Articles about Security

At the root of most malicious hacks are vulnerabilities in the underlying software. This simple fact tells us that developers have a significant impact on security. When developers are supported by the right tools, they have the power to catch security issues early -- issues such as injection vulnerabilities or storing secrets in source files.

Taking such an approach allows organizations to fix vulnerabilities at the first point of entry as well as throughout the continuous integration/continuous delivery (CI/CD) workflow, which helps prevent damaging attacks from the very start.

Continue reading →

Cybercriminals exploited the new CVE-2021-40444 remote code execution zero-day a week before the patch was issued on September 14, according to the latest report from HP Wolf Security.

Researchers also saw scripts that automated the creation of the exploit on Github on the 10th, making it easier for less-sophisticated attackers to use the exploit against vulnerable organisations.

Continue reading →

It's Cybersecurity Awareness Month and also Serious Security Week. To mark these events, cybersecurity companies KnowBe4 and OneLogin are partnering with Security Serious in a bid to set a brand new Guinness World Record for the most views of a cyber security lesson video on YouTube in 24 hours.

The record attempt will take place starting today, October 14th at 11am EDT, (8am PDT, 4pm BST) and will see KnowBe4 and OneLogin provide a 45-minute training session that will be live-streamed via YouTube.

Continue reading →

Most things have a day or a week or a month nowadays, and as you're reading a tech news site it probably hasn't escaped your attention that October is Cybersecurity Awareness Month.

But just in case you missed it in all of the Windows 11 excitement, here's a round up of what some leading industry figures have to say on cybersecurity, and why we need to be aware of it.

Continue reading →

Researchers at Sophos have uncovered a cryptocurrency trading scam that targets iPhone users through popular dating apps, such as Bumble and Tinder.

Researchers have code-named the threat 'CryptoRom' and have discovered a Bitcoin wallet controlled by the attackers that contains nearly $1.4 million in cryptocurrency, allegedly collected from victims.

Continue reading →

As more customers use apps and online portals, businesses need to ensure that these day-to-day interactions that are both inviting and secure.

However, developers often lack the expertise to incorporate CIAM (Customer Identity and Access Management (CIAM) into their applications. WSO2 is addressing this challenge with today's introduction of its next-generation identity as a service (IDaaS) solution, Asgardeo.

Continue reading →

As we've grown more and more reliant on the internet to carry out everyday transactions, proving who we are has become a major issue.

We are still heavily dependent on IDs, passwords and supplementary security questions, but all of these are open to abuse leading to the risk of identity theft.

Continue reading →

A new study reveals that 97 percent of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain and 93 percent have suffered a direct cybersecurity breach.

The third-party cyber risk survey form BlueVoyant also shows the average number of breaches experienced in the last 12 months grew from 2.7 in 2020 to 3.7 in 2021 -- a 37 percent year-on-year increase.

Continue reading →

As the IT landscape has evolved, securing hybrid and cloud environments has become a more complex and challenging process.

To improve Extended Detection and Response (XDR) across endpoints, networks, cloud and workspaces, operation-centric cyber attack protection specialist Cybereason, and Google Cloud have today announced a collaboration.

Continue reading →

Remote working is leading to increased cyber risk for smaller enterprises according to new research from data center specialist ServerChoice.

New working patterns brought about by COVID mean that many technical staff at SMEs are now based remotely and 77 percent see remote working as an increased risk to their business.

Continue reading →

Containers have provided greater flexibility and enabled developers to think less about their infrastructure. However, securing them presents a challenge.

Traditional workload protection technologies designed for static workloads don't work well on minimized, ephemeral container workloads. There's also increased use of open source software that presents additional risks.

Continue reading →

As businesses rely more on the cloud and virtual infrastructure, so the potential for both configuration errors and cyberattacks increases.

The pandemic has only made the problem worse and in many cases led to a loosening of security policy. What do organizations need to do to address the issue and protect their systems? We spoke to Tal Morgenstern, Vulcan Cyber CPO and co-founder, to find out.

Continue reading →

While a great deal of news articles, white papers, and security solutions are focused on 0-days and vulnerabilities, the core vulnerability of all of our information technology is people. Our entire tech stack makes it easy for users to make mistakes because the fundamental problem is that there is no good way to authenticate anyone or anything online. In 1993, a comic in the New Yorker famously said, "On the Internet, nobody knows you’re a dog", and not much has changed in 28 years.

One of the key ways attackers get an initial foothold into organizations is by tricking users to compromise themselves, often using brand impersonation. A recent study stated that there were 88 instances where malicious mobile apps attempted to impersonate TikTok. The reason, people share TikTok videos, it’s immensely popular, and it has a trusted brand-name, so people feel safe.

Continue reading →

A new survey of over 700 small and medium businesses shows that 80 percent say they feel more secure now than they did last year in spite of increasing levels of cyberattacks.

The study from network security specialist Untangle shows security budgets increasing over 2020 levels too.

Continue reading →

As more data moves to the cloud, platforms like AWS are becoming an increasingly attractive target for ransomware operators.

A new study by cloud infrastructure company Ermetic finds that 70 percent of environments studied had machines that were publicly exposed to the internet and were linked to identities whose permissions could be exploited to allow the machines to perform ransomware.

Continue reading →