Articles about Security

At the end of November a vulnerability targeting Minecraft servers was uncovered. If you don't play Minecraft you probably didn't pay it much attention.

Since then, however, 'Log4Shell' has surged across the web sending tremors through the security community and prompting the US government to describe it as a 'severe risk'. So, what's going on and is it time to panic?

Continue reading →

Segmentation is an approach that separates critical areas of the network to control traffic, prevent lateral movement, and ultimately reduce the attack surface.

But according to a new study from Guardicore -- based on a survey of over 1,000 IT decision makers by Vanson Bourne -- while 96 percent of organizations claim to be implementing segmentation in their networks, only two percent are segmenting all six mission-critical asset classes, including critical applications, public-facing applications, domain controllers, endpoints, servers, and business critical assets/data.

Continue reading →

Anything that's connected to the internet can be a possible attack route for hackers, but organizations are often forced to use multiple solutions for protection, adding complexity and risk.

Cybereason and Google Cloud are launching an AI-powered XDR (Extended Detection and Response) solution to enhance and simplify the ability to predict, detect, and respond to cyberattacks.

Continue reading →

If you are running a version of Apache Log4j between 2.0-beta9 to 2.14.1 (inclusive) the Log4Shell vulnerability is something you need to be aware off. Tracked as CVE-2021-44228, this is a serious and easily exploited RCE flaw in the open-source Java-based logging utility.

An attacker can exploit the security flaw to execute a remote attack by simply using a particular string as the browser user agent. Although the Apache Software Foundation has released a patched version of Log4j 2.15.0, not everyone is able to update straight away, and this is something that attackers are taking advantage of. Thankfully, security firm Cybereason has released a "vaccine" called Logout4Shell that protects against Log4Shell.

Continue reading →

The current cyberthreat landscape can feel like a dark cloud hanging over the head of every organization, the same way Covid loomed over us for so long. But just as advances in health have offered light at the end of the tunnel for the pandemic, new approaches to cyber wellness can help us stay healthy and secure in the digital realm.

By taking proactive measures to ward off digital diseases like ransomware, and fighting off any infections that do occur through individually tailored therapies and treatments, we can go about our business with confidence, feeling and performing our best. 

Continue reading →

Over time enterprises amass lots of applications, each of which has its own means of authentication and authorization for users. This inevitably leads to 'identity sprawl' with information being held in multiple different silos.

In order to unify identity data from all sources within an organization and turn it into a flexible resource that can deliver verification on demand, Radiant Logic is launching its RadiantOne Intelligent Identity Data Platform.

Continue reading →

A new report from Venafi, based on in-depth security analysis of the world's top million websites over the last 18 months, shows the internet is becoming more secure.

Use of encryption is increasing and the adoption of newer TLS protocols is rising. However, many companies continue to use legacy RSA encryption algorithms to generate keys, despite stronger protocols being available.

Continue reading →

The Linux Foundation has announced that it will host the Cloud Hypervisor project, aiming to deliver a Virtual Machine Monitor for modern cloud workloads.

Written in Rust, the project has a strong focus on security, features include CPU, memory and device hot plugging; support for running Windows and Linux guests; device offload with vhost-user; and a minimal and compact footprint.

Continue reading →

Bots tend to have a poor reputation, launching cyber attacks, beating you to the best bargains on eCommerce sites and generally being a bit of a pain in the Net.

Nowadays bots are frequently available 'as-a-service' so it's possible to rent one for a period of time to execute an attack. But, according to research for Cequence Security, 32 percent of respondents say they've used a shopping bot before and 38 percent say they might in the future. So that's 70 percent of people who are thinking, 'If you can't beat them, join them.'

Continue reading →

In the last year, 47 percent of all identity document fraud was classed as 'medium' sophisticated, a 57 percent increase over the previous 12 months.

A report from identity verification and authentication company Onfido says this points to organized groups attempting to create 'verified' accounts with fake documents before using them to embark on other types of fraud.

Continue reading →

A new survey of 2,500 adults looks at how workforce burnout has opened businesses to attacks, with trends such as remote and hybrid work, the Great Resignation and worse behavior by cybersecurity professionals being the driving forces behind the threat.

The research, from password manager 1Password, finds that 84 percent of security professionals and 80 percent of other workers are feeling burned out, leading to serious backsliding around security protocols.

Continue reading →

A new survey of over 1,000 IT security professionals finds that 75 percent of organizations recognize zero trust as being important to bolstering their overall cybersecurity posture.

However, the study conducted by Dimensional Research for One Identity also shows only 14 percent have fully implemented a zero trust solution. Another 39 percent of organizations have begun to address this need, and an additional 22 percent say they plan to implement zero trust over the course of the next year.

Continue reading →

Industrial control systems are often critical to things like power and water supplies. In theory they should have the strongest protection available.

In practice, however, this isn't always the case. It's estimated that 91 percent of industrial companies are vulnerable to cyberattacks. So what can businesses do to protect themselves and to recover quickly if they do get attacked?

Continue reading →

The three slices of the data pie -- data governance, data privacy and data security -- are often lumped together -- but although they naturally overlap, there are crucial differences that are important to understand.

Let’s slice up the pie. First, there’s data governance. You can think of it as the cornerstone; the thing that holds everything together. If you have the right data governance in place for all your data assets then it's much easier to apply the right privacy and security controls.

Continue reading →

As the importance of cybersecurity has increased, so has our awareness of it. Poor cybersecurity has been identified as the most pressing threat to businesses today. Issues with cybersecurity often stem from a lack of cybersecurity awareness. In fact, according to the 2020 Cyberthreat Defense Report, a lack of cybersecurity awareness was identified as the biggest detriment to an organization's cyber-defences.

The reasons for this lack of awareness include no training on cybersecurity and persistent misinformation. Despite more media attention than ever, there are still some common misconceptions about cybersecurity that put businesses at risk. Here, we bust the top myths around cybersecurity and how you can address them.

Continue reading →