Articles about Security

Increasingly applications and infrastructure are moving to the cloud and containers. But although this offers convenience and cost savings it introduces challenges when security incidents occur.

We spoke to James Campbell, CEO and co-founder of Cado Security to find out about the importance of digital forensics when dealing with cloud system breaches.

Continue reading →

The rapid shift of applications and infrastructure to the cloud creates gaps in security according to a new threat report from security platform Lacework.

This increases the opportunities for cybercriminals to steal data, take advantage of an organization's assets, and to gain illicit network access.

Continue reading →

As enterprises continue to migrate data to the cloud they need to ensure that sensitive information is properly protected.

Automated data integration specialist Fivetran is launching a platform that offers a set of key security-related features, allowing companies to create a more secure modern data stack that meets internal and regulatory requirements.

Continue reading →

A majority of companies are moving to a long-term hybrid workplace approach according to a new study from Entrust.

The survey of 1,500 business leaders and 1,500 general employees across 10 countries shows 80 percent of leaders and 75 percent of employees say their company is currently using a hybrid model, or is fully remote and considering a hybrid work approach.

Continue reading →

APIs allow the easy exchange of information between apps, microservices and containers. They've become an essential part of the way our digital infrastructure operates.

But the very ubiquity of APIs means developers are under pressure to produce them quickly and that can lead to 'technical debt' because corners are cut. We spoke to Tom Hudson, security research tech lead at app vulnerability scanner Detectify to find out more about why APIs are vulnerable in this way and how they can be secured.

Continue reading →

When Microsoft first released details of the system requirements for Windows 11, there was a mixture of confusion, annoyance and disbelief. The need for TPM 2.0 sent people running off to find out what on Earth this is, and many were disappointed to learn that a number of relatively recent CPUs were not supported.

Seemingly aware of the frustration the minimum requirements were causing, Microsoft has relented a little. Even though there will be no official upgrade path from Windows 10 to Windows 11, it will be possible to manually install Window 11 on hardware that is not technically supported. Microsoft, of course, is hardly shouting about how to do this, and points out that the system requirements exist to ensure the best possible experience. And while these warnings are to be expected from the company and will be ignored by many people, there is one very important factor to keep in mind if you are thinking about taking advantage of a loophole to install Windows 11.

Continue reading →

Coverage of fraud tends to focus on the online methods such as phishing, credential stuffing, opening fake accounts and so on.

But there's another side to the problem in the form of voice fraud via 'vishing' and the use of social engineering techniques, this is made simpler by the ease with which numbers can be spoofed so a call can appear to come from a legitimate number such as your bank.

Continue reading →

Many recent cyberattacks have focused on the software supply chain, with SolarWinds being perhaps the most high profile example.

Businesses can often have a blind spot when it comes to the supply chain and this can have catastrophic consequences. We spoke to Todd Carroll, CISO of CybelAngel to learn more about the problem and what companies can do to keep themselves safe.

Continue reading →

The rapid shift to cloud and remote working environments has raised security concerns for businesses and also meant hackers have increasingly turned their attention to cloud-native systems.

In response to this, digital forensics platform Cado Security is offering enterprises unlimited access to its Cado Response platform, including container and memory forensics, for 14-days, allowing them to carry out a free investigation.

Continue reading →

Despite a marked increase in concerns around malware attacks and third-party risk, only eight percent of organizations with web applications for file uploads have fully implemented the best practices for file upload security.

This is among the findings of the latest Web Application Security Report from critical infrastructure protection specialist OPSWAT.

Continue reading →

The latest analysis of phishing data from the Cyren Incident and Response team shows that 88 percent of evasive threats were detected using real-time techniques like machine learning.

Of the remainder six percent were found with proprietary threat intelligence or readily matched patterns from previous attacks, and the remaining six percent were suspicious messages that required human analysis to confirm the detection.

Continue reading →

Many organizations have been quick to adopt containerization and particularly Kubernetes. But while there are advantages in scale and flexibility, it also raises issues around cloud-native data protection practices.

So how can businesses adopt the technology but still protect their information? We spoke to Gaurav Rishi, VP product, at Kubernetes backup specialist Kasten by Veeam to find out.

Continue reading →

Almost all UK business leaders and IT decision makers either plan to or have already started implementing zero trust strategies at their organizations according to new research from Illumio.

The research also looks at the barriers that prevent organizations from adopting zero trust. The main technological barriers include legacy systems that can't be upgraded (29 percent) and cost constraints (22 percent).

Continue reading →

According to a new report 40 percent of all SaaS assets are un-managed, leading to a greater degree of internal, external, and public access to sensitive data.

The report from data access company DoControl categorizes data by insider and external threats. It finds that, in companies analyzed, an average of 400 encryption keys are shared internally to anyone with a link.

Continue reading →

A report out today shows that 85 percent of enterprises have increased their budget investment in security operations during the pandemic, while 72 percent have increased their staffing and 79 percent have increased their adoption of advanced security technologies.

The study from the CyberRes arm of Micro Focus also reveals that security operations centers (SOCs) have increased their adoption of the cloud, with 95 percent now deploying their solutions in hybrid-cloud environments.

Continue reading →