Articles about Security

Although people are sometimes seen as a weak link in information security, a new report from F-Secure shows that a third of emails that employees report as suspicious are actually phishing.

The finding comes from an analysis of emails reported by employees from organizations around the world, using F-Secure's mail reporting plugin for Office 365, during the first half of 2021.

Continue reading →

Many enterprises have adopted DevOps practices in order to streamline their development. But security is all too often treated as an afterthought.

There is of course a way around this which is to integrate security into the DevOps pipeline, in other words move to DevSecOps.

Continue reading →

Infecting office files has been a popular malware technique for some time but is still popular among cybercriminals as it allows them to evade many detection solutions. New research from AtlasVPN reveals that 43 percent of all malware downloads in the second quarter of this year were malicious office documents.

This is an increase from the same period in 2020 when only 14 percent of malware came in office files. In the third quarter of last year the volume jumped to 38 percent before declining to 34 percent in Q4 2020 and Q1 2021.

Continue reading →

Security researchers from the Singapore University of Technology and Design have disclosed a new family of security vulnerabilities in commercial Bluetooth stacks used in billions of devices. Collectively known as BrakTooth, the vulnerabilities pose a range of risks including remote code execution and DoS via crashes and deadlocks.

The Bluetooth stacks found to be vulnerable are used in System-on-Chip (SoC) boards from various big-name manufacturers including Qualcomm, Texas Instruments and Silicon Labs; numerous Microsoft products are also affected, including Surface Pro 7, Surface Laptop 3, Surface Book 3 and Surface Go 2.

Continue reading →

Researchers at CyberNews have uncovered security flaws within the default firmware and the web interface app of the TP-Link AC1200 Archer C50 (v6) router.

The router -- an 'Amazon's Choice' product -- is shipped with outdated firmware that is vulnerable to dozens of known security flaws and could put users at risk of man-in-the-middle and Denial of Service attacks.

Continue reading →

Even in the age of the cloud, USB drives are still commonly used to exchange information between office and home computers, but they're used by hackers as a way to infiltrate systems too.

Researchers at the UK's Liverpool Hope University have developed a new scanning device that can counter the threat posed by USB devices.

Continue reading →

Researchers at SophosLabs have uncovered malware being distributed by a network of websites acting as a 'dropper as a service', serving up a variety of other nasty packages.

These droppers for hire are delivering bundles of malicious and unwanted content to targets looking for cracked versions of popular business and consumer applications.

Continue reading →

A new survey of over 1,200 IT and IT security practitioners shows that 53 percent of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent for attacks.

Released in conjunction with the start of National Insider Threat Awareness Month, the report, conducted by the Ponemon Institute with sponsorship from DTEX Systems finds almost half of companies find it impossible or very difficult to prevent an insider attack at the earliest stages.

Continue reading →

Industrial businesses were the second most targeted sector in 2020 and new research from Positive Technologies shows that an external attacker could penetrate the corporate network at 91 percent of them.

In addition, Positive Technologies penetration testers gained access to the industrial control system (ICS) networks at 75 percent of these companies. Once criminals have obtained access to ICS components, they can shutdown entire production lines, cause equipment to fail, or incidents that could cause serious harm.

Continue reading →

Increasingly applications and infrastructure are moving to the cloud and containers. But although this offers convenience and cost savings it introduces challenges when security incidents occur.

We spoke to James Campbell, CEO and co-founder of Cado Security to find out about the importance of digital forensics when dealing with cloud system breaches.

Continue reading →

The rapid shift of applications and infrastructure to the cloud creates gaps in security according to a new threat report from security platform Lacework.

This increases the opportunities for cybercriminals to steal data, take advantage of an organization's assets, and to gain illicit network access.

Continue reading →

As enterprises continue to migrate data to the cloud they need to ensure that sensitive information is properly protected.

Automated data integration specialist Fivetran is launching a platform that offers a set of key security-related features, allowing companies to create a more secure modern data stack that meets internal and regulatory requirements.

Continue reading →

A majority of companies are moving to a long-term hybrid workplace approach according to a new study from Entrust.

The survey of 1,500 business leaders and 1,500 general employees across 10 countries shows 80 percent of leaders and 75 percent of employees say their company is currently using a hybrid model, or is fully remote and considering a hybrid work approach.

Continue reading →

APIs allow the easy exchange of information between apps, microservices and containers. They've become an essential part of the way our digital infrastructure operates.

But the very ubiquity of APIs means developers are under pressure to produce them quickly and that can lead to 'technical debt' because corners are cut. We spoke to Tom Hudson, security research tech lead at app vulnerability scanner Detectify to find out more about why APIs are vulnerable in this way and how they can be secured.

Continue reading →

When Microsoft first released details of the system requirements for Windows 11, there was a mixture of confusion, annoyance and disbelief. The need for TPM 2.0 sent people running off to find out what on Earth this is, and many were disappointed to learn that a number of relatively recent CPUs were not supported.

Seemingly aware of the frustration the minimum requirements were causing, Microsoft has relented a little. Even though there will be no official upgrade path from Windows 10 to Windows 11, it will be possible to manually install Window 11 on hardware that is not technically supported. Microsoft, of course, is hardly shouting about how to do this, and points out that the system requirements exist to ensure the best possible experience. And while these warnings are to be expected from the company and will be ignored by many people, there is one very important factor to keep in mind if you are thinking about taking advantage of a loophole to install Windows 11.

Continue reading →