2021 threat landscape has become more crowded as new adversaries emerge according to the 2022 Global Threat Report released today by CrowdStrike.

CrowdStrike Intelligence is now tracking more than 170 adversaries in total with 21 added last year. Financially motivated eCrime activity continues to dominate with intrusions attributed to eCrime accounting for 49 percent of all observed activity.

Continue reading →

Risk Based Security (RBS) has today released its 2021 Year End Vulnerability QuickView Report showing that a total of 28,695 vulnerabilities were disclosed last year.

This the highest number recorded to date. Now that the vulnerability disclosure landscape has moved past the COVID-19 pandemic, RBS predicts that the number of vulnerabilities disclosed will continue to rise year-on-year in future.

Continue reading →