Articles about Security

Of the technologies that saw a spike due to the pandemic, cloud-based services are experiencing a bump in enterprise sales. The enterprise previously had been trailing scrappy upstarts in terms of digital transformation, largely because of the complications associated with moving tens of thousands of endpoints into a new environment. With entire workforces shifting to work-from-home environments, though, movement to the cloud has become all but inevitable.

According to IDC, digital transformation in the enterprise has accelerated since the start of the pandemic as enterprises seek greater flexibility and cost efficiency. Yet, enterprise security teams are posing a slew of new questions to cloud vendors about the security of their offerings. Best case scenario, this adds time to an already lengthy buying cycle. Worst case, security practices and protocols can kill a contract.

Continue reading →

Network and security management is increasingly complex thanks to remote access and greater numbers of concurrent users.

With their new Secure Access Service Edge (SASE) offering, AT&T along with Palo Alto Networks delivers an integrated solution bringing together software-defined wide area networking (SD-WAN) technology, security capabilities and fiber-based network connectivity.

Continue reading →

As recent high-profile attacks have shown, bad actors are increasingly going after software supply chains to exploit vulnerabilities in commercial and open source code.

Developer tool specialist Sonatype is launching a new deep code analysis platform called Lift that installs easily on any source repository and provides developer-friendly feedback on a wide range of bug types.

Continue reading →

The shift to remote working has led to an increase in the number of identities employed and an increased focus on identity security, but a decrease in confidence in the ability to secure employee identities.

A new study from The Identity Defined Security Alliance (IDSA) finds that four out of five participants believe that identity management used to just be about access, but it’s now mostly about security.

Continue reading →

One in three employees has developed bad security habits while working remotely according to a new survey.

The study from human layer security company Tessian finds younger employees are most likely to admit they cut cybersecurity corners, 51 percent of 16-24 year-olds and 46 percent of 25-34 year-olds report that they’ve used security workarounds.

Continue reading →

Attacks against VPNs have seen an increase of more than 1,500 percent in the first quarter of this year according to a new report.

The latest Threat Landscape Report from managed security services company Nuspire shows a 1,916 percent increase in attacks against Fortinet's SSL-VPN and a 1,527 percent increase in Pulse Connect Secure VPN.

Continue reading →

Over the years Google has made sweeping changes to Chrome, introducing all manner of features and options. The constant stream of Beta, Dev and Canary builds of the browser are proof of the constant development that is going on, and some of the work has been rather controversial.

One move that was widely opposed was the decision to stop showing full URL of a web page in the address bar (or Omnibar if you want to use Google's nomenclature). Introduced almost a year ago, Google said the experiment was an attempt to help people spot spoofed URLs, but it caused widespread annoyance and confusion. Now the company has seen sense and is opting to show full addresses once again.

Continue reading →

Traditional cybersecurity isn't necessarily bad at detecting attacks, the trouble is it often does so after they have occurred.

A better approach is to spot potential attacks and block them before they can do any damage. One possible way of doing this is via 'deep learning' allowing technology to identify the difference between good and bad.

Continue reading →

Cyberattacks are happening more frequently and with greater sophistication. As a result, rapid threat detection and response is critical to finding threat actors and minimizing their impact on the enterprise. This task is easier said than done. Information security teams are understaffed and the digital infrastructures they must protect continue to increase in complexity. Time is also of the essence.

Every passing second dangerously prolongs a threat actor’s presence within the network, creating additional backdoors, pilfering critical data and assets, and increasing their chances of absconding with the crown jewels. In those especially urgent moments, when the security team is literally all hands-on deck, there isn’t time to run queries through a number of different tools and wait for results to come back. Security teams need real-time insights they can act upon quickly.

Continue reading →

We’re much more used to security flaws now after years of being conditioned to hearing about them from various sources. Some software makers handle vulnerabilities better than others of course, but remember, software is inherently complicated and it’s being written by flawed humans so mistakes are inevitable. 

Today Sergei Glazunov of Google Project Zero reports on a new flaw in Google Chrome, the sixth zero-day affecting the browser this year. Very little information has been released on the vulnerability, but from what we can learn it seems to be in the Javascript engine that powers Chrome. 

Continue reading →

A new report from hardware authentication company Yubico finds 42 percent of UK employees say they feel more vulnerable to cyber threats while working from home, with 39 percent feeling unsupported by IT.

The study of over 3,000 people in the UK, France and Germany also reveals that 54 percent of all employees use the same passwords across multiple work accounts. In addition 22 percent of respondents still keep track of passwords by writing them down, including 41 percent of business owners and 32 percent of C-level executives.

Continue reading →

The latest quarterly threat report from Abnormal Security shows that increasingly sophisticated and novel socially engineered email attacks that bypass legacy defenses are driving 50 percent higher engagement than traditional email attacks such as credential phishing.

The report also shows that between the first week of July 2020 and the first week of April 2021, the percentage of companies across industries getting hit with vendor email compromise (VEC) attacks increased nearly 120 percent.

Continue reading →

As recent attacks have shown, industrial networks need protection. But it needs to work in a way that doesn't add burdens of infrastructure, complexity and steep learning curves.

Claroty is addressing this with the release of Claroty Edge, a new addition to The Claroty Platform that delivers visibility into industrial networks without requiring network changes, using sensors, or having any physical footprint.

Continue reading →

A new report from identity specialist ForgeRock reveals a massive 450 percent surge in breaches containing usernames and passwords globally.

The report also finds that unauthorized access was the leading cause of breaches for the third consecutive year, increasing year-on-year for the past two years, and accounting for 43 percent of all breaches in 2020.

Continue reading →

In recent months there have been many high profile attacks using ransomware and other techniques, against businesses.

But why has there been an apparent upsurge in attacks and what should enterprises be doing to keep them selves safe? We talked to Lynx Software Technologies' vice president of product management, Pavan Singh to find out.

Continue reading →