Articles about Security

The latest threat report from Nuspire shows that the second quarter of 2021 saw a massive 55,239 percent increase in ransomware activity during the second and third weeks.

This took place just prior to the Colonial Pipeline ransomware attack conducted by the DarkSide ransomware group. The reason for the increase is not known, however, and it may not be related to the attack.

Continue reading →

More than two million web servers worldwide are still running on outdated and vulnerable versions of Microsoft Internet Information Services (IIS) software according to research from CyberNews.

With 12.4 percent of the market worldwide IIS is the third-most-popular suite of web server software, used to power at least 51.6 million websites and web applications.

Continue reading →

A new report from HP Wolf Security reveals that 76 percent of IT teams admit security has taken a backseat to business continuity during the pandemic, while 91 percent feel pressure to compromise security for business continuity.

It also shows that almost half (48 percent) of younger office workers (18-24 years old) surveyed view security tools as a hindrance, leading to nearly a third (31 percent) trying to bypass corporate security policies to get their work done.

Continue reading →

The Biden administration might have called on high profile figures to improve cybersecurity, but the reality is it's down to all businesses to tighten up their IT security measures.

The recent White House Cyber Summit with high profile leaders of some of the world’s biggest tech, energy, and financial services companies was a sign that the Biden administration is doubling down on its effort to prevent cyber attacks.

Continue reading →

Ransomware has hit the headlines in recent months with attacks on infrastructure and supply chains closing down operations. But ransomware has the potential to be even more devastating if it’s spread via Active Directory, as demonstrated by the SolarWinds attack.

We talked to Derek Melber, chief technology and security strategist of Tenable to find out more about AD attacks and how to combat them.

Continue reading →

We’re a year and a half into the COVID-19 pandemic, and burnout is hitting employees hard. Recently, Okta CEO Todd McKinnon used an all-hands meeting with employees to underline the importance of taking vacation. In April, LinkedIn announced it was giving the entire company a full week off to unplug, recharge and help curb burnout. 

For security teams, burnout isn’t a new phenomenon. Given the need to always be on and ready, cybersecurity professionals already face high levels of stress, and the pandemic has added to increasing and alarming burnout rates. On the heels of the Exchange, Kaseya, and SolarWinds attacks, it’s no surprise that cybersecurity teams are overworked and exceptionally stressed -- we’re under a lot of pressure.

Continue reading →

Although people are sometimes seen as a weak link in information security, a new report from F-Secure shows that a third of emails that employees report as suspicious are actually phishing.

The finding comes from an analysis of emails reported by employees from organizations around the world, using F-Secure's mail reporting plugin for Office 365, during the first half of 2021.

Continue reading →

Many enterprises have adopted DevOps practices in order to streamline their development. But security is all too often treated as an afterthought.

There is of course a way around this which is to integrate security into the DevOps pipeline, in other words move to DevSecOps.

Continue reading →

Infecting office files has been a popular malware technique for some time but is still popular among cybercriminals as it allows them to evade many detection solutions. New research from AtlasVPN reveals that 43 percent of all malware downloads in the second quarter of this year were malicious office documents.

This is an increase from the same period in 2020 when only 14 percent of malware came in office files. In the third quarter of last year the volume jumped to 38 percent before declining to 34 percent in Q4 2020 and Q1 2021.

Continue reading →

Security researchers from the Singapore University of Technology and Design have disclosed a new family of security vulnerabilities in commercial Bluetooth stacks used in billions of devices. Collectively known as BrakTooth, the vulnerabilities pose a range of risks including remote code execution and DoS via crashes and deadlocks.

The Bluetooth stacks found to be vulnerable are used in System-on-Chip (SoC) boards from various big-name manufacturers including Qualcomm, Texas Instruments and Silicon Labs; numerous Microsoft products are also affected, including Surface Pro 7, Surface Laptop 3, Surface Book 3 and Surface Go 2.

Continue reading →

Researchers at CyberNews have uncovered security flaws within the default firmware and the web interface app of the TP-Link AC1200 Archer C50 (v6) router.

The router -- an 'Amazon's Choice' product -- is shipped with outdated firmware that is vulnerable to dozens of known security flaws and could put users at risk of man-in-the-middle and Denial of Service attacks.

Continue reading →

Even in the age of the cloud, USB drives are still commonly used to exchange information between office and home computers, but they're used by hackers as a way to infiltrate systems too.

Researchers at the UK's Liverpool Hope University have developed a new scanning device that can counter the threat posed by USB devices.

Continue reading →

Researchers at SophosLabs have uncovered malware being distributed by a network of websites acting as a 'dropper as a service', serving up a variety of other nasty packages.

These droppers for hire are delivering bundles of malicious and unwanted content to targets looking for cracked versions of popular business and consumer applications.

Continue reading →

A new survey of over 1,200 IT and IT security practitioners shows that 53 percent of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent for attacks.

Released in conjunction with the start of National Insider Threat Awareness Month, the report, conducted by the Ponemon Institute with sponsorship from DTEX Systems finds almost half of companies find it impossible or very difficult to prevent an insider attack at the earliest stages.

Continue reading →

Industrial businesses were the second most targeted sector in 2020 and new research from Positive Technologies shows that an external attacker could penetrate the corporate network at 91 percent of them.

In addition, Positive Technologies penetration testers gained access to the industrial control system (ICS) networks at 75 percent of these companies. Once criminals have obtained access to ICS components, they can shutdown entire production lines, cause equipment to fail, or incidents that could cause serious harm.

Continue reading →