Articles about Security

Bots tend to have a poor reputation, launching cyber attacks, beating you to the best bargains on eCommerce sites and generally being a bit of a pain in the Net.

Nowadays bots are frequently available 'as-a-service' so it's possible to rent one for a period of time to execute an attack. But, according to research for Cequence Security, 32 percent of respondents say they've used a shopping bot before and 38 percent say they might in the future. So that's 70 percent of people who are thinking, 'If you can't beat them, join them.'

Continue reading →

In the last year, 47 percent of all identity document fraud was classed as 'medium' sophisticated, a 57 percent increase over the previous 12 months.

A report from identity verification and authentication company Onfido says this points to organized groups attempting to create 'verified' accounts with fake documents before using them to embark on other types of fraud.

Continue reading →

A new survey of 2,500 adults looks at how workforce burnout has opened businesses to attacks, with trends such as remote and hybrid work, the Great Resignation and worse behavior by cybersecurity professionals being the driving forces behind the threat.

The research, from password manager 1Password, finds that 84 percent of security professionals and 80 percent of other workers are feeling burned out, leading to serious backsliding around security protocols.

Continue reading →

A new survey of over 1,000 IT security professionals finds that 75 percent of organizations recognize zero trust as being important to bolstering their overall cybersecurity posture.

However, the study conducted by Dimensional Research for One Identity also shows only 14 percent have fully implemented a zero trust solution. Another 39 percent of organizations have begun to address this need, and an additional 22 percent say they plan to implement zero trust over the course of the next year.

Continue reading →

Industrial control systems are often critical to things like power and water supplies. In theory they should have the strongest protection available.

In practice, however, this isn't always the case. It's estimated that 91 percent of industrial companies are vulnerable to cyberattacks. So what can businesses do to protect themselves and to recover quickly if they do get attacked?

Continue reading →

The three slices of the data pie -- data governance, data privacy and data security -- are often lumped together -- but although they naturally overlap, there are crucial differences that are important to understand.

Let’s slice up the pie. First, there’s data governance. You can think of it as the cornerstone; the thing that holds everything together. If you have the right data governance in place for all your data assets then it's much easier to apply the right privacy and security controls.

Continue reading →

As the importance of cybersecurity has increased, so has our awareness of it. Poor cybersecurity has been identified as the most pressing threat to businesses today. Issues with cybersecurity often stem from a lack of cybersecurity awareness. In fact, according to the 2020 Cyberthreat Defense Report, a lack of cybersecurity awareness was identified as the biggest detriment to an organization's cyber-defences.

The reasons for this lack of awareness include no training on cybersecurity and persistent misinformation. Despite more media attention than ever, there are still some common misconceptions about cybersecurity that put businesses at risk. Here, we bust the top myths around cybersecurity and how you can address them.

Continue reading →

A new study of 200 IT security decision makers working at organisations with more than 1,000 employees in the UK reveals that 89 percent think traditional approaches don't protect against modern threats.

The report from threat detection and response company Vectra also finds that 76 percent say they have bought tools that failed to live up to their promise, the top three reasons being poor integration, failure to detect modern attacks, and lack of visibility.

Continue reading →

Software development companies are among the most at risk from breaches, according to new research from cybersecurity firm Foxtech.

The research used cyber risk scores, calculated using publicly available information and an analysis of a wide range of cyber security indicators, as an indicator of how high or low the risk of a potential cybersecurity breach is for a company.

Continue reading →

Threats like phishing and spam are often linked to specific domains, understanding how to spot these can help to strengthen threat intelligence.

Domain name and DNS-based predictive threat intelligence company DomainTools has used its database of more than 380 million currently-registered domains to identify which are likely to constitute threats.

Continue reading →

Meta recently announced that the protection, privacy and security offered by end-to-end encryption will not be coming to Facebook Messenger or Instagram until some time in 2023. Until then, anyone looking to send secure messages through Meta's platform will have to turn to WhatsApp.

What was not made particularly clear at the time of the announcement, however, is just why there is such a delay. Now Meta has opened up and revealed some of the thinking behind holding back on the roll-out of end-to-end encryption across all of its messaging services.

Continue reading →

The last couple of years have seen businesses undergo a major shift to remote and hybrid working, largely driven by the pandemic. But this same period has also seen record numbers of data breaches.

Often these attacks begin with phishing to get hold of credentials which can then put both in-house and cloud systems at risk.

Continue reading →

Linux Security Fundamentals provides basic foundational concepts of securing a Linux environment.

The focus of this book is the digital self-defense of an individual user. This includes a general understanding of major threats against individual computing systems, networks, services and identity as well as approaches to prevent and mitigate them.

This book is useful for anyone considering a career as a Linux administrator or for those administrators who need to learn more about Linux security issues. Topics include:

Continue reading →

New data from AtlasVPN shows that 86 percent of hacked Google Cloud accounts are used for illegal cryptomining.

Besides cryptojacking, other uses of compromised accounts include conducting port scanning of other targets on the Internet, occurring 10 percent of the time after a Google Cloud compromise.

Continue reading →

New analysis of more than 200,000 malware samples by Picus Security, a pioneer of Breach and Attack Simulation (BAS) technology, looks at attacker behavior over the last 12 months.

The 2021 Red Report highlights the top 10 most widely seen attack techniques and demonstrates how cybercriminals have shifted towards ransomware over the last year.

Continue reading →