Articles about Security

As we saw in the recent SolarWinds attack, Active Directory can be exploited as a means of attacking corporate networks.

But why is AD such an attractive target? And why are companies struggling to secure it even though it's hardly a new technology? We spoke to Carolyn Crandall, chief security advocate at AttivoNetworks to find out.

Continue reading →

A new survey for cloud computing company Linode, carried out by ClearPath Strategies, looks at how much developers trust their third-party cloud providers.

Based on responses from 800 developers at small and mid-sized businesses, it finds that while developers generally say they trust their provider of choice in general, deeper examination uncovers some issues when it comes to major cloud providers.

Continue reading →

Last year, Microsoft issued advice to stop using Remote Desktop Connection Manager (RDCMan) and turn to either Remote Desktop Connection or a universal Remote Desktop client instead.

The advice came after Microsoft deprecated RDCMan following the discovery of a serious security vulnerability which the company had said would not be fixed. But having been made part of the Windows Sysinternals tools collection, a fix has now been issued meaning that RDCMan is now safe to use once again.

Continue reading →

To help address the ongoing problems with the so-called PrintNightmare vulnerability (CVE-2021-34527), Microsoft has announced a change to the default behavior of the Point and Print feature in Windows.

The change has been delivered via the KB5005033 and KB5005031 update and means that in order to install printer drivers, users will have to have administrative privileges. This mitigates against the Windows Print Spooler vulnerability that allowed any user to install drivers via Point and Print, a fact that could be exploited to install a malicious drivers to allow for remote code execution and SYSTEM privileges.

Continue reading →

A new whitepaper released today by O'Reilly and based on a survey of tech professionals experiences of ransomware concludes that basic security practices like backups are key to surviving an attack.

Of 950 respondents to the study only six percent had experienced a ransomware attack directly in the organization they work for and, by and large, these organizations have strong security measures in place.

Continue reading →

A third of financial institutions are accelerating their AI and machine learning adoption for anti-money laundering (AML) technology in response to COVID-19.

Meanwhile, another 39 percent of compliance professionals say their AI/ML adoption plans will continue, despite the pandemic's disruption, this is according to a new study by analytics company SAS, consultancy KPMG and the Association of Certified Anti-Money Laundering Specialists (ACAMS).

Continue reading →

We know that cyber criminals are increasingly operating in a businesslike way and using underground marketplaces to sell services and information.

A new report from threat intelligence specialist IntSights looks at one particular aspect of this trend which is the sale of access to already compromised networks.

Continue reading →

Researchers at Varonis are warning about a Salesforce misconfiguration that can expose sensitive data to anyone on the internet.

The issue is in the Salesforce Community, which lets Salesforce customers create their own websites to connect with users outside their organization and collaborate.

Continue reading →

Google's Titan Security Key dongles are a great way to secure accounts using hardware rather than only relying on software. The search giant has offered these little devices for years now with USB-A, USB-C, and Bluetooth connectivity.

Back in 2019, Google discovered a vulnerability in its Bluetooth-capable Titan Security Key that lead to a recall. With that said, it is not surprising that in 2021, the search giant is dropping that wireless connection option entirely. You see, starting tomorrow, the Google Titan Security Keys are ditching Bluetooth to instead rely on NFC -- in addition to USB, of course.

Continue reading →

An open letter signed by privacy advocates, security experts, technology companies and legal specialists has been sent to Apple, decrying the company's plans to scan the photos of Mac, iPad and iPhone users for evidence of child abuse.

While on the face of it, Apple's "Expanded Protections for Children" plans are a good thing, it has also come in for heavy criticism. With the release of macOS Monterey, iOS 15 and iPad OS 15, the company is implementing CSAM (Child Sexual Abuse Material) detection which will check image hashes to see if they feature in databases of known abuse images. It has been likened to creating a backdoor to users' files and has horrified privacy experts.

Continue reading →

As the enterprise IT landscape has become more complex, security is no longer a matter of simply securing the network perimeter. The cloud and remote workers now have to be part of the equation too.

In order to cope with this, more and more businesses are turning to the use of zero trust methodology. We spoke to James Carder, CSO of SIEM platform LogRhythm to find out more about why this is a technology whose time has come and how it can be implemented effectively.

Continue reading →

Google bought Nest more than seven years ago now, and since that acquisition, there have been many cool smart home devices to come from the search giant. Under the Nest branding, there's not just smart thermostats and cameras, but other products too such as doorbells and speakers. Ultimately, the name "Nest" has become synonymous with the smart home.

Today, Google unveils some new Nest smart home devices, and they are all camera-related. There is a new doorbell (with integrated camera) plus three new dedicated security cameras. What's notable is that the new doorbell and one of the new cameras can be run from a battery, meaning they do not require a hardwire power connection. One of the cameras features nifty floodlights too.

Continue reading →

Read about any new cybersecurity product today and the chances are that it will be keen to stress its use of AI in some form.

But are we expecting too much from AI and are companies adopting it just because it's on trend? We spoke to Nadav Arbel, co-founder and CEO of managed SOC platform CYREBRO, to find out more about AI's role and why the human factor is still important.

Continue reading →

APIs make life easier for developers by allowing easy access to various program functions. However, this functionality also makes them an increasingly attractive target for attack.

Web application and API Protection platform ThreatX is launching new API catalog capabilities to provide enterprises with a clear view of their API's attack surface, as well as the operational health of any APIs in production.

Continue reading →

After a slump during the pandemic, vulnerability disclosures are once again showing growth according to the latest Vulnerability QuickView Report from Risk Based Security's VulnDB team.

The report shows 12,723 vulnerabilities disclosed during the first half of 2021 and the vulnerability disclosure landscape saw a growth of 2.8 percent compared to the same period in 2020.

Continue reading →