Articles about Security

Patch Tuesday has rolled round again, and Microsoft has released a cumulative update for Windows 11.

The KB5007215 update addresses security issues that have been found in the latest version of Microsoft’s operating system, and also fixes other problems. Among the issues patched are a screen rendering problem affecting various apps. Microsoft has also released a video including some Windows 11 tips.

Continue reading →

As digital transformation projects roll out, APIs are more critical than ever to build modern applications. But as we reported last week they also create security headaches.

Security testing specialist Veracode is addressing this with the launch of a new scanning tool that enables organizations to find and fix vulnerabilities in APIs.

Continue reading →

Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020 level, according to the latest quarterly trends report by PhishLabs.

Social media is now the attack target of choice, with attacks per target climbing steadily, up 82 percent year-to-date. The payment services industry continues to be the most targeted, but staffing and recruiting experienced the steepest increase in attacks compared to Q2.

Continue reading →

New research from security automation specialist Ivanti shows that ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since the beginning of 2021.

The report, produced with Cyber Security Works and Cyware, reveals that the last quarter has seen a 4.5 percent increase in CVEs associated with ransomware.

Continue reading →

The idea of a 'common digital identity' (CDI), that would allow access to a range of services, offers huge benefits to financial institutions in delivering better, faster, and more reliable checks for consumers.

Consumers themselves, however, are less convinced. A survey conducted by RegTech Associates on behalf of PassFort finds only 17 percent of UK respondents say they are very much in favour of CDI.

Continue reading →

Only 45 percent of respondents to a recent survey believe it is currently possible to prevent all malware threats from infiltrating their organization's network.

The survey from Deep Instinct does show some longer term optimism though. 66 percent of respondents believe it may be possible to prevent all malware threats from infiltrating their organization's network in the next two to five years.

Continue reading →

According to commonly accepted truisms within the app development world, consumers care most about functionality, and they’re perfectly willing to give up strong security if it means they get better features faster.

Unfortunately, these bits of common knowledge about consumers’ attitudes towards mobile security are wrong, according to a recent Appdome survey of 10,000 mobile consumers from around the world. Far from accepting a "buyer beware" approach to mobile app security, consumers place a high priority on security and possess a sophisticated understanding of mobile security. In fact, 74 percent of all consumers would stop using an app if they learned it had been breached or hacked, and nearly half (46 percent) would tell their friends to do the same.

Continue reading →

Microsoft's Active Directory is used by many businesses as a way of managing identity services and controlling access.

But if it's not configured correctly it can lead to security risks. But how dangerous is this and what can enterprises do to keep themselves safe? We spoke to Andy Robbins, technical product architect at SpecterOps to find out.

Continue reading →

Open banking, connecting banks, third parties and service providers, allowing them to exchange information quickly and securely, has been rolling out since 2018 and delivers a great deal of convenience for consumers.

However, while it doesn't introduce new fraud risks in itself, open banking does create opportunities for fraudsters to attempt account takeovers, for example, or to target banks' own PSD2 (Payment Services Directive 2) implementations for Payment Initiation Service Providers (PISP).

Continue reading →

According to a new report 59 percent of all workers are using corporate email for personal use, but Gen Zs are the biggest offenders at 93 percent.

The study from SailPoint also finds that Gen Z (77 percent) and Millennials (55 percent) are using corporate emails for their social media logins, compared to just 15 percent of Gen X and seven percent of Boomers.

Continue reading →

Rootkits, those sneaky bits of software that lurk deep inside a system in order to give access to hackers, have been around since the late 1980s.

A new study from Positive Technologies takes a close look at how they have evolved in recent years and just how much of a threat they present.

Continue reading →

A new report from Imperva suggests that the 2021 holiday shopping season faces disruption by cybercriminals looking to create chaos and take advantage of the global supply chain crisis.

Bot attacks against retail sites have risen by 13 percent in 2021, with 57 percent of attacks recorded on eCommerce websites this year carried out by bots. In comparison, bad bots made up just 33 percent of the total attacks on websites in all other industries in 2021.

Continue reading →

Over the last year at least 44 percent of respondents to a new survey faced substantial issues concerning privacy, data leakage, and object property exposure with internal or external-facing APIs.

The study for Cloudentity, based on research carried out by PulseQA, shows that as a result of these issues, 97 percent of enterprises have experienced delays in releases of new applications and service enhancements due to identity and authorization issues with APIs and services.

Continue reading →

New research from identity security specialist One Identity shows that 95 percent of companies report challenges managing identities.

In addition 84 percent say that the number of identities they're managing has more than doubled, which means they have too many identities and credentials to keep track of, leaving holes within their network, evidenced by only 12 percent of security professionals being fully confident they can prevent a credential-based attack.

Continue reading →

Energy organizations provide infrastructure that's essential for the safety and well being of society, but recent events like the Colonial Pipeline breach demonstrate that the industry is particularly vulnerable to cyberattacks.

A new report on energy industry threats finds that 20 percent of energy employees have been exposed to a mobile phishing attack in the first half of 2021, a 161 percent increase from the second half of 2020.

Continue reading →