Articles about Security

New data from AtlasVPN shows that 86 percent of hacked Google Cloud accounts are used for illegal cryptomining.

Besides cryptojacking, other uses of compromised accounts include conducting port scanning of other targets on the Internet, occurring 10 percent of the time after a Google Cloud compromise.

Continue reading →

New analysis of more than 200,000 malware samples by Picus Security, a pioneer of Breach and Attack Simulation (BAS) technology, looks at attacker behavior over the last 12 months.

The 2021 Red Report highlights the top 10 most widely seen attack techniques and demonstrates how cybercriminals have shifted towards ransomware over the last year.

Continue reading →

It seems like a while since we've had a day dedicated to some aspect of the tech world, so if you're looking for something to celebrate in the lull between Thanksgiving and Christmas you'll be pleased to hear that today is International Computer Security Day.

This is designed to create greater awareness of computer security issues and encourage people to secure the personal information stored on their computers.

Continue reading →

Researchers at F-Secure have discovered vulnerabilities in more than 150 HP multifunction printer (MFP) products. These could allow attackers to seize control of vulnerable devices, steal information, and further infiltrate networks to inflict other types of damage.

HP has issued patches to address the vulnerabilities which include exposed physical access port vulnerabilities (CVE-2021-39237) and font parsing vulnerabilities (CVE-2021-39238).

Continue reading →

Many things have come as a result of the COVID-19 pandemic, and the increased usage of video messaging and video conferencing tools is one interesting phenomenon. At the start of coronavirus-related lockdowns and periods of working from home, Zoom rocketed in popularity -- but the service soon found its security practices under close scrutiny and in receipt of strong criticism.

In the intervening month, Zoom did a lot of work to improve not only its images, but also the security of its platform and safety of its users. Continuing this trend, the company has launched a new automatic update feature for the Windows and macOS versions of the Zoom client.

Continue reading →

While 91 percent of medical organizations have already implemented telehealth capabilities, 52 percent of respondents have experienced cases where patients refused to use the services due to security concerns.

This is the key finding of a new research study by Kaspersky which also shows the pandemic has had a major effect with 44 percent of organizations implementing telehealth after COVID-19 hit.

Continue reading →

Once again, micro-patching firm 0patch has beaten Microsoft to the punch, releasing an unofficial patch for a zero-day vulnerability in Windows.

This time around we're talking about CVE-2021-24084, a local privilege escalation (LPE) zero-day vulnerability in Windows' Mobile Device Management service. The flaw affects Windows 10 version 1809 and later, and Microsoft is yet to release an official patch of its own. Not wanting to leave systems at risk of attack, 0patch stepped in to help out users by offering up a free fix.

Continue reading →

Yes, you did read the headline correctly; security researchers have discovered a stealthy new remote access trojan (RAT) designed to attack Linux systems. Named CronRAT, the malware hides as a scheduled task and is configured to run on a non-existent date – February 31st.

Researchers from Sansec warn that CronRAT "enables server-side Magecart data theft which bypasses browser-based security solutions". This is something that is particularly concerning this Black Friday.

Continue reading →

A survey of 2,000 UK adults, reveals that 45 percent don't trust big tech companies to safeguard their personal data.

The study from NexGen Cloud finds 66 percent concerned about how tech giants are able to collect and use their personal information. In addition only 24 percent of individuals believe big tech firms have their best interests at heart.

Continue reading →

New research from Python software house STX Next finds that that CTOs see human error, ransomware and phishing as the biggest security threats.

The study of 500 CTOs globally shows 59 percent still see human error as the main security threat to their business, alongside other prominent concerns such as ransomware (49 percent) and phishing (36 percent).

Continue reading →

A security researcher has revealed a serious vulnerability affecting Windows 10, Windows 11 and Windows Server. By exploiting the vulnerability, an attacker would be able to easily gain administrative privileges on a victim's system.

The discovery and revelation were made by Abdelhamid Naceri, during his research on a Microsoft patch for another vulnerability tracked as CVE-2021-41379. He was able to bypass the patch for the Windows Installer Elevation of Privilege Vulnerability and also discovered another serious zero-day for which he has shared a proof-of-concept exploit.

Continue reading →

Every single networked machine relies on an identity -- in the form of cryptographic keys or digital certificates -- so that it can identify itself and communicate with other machines securely.

In the wrong hands though machine identities can enable cybercriminals to appear trustworthy, slip past security defences undetected, gain access to networks, and exfiltrate data. Yet organizations still overlook the importance of protecting them.

Continue reading →

A new javascript downloader named 'RATDispenser', distributing eight different Remote Access Trojans, keyloggers and information stealers has been uncovered by HP Wolf Security.

Most worrying is that RATDispenser is only detected by 11 percent of available anti-virus engines, meaning it's able to bypass detection tools and successfully deploy malware in the majority of cases.

Continue reading →

Around two thirds (66 percent) of UK business leaders expect the threat from cyber criminals to increase over the next 12 months, according to the latest PwC cybersecurity survey of business and technology executives.

In the past year ransomware has had a significant impact on organizations already dealing with the challenges posed by the Covid pandemic, and 61 percent of executives expect to see an increase in reportable ransomware incidents in 2022.

Continue reading →

In recent years many of the most high-profile cyberattacks have come through the supply chain, involving third-party suppliers and partners.

It's historically been difficult for businesses to assess third-party risks, often involving time consuming manual processes in order to do so.

Continue reading →