Articles about Security

The financial services industry is a prime target for cybercriminals due to the vast sums of money managed but also the quantity and quality of sensitive information that is collected by these institutions.

A new industry report by Blueliv uses threat intelligence gathered by the company’s Threat Compass to assess the evolving threat landscape surrounding the financial services sector.

Continue reading →

Since the Log4Shell attack targeting a log4j vulnerability was first uncovered towards the end of last year it's posed a threat to web servers worldwide.

It's a tricky problem to address because doing so means updating software dependencies. Meanwhile attackers are seeking to inject text into log messages or log message parameters, then into server logs which can then load code from a remote server for malicious use, using obfuscation techniques to hide from security software.

Continue reading →

Last year 48 percent of ransomware attacks were directed at targets in the United States, with industrial and energy, retail, and finance businesses among the most threatened.

Research from AtlasVPN finds that out of 2,845 witnessed ransomware attacks worldwide in 2021 1,352 were launched against targets in the US. Meanwhile one in five attacks were against European countries with France suffering 146 attacks, the UK 139 and Germany 115.

Continue reading →

Microsoft has fixed a critical vulnerability which affects several versions of its operating system including Windows 11 and Windows Server 2022.

The security bug is an HTTP vulnerability which is tracked as CVE-2022-21907 and Microsoft warns it is wormable. The company has issued a fix for the flaw and says that users should prioritize installing it to secure their systems.

Continue reading →

The majority of data breaches are down to compromised credentials that allow privileged access to corporate systems, in particular infrastructure secrets such as API keys, certificates, database passwords and access keys.

Keeper Security is launching a new solution to help businesses in securing these secrets. Keeper Secrets Manager is cloud-based, fully-managed and uses innovative security architecture.

Continue reading →

A new survey from Kaspersky finds 85 percent of IT decision makers in North America say their cybersecurity budget will increase anywhere up to 50 percent in the next 12 months.

The survey, carried out in October 2021 and targeting 600 IT decision makers in the US and Canada, finds 28 percent of respondents say their company annually invests anywhere from $25K-$50k in cybersecurity.

Continue reading →

Microsoft has revealed details of a security vulnerability in macOS that could be exploited to gain unathorized access to user data.

The vulnerability, which has been named 'powerdir' and is being tracked as CVE-2021-30970, involves a logic issue in the Transparency, Consent and Control (TCC) security framework. The security and privacy problem was discovered by the Microsoft 365 Defender Research Team and was reported to Apple is mid-July last year.

Continue reading →

While most endpoint security products are capable of handling public email and web-based threats, many are unable to provide complete protection against targeted attacks, according to a new report.

Security testing firm SE Labs tested a variety of endpoint security products from different vendors in order to gauge their effectiveness.

Continue reading →

According to a Cybersecurity Ventures report, 2021 was predicted to have one cyberattack every 11 seconds and the cumulative cost to repair these post cyber incidents will soar to over $6 trillion in 2022.

As the digital business ecosystem expanded and the attack surface grew in tandem, cybersecurity investments have remained products and services driven. However, this approach only allows enterprises to accept or improve their cyber risk posture. Now, as the costs to manage and mitigate cyber risks rise – the average ransom demand increased by 170 percent from 2020-2021 -- businesses are seeking to 'transfer' their cyber risks through insurance. Last year alone, cyber insurance claim frequency increased by 46 percent for IT services, 53 percent for professional services, and 263 for the industrial industry, according to a report by Coalition.

Continue reading →

The Colonial Pipeline attack in 2021 highlighted how vulnerable industrial control systems, and in particular energy supplies, can be to cyberattacks.

The oil and gas sector is particularly at risk as it often relies on older devices that don't receive timely firmware updates. We spoke to Mark Kerzner, CEO and co-founder of ElephantScale and Scaia AI who has worked with many oil industry leaders, to find out more about the risks and how they can be addressed.

Continue reading →

Over half (55 percent) of organizations see malware and ransomware as an 'extreme' threat and 75 percent believe it will get bigger over the next year.

This is among the findings of the 2021 Malware and Ransomware report from Bitglass (which was recently acquired by Forcepoint). A joint venture with Cybersecurity Insiders, the report is based on a survey of hundreds of cybersecurity professionals across industries to better understand how the growing malware and ransomware problem has changed the way they protect their organization.

Continue reading →

A flaw in the comments feature of Google Docs is allowing attackers to target users with phishing emails.

Security researchers at email security company Avanan have observed what they call, "a new, massive wave of hackers" using the comment feature in Google Docs during December to launch attacks, mainly against Outlook users.

Continue reading →

As organizations adapt to hybrid working models and modernize business practices, so too must cybersecurity programs.

We talked to Rupesh Chokshi, VP at AT&T Cybersecurity, to discuss key challenges and how XDR is becoming an important framework, helping organizations consolidate and improve security operations across the entire network, from endpoints to the cloud and beyond.

Continue reading →

LastPass users around the world were thrown into a state of panic after the company issued email warning about unauthorized use of master passwords.

The password manager company advised users of suspicious login attempts using the master password associated with their account. This led to concerns that the company has been hacked or that  passwords had been leaked, but LastPass says that the warnings were erroneous.

Continue reading →

Over the last 18 months, the world has changed which has impacted everyone personally and in the workplace.  Businesses now have to adopt more flexible, work-from-anywhere strategies. This has increased the potential for security attacks that IT and Operations Teams need to defend against with the majority of employees remotely connecting to critical business systems.

With more companies embracing cloud communications and enabling employees to connect from a myriad of devices using a plethora of business applications, the opportunity for bad actors to compromise critical systems has expanded and security can no longer be an afterthought. It has to be included in the overall company strategy. Here’s what we foresee on the horizon for infrastructure security in 2022.

Continue reading →