Articles about Security

A new report out today looks at the measures businesses are taking against bots and how successful they are -- and it doesn't offer good news.

The study from Kasada finds that 64 percent of organizations lost more than six percent or more of their revenue due to bot attacks, and 32 percent have lost 10 percent or more in the last year.

Continue reading →

A new study by Theta Lake of businesses in the financial services sector finds that 83 percent of respondents are turning off key productivity and usability features of collaboration platforms like Zoom, Microsoft Teams, and Webex.

This is due to their organizations' technical inability to adhere to relevant regulatory compliance and security requirements.

Continue reading →

Increased reliance on digital systems and remote workforces has drastically increased the attack surface threatening to compromise organizations.

Encrypting information is part of the solution but is still vulnerable if keys fall into the wrong hands. Now though Australian deep tech cybersecurity start-up Tide Foundation has come up with a decentralized solution that offers the promise of 'cyber herd immunity'.

Continue reading →

Taking proactive measures like updating and patching systems promptly and undertaking penetration testing improves the ability to withstand a targeted attack.

But when security teams are flooded with non-critical alerts 'vulnerability fatigue' can set in. We spoke to Amitai Ratzon, CEO of penetration testing specialist Pentera, to find out how enterprises can avoid this and improve their ransomware readiness.

Continue reading →

A news report shows that 71 percent of security leaders say their teams need access to threat intelligence, security operations data, incident response data, and vulnerability data.

Yet 65 percent of respondents find it very challenging to provide security teams with cohesive data access according to the study conducted by Forrester Consulting on behalf of Cyware.

Continue reading →

A new survey of more than 250 CISO reveals that more than half have been hit by ransomware in the past year, with 69 percent saying it is likely they'll be successfully attacked at least once in the next year.

Those who were successfully hit by ransomware are more inclined to pay up, with 65 percent actually doing so. However, full recovery of data occurred only 55 percent of the time. When asked about willingness to pay, 13 percent say they definitely would, but only 20 percent say they definitely wouldn’t.

Continue reading →

Stolen data on the dark web is spreading 11 times faster today than it was six years ago, according to the latest study from Bitglass.

Breach data received over 13,200 views in 2021 compared to 1,100 views in 2015 -- a 1,100 percent increase. In 2015, it took 12 days to reach 1,100 link views -- in 2021, it takes less than 24 hours to pass that milestone.

Continue reading →

Microsoft has issued a stark warning to system administrators, advising them of the importance of updating PowerShell 7 as soon as possible.

Versions prior to PowerShell 7.0.8 and PowerShell 7.1.5 are vulnerable to a .NET Core Information Disclosure flaw that is being tracked as CVE-2021-41355. There is a degree of urgency to upgrading to a non-vulnerable version of PowerShell, as the flaw could expose credentials in plain text in Linux.

Continue reading →

Security Information and Events Management (SIEM) has become the keystone of many organizations' security strategies in recent years.

But is it effective? And in the era of greater cloud and SaaS use, is the time right for the concept of SIEM to undergo a radical rethink? Andrew Maloney, COO and co-founder at security investigation specialist Query.AI thinks it is. We spoke to him to learn more.

Continue reading →

At the root of most malicious hacks are vulnerabilities in the underlying software. This simple fact tells us that developers have a significant impact on security. When developers are supported by the right tools, they have the power to catch security issues early -- issues such as injection vulnerabilities or storing secrets in source files.

Taking such an approach allows organizations to fix vulnerabilities at the first point of entry as well as throughout the continuous integration/continuous delivery (CI/CD) workflow, which helps prevent damaging attacks from the very start.

Continue reading →

Cybercriminals exploited the new CVE-2021-40444 remote code execution zero-day a week before the patch was issued on September 14, according to the latest report from HP Wolf Security.

Researchers also saw scripts that automated the creation of the exploit on Github on the 10th, making it easier for less-sophisticated attackers to use the exploit against vulnerable organisations.

Continue reading →

It's Cybersecurity Awareness Month and also Serious Security Week. To mark these events, cybersecurity companies KnowBe4 and OneLogin are partnering with Security Serious in a bid to set a brand new Guinness World Record for the most views of a cyber security lesson video on YouTube in 24 hours.

The record attempt will take place starting today, October 14th at 11am EDT, (8am PDT, 4pm BST) and will see KnowBe4 and OneLogin provide a 45-minute training session that will be live-streamed via YouTube.

Continue reading →

Most things have a day or a week or a month nowadays, and as you're reading a tech news site it probably hasn't escaped your attention that October is Cybersecurity Awareness Month.

But just in case you missed it in all of the Windows 11 excitement, here's a round up of what some leading industry figures have to say on cybersecurity, and why we need to be aware of it.

Continue reading →

Researchers at Sophos have uncovered a cryptocurrency trading scam that targets iPhone users through popular dating apps, such as Bumble and Tinder.

Researchers have code-named the threat 'CryptoRom' and have discovered a Bitcoin wallet controlled by the attackers that contains nearly $1.4 million in cryptocurrency, allegedly collected from victims.

Continue reading →

As more customers use apps and online portals, businesses need to ensure that these day-to-day interactions that are both inviting and secure.

However, developers often lack the expertise to incorporate CIAM (Customer Identity and Access Management (CIAM) into their applications. WSO2 is addressing this challenge with today's introduction of its next-generation identity as a service (IDaaS) solution, Asgardeo.

Continue reading →