Articles about Security

Over a quarter of businesses (28 percent) have critical vulnerabilities that could easily be exploited by cyberattack.

But even when these vulnerabilities are flagged by penetration testing, they are still being left unaddressed.

Continue reading →

The final quarter of 2021 saw a 356 percent growth in the number of attacks where the infection vectors were CVE or zero day vulnerabilities compared to Q3.

The latest Threat Landscape report from Kroll shows CVE/zero day exploitation accounted for 26.9 percent of initial access cases over the period, indicating that attackers are becoming more adept at exploiting vulnerabilities, in some cases leveraging them on the same day that the proof-of-concept exploit appears.

Continue reading →

Digital supply chain breaches are becoming more common, as supply chains increase in complexity so the attack surface grows and even smaller businesses can have complex webs of connections.

But how do supply chain breaches impact businesses? And what can they do to cut the risk? We spoke to Jeremy Hendy, CEO of digital risk protection specialist Skurio, to find out.

Continue reading →

New research from multi-factor authentication specialist Beyond Identity finds that 83 percent of employees admit to maintaining continued access to accounts from a previous employer.

More worrying is that over half of these employees (56 percent) say they have used this continued digital access with the specific intent of harming their former employer. This figure jumps to 70 percent among those who had been dismissed.

Continue reading →

The Internet Society (ISOC) is one of the oldest and most important international non-profit organizations related to the internet, but that doesn't make it immune to problems and it's revealed today that ISOC members' details have been exposed in a data security breach

Independent cybersecurity researcher Bob Diachenko, in collaboration with cybersecurity company Clario, discovered an open and unprotected Microsoft Azure blob repository containing millions of files with personal and login details of ISOC members.

Continue reading →

The 2021 threat landscape has become more crowded as new adversaries emerge according to the 2022 Global Threat Report released today by CrowdStrike.

CrowdStrike Intelligence is now tracking more than 170 adversaries in total with 21 added last year. Financially motivated eCrime activity continues to dominate with intrusions attributed to eCrime accounting for 49 percent of all observed activity.

Continue reading →

Risk Based Security (RBS) has today released its 2021 Year End Vulnerability QuickView Report showing that a total of 28,695 vulnerabilities were disclosed last year.

This the highest number recorded to date. Now that the vulnerability disclosure landscape has moved past the COVID-19 pandemic, RBS predicts that the number of vulnerabilities disclosed will continue to rise year-on-year in future.

Continue reading →

The timeliness of security checks during the software testing process is critical to more rapid and higher quality software development and yielding higher returns. Yet DevOps and security have historically struggled to integrate in the software development life cycle (SDLC). According to a Gartner study, through 2022, 90 percent  of software development projects plan to follow DevSecOps practices, up from 40 percent  in 2019.

With the increased risks of cyberattacks and pressure on DevOps teams to deliver software to faster timelines, the risks and consequences associated with flawed code and faulty infrastructure configurations cannot afford to be missed in the early development stages. So the pros of uniting these teams is clear, but the cons remain costly and their discord could hold organizations back by making software deployment faster but in doing so releasing security vulnerabilities.

Continue reading →

In theory, the fact that Google Chrome can warn you if any of your saved passwords have been involved in breaches is a good thing. In theory. In practice, it can be a different story. There may be a very good reason for no wanting to change a particular saved password, rendering warnings nothing more than irritating.

You could, of course, disable password warnings completely, but this is clearly something of a security risk. But if an experimental setting Google is working on in Chrome makes its way to the release version of the browser, you could soon have finer-grained control over password warnings -- meaning that you could stop Chrome pestering you about passwords you won't want to change or can't change.

Continue reading →

The CISA (US Cybersecurity and Infrastructure Security Agency) has published a list of 15 actively exploited software vulnerabilities, encouraging users of Windows and macOS to install the available patches.

Included in the list is the SeriousSAM vulnerability that is also known as HiveNightmare affects Windows 10 and 11. Tracked as CVE-2021-36934, this is a local privilege escalation vulnerability that makes it possible for an attacker to grab password hashes from the registry and gain admin privileges.

Continue reading →

Internet of Things devices are making their way into more and more areas of our lives. But while they offer many benefits they also present businesses with a problem when it comes to managing and securing them.

An ever widening range of devices now have connectivity that may be off the radar of company IT and cybersecurity teams. We spoke to Roy Dagan, CEO of SecuriThings, to discuss the issue and how enterprises can tackle it.

Continue reading →

Sending and receiving important, mission-critical, or time-sensitive documents -- whether as an email attachment, via a file-sharing app, or as a digital fax -- is today a critical component of business processes and communication.

Digital documents are now a primary form of business communication, and everything from contracts to proposals and RFQs should be considered data that is governed by compliance and security regulations. Let’s examine the four leading considerations for businesses when it comes to secure digital document transmission.

Continue reading →

We increasingly rely on APIs to deliver the smooth sharing of information between applications. But their very functionality and ease of use is also a gift to attackers.

A recent report from Cequence Security shows that 80 percent, or 1.8 billion, blocked attacks between June and December 2021 were found to be API-based. At the same time APIs exposing sensitive data like payment (PCI) or personally identifiable information (PII) have increased by 87 percent.

Continue reading →

There is 37 percent chance of a company losing IP when an employee quits, according to a new report from insider risk management company Code42.

Hot on the heels of yesterday's report about malicious insiders, the study, carried out by Vanson Bourne, finds that cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft.

Continue reading →

Thanks to its use on many cloud servers, Linux is a core part of the digital infrastructure. It's not surprising therefore that it's increasingly being targeted by attacks.

A new report from the Threat Analysis Unit at VMware finds malware targeting Linux-based operating systems is increasing in both volume and complexity amid a rapidly changing threat landscape,

Continue reading →