Articles about Security

The timeliness of security checks during the software testing process is critical to more rapid and higher quality software development and yielding higher returns. Yet DevOps and security have historically struggled to integrate in the software development life cycle (SDLC). According to a Gartner study, through 2022, 90 percent  of software development projects plan to follow DevSecOps practices, up from 40 percent  in 2019.

With the increased risks of cyberattacks and pressure on DevOps teams to deliver software to faster timelines, the risks and consequences associated with flawed code and faulty infrastructure configurations cannot afford to be missed in the early development stages. So the pros of uniting these teams is clear, but the cons remain costly and their discord could hold organizations back by making software deployment faster but in doing so releasing security vulnerabilities.

Continue reading →

In theory, the fact that Google Chrome can warn you if any of your saved passwords have been involved in breaches is a good thing. In theory. In practice, it can be a different story. There may be a very good reason for no wanting to change a particular saved password, rendering warnings nothing more than irritating.

You could, of course, disable password warnings completely, but this is clearly something of a security risk. But if an experimental setting Google is working on in Chrome makes its way to the release version of the browser, you could soon have finer-grained control over password warnings -- meaning that you could stop Chrome pestering you about passwords you won't want to change or can't change.

Continue reading →

The CISA (US Cybersecurity and Infrastructure Security Agency) has published a list of 15 actively exploited software vulnerabilities, encouraging users of Windows and macOS to install the available patches.

Included in the list is the SeriousSAM vulnerability that is also known as HiveNightmare affects Windows 10 and 11. Tracked as CVE-2021-36934, this is a local privilege escalation vulnerability that makes it possible for an attacker to grab password hashes from the registry and gain admin privileges.

Continue reading →

Internet of Things devices are making their way into more and more areas of our lives. But while they offer many benefits they also present businesses with a problem when it comes to managing and securing them.

An ever widening range of devices now have connectivity that may be off the radar of company IT and cybersecurity teams. We spoke to Roy Dagan, CEO of SecuriThings, to discuss the issue and how enterprises can tackle it.

Continue reading →

Sending and receiving important, mission-critical, or time-sensitive documents -- whether as an email attachment, via a file-sharing app, or as a digital fax -- is today a critical component of business processes and communication.

Digital documents are now a primary form of business communication, and everything from contracts to proposals and RFQs should be considered data that is governed by compliance and security regulations. Let’s examine the four leading considerations for businesses when it comes to secure digital document transmission.

Continue reading →

We increasingly rely on APIs to deliver the smooth sharing of information between applications. But their very functionality and ease of use is also a gift to attackers.

A recent report from Cequence Security shows that 80 percent, or 1.8 billion, blocked attacks between June and December 2021 were found to be API-based. At the same time APIs exposing sensitive data like payment (PCI) or personally identifiable information (PII) have increased by 87 percent.

Continue reading →

There is 37 percent chance of a company losing IP when an employee quits, according to a new report from insider risk management company Code42.

Hot on the heels of yesterday's report about malicious insiders, the study, carried out by Vanson Bourne, finds that cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft.

Continue reading →

Thanks to its use on many cloud servers, Linux is a core part of the digital infrastructure. It's not surprising therefore that it's increasingly being targeted by attacks.

A new report from the Threat Analysis Unit at VMware finds malware targeting Linux-based operating systems is increasing in both volume and complexity amid a rapidly changing threat landscape,

Continue reading →

Small and medium businesses are avoiding using payroll and HR management solutions in the cloud due to security concerns, according to a new report.

The study from Breathe finds 22 percent of teams are not utilizing payroll solutions, instead opting for time consuming and error-prone manual spreadsheets, a surprising outcome.

Continue reading →

Humans have always been a weak link in the cybersecurity chain and a new report from DTEX Systems provides evidence that the sudden shift to remote working has directly contributed to an escalation in psychosocial human behaviors that create organizational risk.

In particular it notes the rise of 'super malicious' insiders, who accounted for 32 percent of malicious insider incidents investigated by the DTEX Insider Intelligence and Investigations (I3) team in 2021.

Continue reading →

Most applications are now security scanned around three times a week, compared to just two or three times a year a decade ago.

A new report from Veracode also shows developers now testing more than 17 new applications per quarter -- more than triple the number of apps scanned over the same period a decade ago.

Continue reading →

In so many ways macros have made life easier for Office users, helping to automated and speed up a variety of tasks. But they also pose a gigantic security threat, particularly in documents downloaded from the internet.

Now Microsoft is taking action, and will block internet macros by default in Office. The reason for the move is the widespread exploitation of VBA macros by bad actors to spread malware.

Continue reading →

The COVID-19 pandemic has provided a boost to the numbers of people working remotely. But a new study from F-Secure finds that 67 percent of internet users who work from home reported they increasingly worry about their online security and privacy, even if nothing is wrong, compared to 58 percent of other users.

Remote workers also report raised concerns about a range of other of issues, for example 65 percent of those who work from home say the internet is becoming a more dangerous place, compared to only 54 percent of other respondents.

Continue reading →

The origins of Public Key Infrastructure (PKI) date back to the 1970s and research at UK intelligence agency GCHQ, though it didn't emerge from the secret world and take off commercially until the 1990s.

PKI still underlies a great deal of modern cryptography, so we spoke to Ryan Sanders, senior product marketing manager at Keyfactor, to find out more about it and why it isn’t going away any time soon.

Continue reading →

The malware types and hacking services most discussed over the last year on dark web forums are dominated by phishing, stealers, zero-day attacks, and ransomware.

But the 2021 Year-End Data Breach Report from Risk Based Security finds discussing ransomware has been widely banned on major forums as evidenced by referring to ransomware offerings as 'crypters' or 'lockers' to avoid the post or account getting immediately banned.

Continue reading →