Articles about Security

A new study finds that only three percent of respondents recognize that a container, in and of itself, is not a security boundary, suggesting that the default security capabilities of containers are overestimated.

The survey, from cloud security company Aqua Security of 150 cloud native security practitioners and executives from IT, Security and DevOps teams, across sectors and geographies, also shows that only 24 percent of respondents have plans in place to deploy the necessary building blocks for runtime security.

Continue reading →

A new study from Atlas VPN shows that 51 percent of exploits sold on underground cybercriminal forums are for Microsoft products.

Microsoft Office exploits make up 23 percent while Windows accounts for 12 percent of exploits sold on hacker forums. Remote Desktop Protocol (RDP) exploits make up 10 percent, with Internet Explorer and Share Point taking three percent each.

Continue reading →

Security researchers from SentinelOne have uncovered an ancient vulnerability in the drivers used by printers from three big manufacturers.

The high-severity security vulnerability -- which is being tracked as CVE-2021-3438 -- affects drivers for HP, Samsung and Xerox printers and has evaded detected for 16 years. In all, around 400 printer models are at risk, leaving millions of printers exposed to the danger of the serious privilege escalation vulnerability.

Continue reading →

A vulnerability has been discovered in the Linux kernel that makes it possible to gain root access on a number of popular distributions, including Ubuntu, Debian and Fedora. The flaw has been named Sequoia, and it exists in the filesystem layer.

The security issue is thought to affect all versions of the Linux kernel released since 2014, meaning that a large number of distros are vulnerable. Specifically, the flaw is a size_t-to-int type conversion vulnerability that can be exploited to elevate privileges.

Continue reading →

There are lots of good reasons for moving industrial control systems to the cloud including better telemetry and analysis of device performance, management of logic and remote device configuration, improved diagnostics and troubleshooting, a centralized view of processes.

But as more operational technology and lCS make the move, they become increasingly vulnerable to threats. ICS security specialist Claroty has unveiled its new Team82 research arm along with a report on critical vulnerabilities found in cloud-based management platforms for ICS.

Continue reading →

DuckDuckGo is a pretty cool company that focuses heavily on privacy. Its claim to fame is its search engine that aims to compete with the likes of Google and Bing, but without tracking you. Believe it or not, its search results are pretty good comparatively, although Google still edges it out.

Over time, DuckDuckGo has launched its own web browser and browser extensions, constantly trying to keep humans safe from the eyes of "Big Tech." And now the company announces its latest creation -- @duck.com email accounts.

Continue reading →

New research from SASE company Netskope reveals the risk of critical data exfiltration linked to employees leaving their jobs.

The report finds that some departing employees present a disproportionately significant cloud security risk. In their last 30 days of employment, workers have been shown to be uploading three times more data than usual to personal cloud apps.

Continue reading →

According to a new study of over 1,000 enterprise IT professionals around the world, 40 percent of organizations confirm they have fallen victim to a phishing attack in the last month, with 74 percent experiencing one in the last year.

The research from automation platform Ivanti also shows that 80 percent of respondents say they have witnessed an increase in volume of phishing attempts, with 85 percent saying those attempts are getting more sophisticated.

Continue reading →

New research shows that 61 percent of employees intend to bring their personal devices into the office as they return to more conventional working patterns.

A study of 2,000 UK employees, conducted by Censuswide on behalf of asset visibility and security platform provider Armis, shows 61 percent of employees use their personal mobile phone and 44 percent use their own laptop for business purposes.

Continue reading →

Phishing remains one of the most popular attack vectors for cybercriminals. But traditional defenses relying on filtering or raising user awareness via training aren't always effective.

We spoke to Lior Kohavi, chief technology officer at enterprise SaaS security specialist Cyren to discover how a new approach is using genuine attacks to help both educate users and keep phishing emails out of our inboxes.

Continue reading →

The US, UK and other allied nations have accused the Chinese Ministry of State Security of engaging in a global hacking campaign. Included in this was an attack on Microsoft Exchange servers earlier in the year, and other activity that has been described as "irresponsible and destabilizing behavior in cyberspace".

China has been called on to "end this systematic cyber sabotage", and a statement issued by the White House said that "an unprecedented group of allies and partners are joining the United States in exposing and criticizing the PRC’s malicious cyber activities".

Continue reading →

Regular readers will recall that last year we reviewed the Firewalla, a little box that provides protection for your network.

We tested the Blue version that provides protection for networks up to 500Mbps in speed. Now the company is launching a new Purple version that works at gigabit speeds and has extra features too.

Continue reading →

Spyware produce by the Israeli surveillance firm NSO Group has been abused by governments to target dissenting journalists, activists, lawyers and more, an investigation by human rights groups and media organizations has found.

The Pegasus spyware was produced with the intention of targeting terrorists and other criminals, but an investigation into a huge data leak shows that it has also be misused by authoritarian governments to gather text message, photos, call logs and more from iPhones and Android handsets. The malware can also be used to acti8vate the microphone of a targeted device to eavesdrop on conversations. Targets includes not only journalists and activists, but also key business figures, members of government, presidents and prime ministers.

Continue reading →

After the PrintNightmare fiasco of recent weeks, Microsoft has shared information about another Windows Print Spooler security vulnerability.

The issue is being tracked as CVE-2021-34481, and is described as a "Windows Print Spooler Elevation of Privilege Vulnerability". For the time being, there is no patch available, but Microsoft has offered details of a workaround that mitigates against potential attack -- but it is far from being an ideal solution.

Continue reading →

Cybersecurity is one of the biggest challenges for small and medium-sized businesses and employees are often the weakest link when it comes to preventing data breaches.

In order to improve awareness of phishing scams -- and hopefully stop people falling for them -- ESET is launching an interactive phishing derby to allow people to test their scam-spotting skills and get the chance to win real prizes.

Continue reading →