Data breaches from insiders can cost as much as 20 percent of annual revenue according to a new study from insider risk management company Code42.
Combine this with a recent Microsoft report showing that 40 percent of people are planning to switch jobs as we emerge from the pandemic, and clearly there's a risk as the very technologies that enable the free flow of data in an organization are also the ones that make it easy for insiders to exfiltrate data.
Security teams need to be able to understand their company’s software assets and properly test them. This means the team needs to be familiar with the threats to its technology and choose the services and solutions that work best for its unique circumstances.
Application Security Posture Management (ASPM) solution, Enso Security is launching its new industry initiative, the AppSec Map. This is designed as an industry collaboration initiative by former security leaders at Wix.com, and offers a live map of vendors and community projects related to application security.
A need for security means that many people rely on password managers to store their ever-growing collection of login credentials. And when the time comes to create a new user account, many such tools offer a password generator to help with the creation of something ultra-secure.
Or at least that's the idea. Security consultancy Donjon found that between March 2019 and October 2020 Kaspersky Password Manager was generating passwords that could be cracked in seconds. The tool was using a pseudo-random number generator (PRNG) that was singularly unsuitable for cryptographic purposes.
Everyone knows that businesses systems are a target for a range of attackers. But it's easy to become complacent about security and finding vulnerabilities can be difficult.
Testing your security is therefore vital, and can uncover things that you might not otherwise be aware of.
Microsoft has released a series of out of-band security patches for the PrintNightmare bug that was recently exposed. The remote code execution vulnerability exits in the Windows Print Spooler; it affects all versions of Windows, and the company is even offering patches for the unsupported Windows 7.
Previously, Microsoft had only been able to suggest workarounds to mitigate against the security problems, so it was left to 0patch to help out with a free bug-fix. But now patches are available for this serious security issue (CVE-2021-34527) that leaves systems at risk of attack.
Microsoft has issued a warning to users of PowerShell 7.0 and 7.1 to update their software to protect against a .NET Core remote code execution vulnerability.
Tracked as CVE-2021-26701, the vulnerability is described as critical and could affect Windows, macOS and Linux. The security issue has been known about for a little while, but Microsoft is only now urging users to install updates to ensure that they are protected.
Micropatching specialist 0patch has stepped into help out with a fix for the PrintNightmare vulnerability that was recently accidentally leaked by security researchers.
While Microsoft has acknowledged that there is a security flaw in Windows Print Spooler that could lead to remotely compromised systems, the company has only offered workarounds rather than a patch. And so 0patch -- no stranger to helping out in such situations -- has stepped up to the plate and issued free micropatches of its own.
When security researchers inadvertently published technical details of a remote execution vulnerability in Windows Print Spooler thinking (wrongly) that it had been patched, there was concern about the implications.
And rightly so. Microsoft has confirmed people's worst fears, saying that the PrintNightmare security flaw is already being exploited. There is a little good news, however. The company also suggests some workarounds that can be used to protect systems until a patch is produced.
Ransomware is behind many of the latest cyber attacks and it can be hard for defenders to track the ever-growing number of variants and the botnets behind them.
Threat intelligence company DomainTools has been taking a look at the booming underground economy surrounding ransomware with a focus on the most prolific ransomware families.
Security researchers have inadvertently leaked details of a critical Windows print spooler vulnerability, dubbed PrintNightmare, along with a proof-of-concept. The flaw -- said be a Stuxnet-style zero-day -- can be exploited to completely compromise a Windows system.
Microsoft issued a patch for CVE-2021-1675, described as a "Windows Print Spooler Elevation of Privilege Vulnerability" last Patch Tuesday, and this is when things went wrong. Having seen that this patch had been published, security researchers then released technical details of what they thought was the same vulnerability, along with a proof-of-concept. But they had in fact released information about a different -- albeit similar -- vulnerability.
A new report from cloud email and collaboration specialist Avanan shows healthcare and manufacturing as two of the top industries being targeted by hackers in the first half of the year.
The most attacked industries are IT, healthcare, and manufacturing. IT saw over 9,000 phishing emails in a one month span, out of an average of 376,914 total emails. Healthcare saw over 6,000 phishing emails out of an average of 451,792 total emails and manufacturing saw just under 6,000 phishing emails out of an average of 331,184 total emails.
Consumers aren't paying attention to major cybersecurity attacks threatening operational technology and critical infrastructure, indicating that businesses must focus on security as employees return to the office.
A survey of over 2,000 people from across the US by asset visibility and security platform Armis reveals that over 21 percent of respondents haven't even heard about the cyberattack on the largest US fuel pipeline, and almost half (45 percent) of working Americans didn't hear about the attempt to tamper with Florida’s water supply.
One of the problems with open source vulnerability databases is that each uses its own format to describe vulnerabilities and this makes tracking and sharing of vulnerabilities between databases difficult.
To address this and boost security, the Google Open Source Security team, Go team, and the broader open-source community have been developing a simple vulnerability interchange schema for describing vulnerabilities.
Security researchers from Eclypsium have discovered a total of four vulnerabilities in Dell's SupportAssist software. As the software is pre-installed on the majority of Dell machines running Windows, millions of systems are at risk of remote attack.
Eclypsium says that a total of 129 Dell models are affected by the security issues. The chain of vulnerabilities that leaves systems open to attack has a cumulative CVSS score of 8.3 (High) and there is a warning that they "pose significant risks to the integrity of Dell devices".
In the last 18 months 98 percent of companies in a new survey have experienced at least one cloud data breach -- up from 79 percent last year.
The research, conducted by IDC for cloud infrastructure company Ermetic, reveals that of the 200 CISOs and security decision makers surveyed 67 percent report three or more breaches, and 63 percent say they had sensitive data exposed.