Articles about Security

One in three employees has developed bad security habits while working remotely according to a new survey.

The study from human layer security company Tessian finds younger employees are most likely to admit they cut cybersecurity corners, 51 percent of 16-24 year-olds and 46 percent of 25-34 year-olds report that they’ve used security workarounds.

Continue reading →

Attacks against VPNs have seen an increase of more than 1,500 percent in the first quarter of this year according to a new report.

The latest Threat Landscape Report from managed security services company Nuspire shows a 1,916 percent increase in attacks against Fortinet's SSL-VPN and a 1,527 percent increase in Pulse Connect Secure VPN.

Continue reading →

Over the years Google has made sweeping changes to Chrome, introducing all manner of features and options. The constant stream of Beta, Dev and Canary builds of the browser are proof of the constant development that is going on, and some of the work has been rather controversial.

One move that was widely opposed was the decision to stop showing full URL of a web page in the address bar (or Omnibar if you want to use Google's nomenclature). Introduced almost a year ago, Google said the experiment was an attempt to help people spot spoofed URLs, but it caused widespread annoyance and confusion. Now the company has seen sense and is opting to show full addresses once again.

Continue reading →

Traditional cybersecurity isn't necessarily bad at detecting attacks, the trouble is it often does so after they have occurred.

A better approach is to spot potential attacks and block them before they can do any damage. One possible way of doing this is via 'deep learning' allowing technology to identify the difference between good and bad.

Continue reading →

Cyberattacks are happening more frequently and with greater sophistication. As a result, rapid threat detection and response is critical to finding threat actors and minimizing their impact on the enterprise. This task is easier said than done. Information security teams are understaffed and the digital infrastructures they must protect continue to increase in complexity. Time is also of the essence.

Every passing second dangerously prolongs a threat actor’s presence within the network, creating additional backdoors, pilfering critical data and assets, and increasing their chances of absconding with the crown jewels. In those especially urgent moments, when the security team is literally all hands-on deck, there isn’t time to run queries through a number of different tools and wait for results to come back. Security teams need real-time insights they can act upon quickly.

Continue reading →

We’re much more used to security flaws now after years of being conditioned to hearing about them from various sources. Some software makers handle vulnerabilities better than others of course, but remember, software is inherently complicated and it’s being written by flawed humans so mistakes are inevitable. 

Today Sergei Glazunov of Google Project Zero reports on a new flaw in Google Chrome, the sixth zero-day affecting the browser this year. Very little information has been released on the vulnerability, but from what we can learn it seems to be in the Javascript engine that powers Chrome. 

Continue reading →

A new report from hardware authentication company Yubico finds 42 percent of UK employees say they feel more vulnerable to cyber threats while working from home, with 39 percent feeling unsupported by IT.

The study of over 3,000 people in the UK, France and Germany also reveals that 54 percent of all employees use the same passwords across multiple work accounts. In addition 22 percent of respondents still keep track of passwords by writing them down, including 41 percent of business owners and 32 percent of C-level executives.

Continue reading →

The latest quarterly threat report from Abnormal Security shows that increasingly sophisticated and novel socially engineered email attacks that bypass legacy defenses are driving 50 percent higher engagement than traditional email attacks such as credential phishing.

The report also shows that between the first week of July 2020 and the first week of April 2021, the percentage of companies across industries getting hit with vendor email compromise (VEC) attacks increased nearly 120 percent.

Continue reading →

As recent attacks have shown, industrial networks need protection. But it needs to work in a way that doesn't add burdens of infrastructure, complexity and steep learning curves.

Claroty is addressing this with the release of Claroty Edge, a new addition to The Claroty Platform that delivers visibility into industrial networks without requiring network changes, using sensors, or having any physical footprint.

Continue reading →

A new report from identity specialist ForgeRock reveals a massive 450 percent surge in breaches containing usernames and passwords globally.

The report also finds that unauthorized access was the leading cause of breaches for the third consecutive year, increasing year-on-year for the past two years, and accounting for 43 percent of all breaches in 2020.

Continue reading →

In recent months there have been many high profile attacks using ransomware and other techniques, against businesses.

But why has there been an apparent upsurge in attacks and what should enterprises be doing to keep them selves safe? We talked to Lynx Software Technologies' vice president of product management, Pavan Singh to find out.

Continue reading →

Insider threats are a growing problem. In its 2021 predictions, Forrester believes that insider incidents will be the cause of 33 percent of data breaches in 2021, up from 25 percent in 2020.

But what does this mean in practical terms for businesses and how can they protect themselves? We spoke to Anurag Kahol, CTO of cloud security specialist Bitglass, to find out.

Continue reading →

With companies relying more on technology, such as web applications, third-party solutions, and cloud computing than ever before, corporate cybersecurity has had to become the backbone of modern businesses. In the presence of remote work environments where IoT security has never been more vulnerable, companies need to effectively and quickly adapt to the rapidly evolving methods and techniques that hackers are beginning to employ.

Business vulnerabilities like a weak human firewall could lead to an increased susceptibility to a variety of cybersecurity attacks, such as ransomware and DDOS attacks. But despite all of these challenges, comprehensive and reliable cybersecurity solutions are very much achievable when approached correctly. In order to protect yourself against contemporary security threats, however, one must first understand the threats and risks they are trying to prevent and mitigate.

Continue reading →

A new study released today from Dynatrace finds that CISOs are increasingly concerned that rising adoption of cloud-native architectures and DevSecOps practices may have broken traditional approaches to application security.

The research finds that 89 percent of CISOs believe microservices, containers, and Kubernetes have created application security blind spots. While 71 percent admit they are not fully confident code is free of vulnerabilities before going live in production.

Continue reading →

A new report from cybersecurity specialist Positive Technologies reveals a reveals a 91 percent jump in attacks on industrial companies and a 54 percent rise in malware-related attacks last year compared to 2019.

The total number of incidents grew by 51 percent compared to 2019. Seven out of 10 attacks were targeted and the most popular targets were government institutions (19 percent), industrial companies (12 percent) and medical institutions (nine percent).

Continue reading →