Articles about Security

Financial services companies on the Bugcrowd platform experienced a 185 percent increase in the last 12 months for Priority One (P1) submissions, which relate to the most critical vulnerabilities.

According to activity recorded on the Bugcrowd Security Knowledge Platform, high-level trends include an increase in ransomware and the reimagining of supply chains, leading to more complex attack surfaces during the pandemic.

Continue reading →

Although Secure Access Service Edge (SASE) is widely seen as the answer to balance network performance and security, new research from Cato Networks shows a radical approach is needed in order to reap the full benefits.

The study of over 2,000 IT leaders and nearly 1,000 channel partners doesn't show much difference between those who have and have not adopted SASE. When asked how they react to performance issues with cloud applications, 67 percent of SASE users and 61 percent of non-SASE users claim they would add bandwidth, while 19 percent of SASE users and 21 percent of non-SASE users would look to WAN optimization appliances.

Continue reading →

From a privacy point of view, there is much to love about end-to-end encryption, as employed by the likes of WhatsApp. But while users may delight in the knowledge that their communication is free from surveillance, there are some groups that have a different opinion.

Law enforcement agencies have long-complained that E2E encryption stands in the way of investigations, and serves to complicate evidence gathering. Many governments are of the same mind, and it's not just those that are traditionally regarded as totalitarian by other countries. Governments from ostensibly democratic countries are opposed to E2E encryption, and some are using underhand tactics in negative PR campaigns.

Continue reading →

Historically identity and access management has been built around an on-premises model. But with more systems now residing in the cloud the old way of doing things isn't working.

To find out more about why the cloud needs a new approach to IAM we spoke to Britive CEO, Art Poghosyan, about the challenges it raises and how to address them.

Continue reading →

Adobe Creative Cloud hosts popular apps including Photoshop and Acrobat, it also aids collaboration by allowing users to share documents.

Cybersecurity researchers at Avanan have discovered that hackers are now exploiting these file-sharing services as a phishing attack vector by sending legitimate emails through a trusted sender, bypassing ATP protection via Adobe’s SaaS offering.

Continue reading →

As baby boomers reach retirement age, younger people are taking their place in the workforce. But does this lead to a loss of skills that aren't being replaced?

A new study commissioned by Appgate looks at how generational differences impact cybersecurity teams and the benefits to be gained from having an inter-generational mix of staff.

Continue reading →

The financial services industry is a prime target for cybercriminals due to the vast sums of money managed but also the quantity and quality of sensitive information that is collected by these institutions.

A new industry report by Blueliv uses threat intelligence gathered by the company’s Threat Compass to assess the evolving threat landscape surrounding the financial services sector.

Continue reading →

Since the Log4Shell attack targeting a log4j vulnerability was first uncovered towards the end of last year it's posed a threat to web servers worldwide.

It's a tricky problem to address because doing so means updating software dependencies. Meanwhile attackers are seeking to inject text into log messages or log message parameters, then into server logs which can then load code from a remote server for malicious use, using obfuscation techniques to hide from security software.

Continue reading →

Last year 48 percent of ransomware attacks were directed at targets in the United States, with industrial and energy, retail, and finance businesses among the most threatened.

Research from AtlasVPN finds that out of 2,845 witnessed ransomware attacks worldwide in 2021 1,352 were launched against targets in the US. Meanwhile one in five attacks were against European countries with France suffering 146 attacks, the UK 139 and Germany 115.

Continue reading →

Microsoft has fixed a critical vulnerability which affects several versions of its operating system including Windows 11 and Windows Server 2022.

The security bug is an HTTP vulnerability which is tracked as CVE-2022-21907 and Microsoft warns it is wormable. The company has issued a fix for the flaw and says that users should prioritize installing it to secure their systems.

Continue reading →

The majority of data breaches are down to compromised credentials that allow privileged access to corporate systems, in particular infrastructure secrets such as API keys, certificates, database passwords and access keys.

Keeper Security is launching a new solution to help businesses in securing these secrets. Keeper Secrets Manager is cloud-based, fully-managed and uses innovative security architecture.

Continue reading →

A new survey from Kaspersky finds 85 percent of IT decision makers in North America say their cybersecurity budget will increase anywhere up to 50 percent in the next 12 months.

The survey, carried out in October 2021 and targeting 600 IT decision makers in the US and Canada, finds 28 percent of respondents say their company annually invests anywhere from $25K-$50k in cybersecurity.

Continue reading →

Microsoft has revealed details of a security vulnerability in macOS that could be exploited to gain unathorized access to user data.

The vulnerability, which has been named 'powerdir' and is being tracked as CVE-2021-30970, involves a logic issue in the Transparency, Consent and Control (TCC) security framework. The security and privacy problem was discovered by the Microsoft 365 Defender Research Team and was reported to Apple is mid-July last year.

Continue reading →

While most endpoint security products are capable of handling public email and web-based threats, many are unable to provide complete protection against targeted attacks, according to a new report.

Security testing firm SE Labs tested a variety of endpoint security products from different vendors in order to gauge their effectiveness.

Continue reading →

According to a Cybersecurity Ventures report, 2021 was predicted to have one cyberattack every 11 seconds and the cumulative cost to repair these post cyber incidents will soar to over $6 trillion in 2022.

As the digital business ecosystem expanded and the attack surface grew in tandem, cybersecurity investments have remained products and services driven. However, this approach only allows enterprises to accept or improve their cyber risk posture. Now, as the costs to manage and mitigate cyber risks rise – the average ransom demand increased by 170 percent from 2020-2021 -- businesses are seeking to 'transfer' their cyber risks through insurance. Last year alone, cyber insurance claim frequency increased by 46 percent for IT services, 53 percent for professional services, and 263 for the industrial industry, according to a report by Coalition.

Continue reading →