Articles about Security

LastPass users around the world were thrown into a state of panic after the company issued email warning about unauthorized use of master passwords.

The password manager company advised users of suspicious login attempts using the master password associated with their account. This led to concerns that the company has been hacked or that  passwords had been leaked, but LastPass says that the warnings were erroneous.

Continue reading →

Over the last 18 months, the world has changed which has impacted everyone personally and in the workplace.  Businesses now have to adopt more flexible, work-from-anywhere strategies. This has increased the potential for security attacks that IT and Operations Teams need to defend against with the majority of employees remotely connecting to critical business systems.

With more companies embracing cloud communications and enabling employees to connect from a myriad of devices using a plethora of business applications, the opportunity for bad actors to compromise critical systems has expanded and security can no longer be an afterthought. It has to be included in the overall company strategy. Here’s what we foresee on the horizon for infrastructure security in 2022.

Continue reading →

Technology has had an impact on most areas of our lives. In the healthcare sector the pandemic has seen a rise in the use of remote consultations and more.

In the next year experts expect this to continue along with trends towards AI, wearables and more.

Continue reading →

Although 5G technology isn't yet available to everyone, the rollout continues and as it does businesses need to recognize the challenges and opportunities that it brings.

Here are some industry expert views on what we can expect from 5G in 2022.

Continue reading →

The transition to remote and hybrid working has led enterprises to radically revise the way they operate. This has thrown up a variety of new challenges in ensuring systems remain secure.

Industry experts give us their views on what security issues businesses will face as we head into 2022.

Continue reading →

Zero trust has been one of the security buzz phrases of the past year and control of identity and credentials is likely to remain a focus for businesses and consumers alike, especially as the work from home trend looks set to continue.

Here's what some of the experts think the identity field holds for us in 2022.

Continue reading →

Cybercrime has increasingly become a feature of the modern world and its perpetrators are getting ever more professional.

But what can we expect to see next year in terms of the types of attack and how they're delivered? Here's what the experts think.

Continue reading →

Even a year after the SolarWinds infiltration in late 2020, software supply chain risk continues to dominate the security conversation. Take the Log4Shell vulnerability that recently came to light and caught everyone off guard. Not only is this flaw insanely easy to exploit but the impacted Log4j library is used in nearly every enterprise Java installation -- and the vulnerability gives attackers ultimate power to download, delete, install, and server-hop as they please. As even massive companies like Google, PayPal, Apple, and Netflix are impacted by this flaw via the software supply chain, it’s another one that makes organizations wonder: are we using that too?

In 2022, IT leaders will intensify their supply chain focus to answer this very question, expanding their scrutiny from their own applications to the components they buy and integrate. Widening the scope of the supply chain is crucial; outside software and components need their checks and balances just as code created internally does. This deepened understanding of supply chain risk will increase demands to test and secure everything, from the most seemingly insignificant open source package to the most extensive APIs and third-party components.

Continue reading →

A new report finds that although 37 percent of respondents would pay a ransom, more than half of this group (57 percent) would reverse that decision if they had to publicly report the payment.

The Ransomware Disclosure Act, a bill currently before the US Senate, would require companies to report ransomware payments within 48 hours and so could have a dampening effect on the crime's profitability.

Continue reading →

In 93 percent of cases, an external attacker can breach an organization's network perimeter and gain access to local network resources.

This is among the findings of a new study of pentesting projects from Positive Technologies, conducted among financial organizations, fuel and energy organizations, government bodies, industrial businesses, IT companies and other sectors.

Continue reading →

Almost a quarter (22 percent) of employees globally are likely to expose their organization to the risk of cyber-attack via a successful phishing attempt according to a new study.

The study, from AI-driven cybersecurity training software company Phished, shows that of employees who open a phishing message 53 percent are likely to click a malicious link contained within it.

Continue reading →

A new report produced by MITRE Engenuity and Cybersecurity Insiders seeks to understand the current state of managed services security.

It finds that while 68 percent of respondents use MSSP/MDR solutions to fill security gaps, a worrying 47 percent are not confident in the technology or the people. Also 44 percent are not confident in the managed services security processes.

Continue reading →

Log data is important for tasks such as tracking performance of applications and capacity resources, informing product improvements, and identifying threats and anomalous activity.

But a new report from LogDNA, based on a Harris poll of more than 200 professionals responsible for observability and log data management across the US, shows 74 percent of companies are still struggling to achieve true observability despite substantial investments in tools.

Continue reading →

Ransomware is being targeted at organizations seven days a week, leaving no time for enterprises to shore up their security operations, according to a new report.

Analysis of publicly reported ransomware events by RiskRecon looks at the dates on which ransomware activated to encrypt systems, a metric that which was disclosed in 473 of the 654 events examined.

Continue reading →

Microsoft is improving the security of one-on-one Teams chats by adding end-to-end encryption. After a couple of months of testing the feature as part of a public preview the company says that the optional security boost is now generally available.

In order for calls to be protected, both parties need to have end-to-end encryption enabled. And if you're wondering why you might want to have E2EE disabled in Microsoft Teams, it's because having the security feature enabled means that some other call features do not work.

Continue reading →