Articles about Security

Over the past 12 months, the COVID-19 pandemic has created the perfect environment for cybercrime to flourish, according to Verizon's 2021 Data Breach Investigations Report.

The report analyzed 29,207 quality incidents, of which 5,258 were confirmed breaches. With large numbers of people working remotely, phishing attacks increased by 11 percent, while attacks using ransomware rose by six percent.

Continue reading →

Anyone running Windows 10 version 2004 or 20H2 has a new cumulative update to install in the form of KB5003173. The update takes Windows build numbers up to 19041.985 and 19042.985.

Cumulative updatse like this are rarely über-exciting, and KB5003173 is no different. Although Microsoft has not introduced any major changes with the update, the release remains an important security update, and it's a good idea to get it installed.

Continue reading →

A new report from cloud-native network detection and response company ExtraHop shows that on the fourth anniversary of the WannaCry attack a high percentage of IT environments are still running known vulnerabilities.

It shows the continuing use of ill-advised and insecure protocols, including Server Message Block version one (SMBv1), which was exploited by the WannaCry ransomware variant to encrypt nearly a quarter of a million machines worldwide, and is still found in 67 percent of environments.

Continue reading →

A large majority of companies that move to multi-cloud environments are not properly configuring their cloud-based services according to a new report from Aqua Security.

Over 12 months, Aqua's research team analysed anonymised cloud infrastructure data from hundreds of organizations. These were divided into SMBs and enterprises based on the volume of cloud resources they scanned.

Continue reading →

HP is launching a newly integrated portfolio of secure by design PCs and printers, hardware-enforced endpoint security software, and endpoint security services to protect its customers from growing cyber threats.

The HP Wolf Security portfolio builds on the company's security research to offer a unified portfolio focused on delivering comprehensive endpoint protection and cyber-resiliency.

Continue reading →

Despite the fact that third party code in IoT projects has grown 17 percent in the past five years, only 56 percent of OEMs have formal policies for testing security.

A report from security testing and software research company GrammaTech, based on findings from a VDC Research survey, reveals that this is despite 73.6 percent of respondents saying security is important, very important or critical.

Continue reading →

Traditional techniques such as security awareness training and phishing simulations have a limited impact on improving employees' real-world cybersecurity practices according to a new report.

The study, prepared by the Cyentia Institute, uses aggregated data from 114,000 Elevate Security Platform users for the last three years, examining malware, phishing, email security and other real world attack data.

Continue reading →

Google is taking steps to make people's accounts more secure by announcing two initiatives to mark World Password Day.

Firstly it's automatically enrolling all Google account users in two-factor authentication. This will begin with accounts that are appropriately configured for this transition. You can see whether your account is ready in Security Checkup.

Continue reading →

Today is World Password Day, in case you hadn't already noticed, a day to promote better password management and safer password choices.

With billions of sets of stolen credentials circulating on the dark web, naturally there is plenty of advice and opinions on offer from the industry, so here's a look at some of what experts are saying about passwords, the vulnerabilities they represent and how they might be replaced.

Continue reading →

There will doubtless be a lot of comment surrounding today's World Password Day (watch this space) but to kick off we'll start with a new survey which shows that people aren’t keen on passwords at all.

The study from identity verification and authentication company Onfido reveals a variety of unpleasant activities that people would rather engage in than create a unique password.

Continue reading →

If you’ve found your system running unexpectedly short of storage space over the past couple of days, then Windows Defender could be to blame.

Some users report that the bug has led to hundreds of thousands and even millions of files being generated by the security software, taking up gigabytes of storage space.

Continue reading →

While 49 percent of security teams and 44 percent of networking teams report to the same boss, 37 percent of IT professionals state that these teams don't really work together much.

A new report from security cloud company Netskope shows that 50 percent of global CIOs -- and 51 percent of respondents generally -- say a lack of collaboration between specialist teams stops their organization from realizing the benefits of digital transformation.

Continue reading →

Dell has patched a recently discovered series of security flaws in a driver installed on hundreds of millions of computers. Tracked as CVE-2021-21551, no fewer than five high severity vulnerabilities were found to exist in Dell's dbutil_2_3.sys firmware update driver since 2009.

The flawed DBUtil driver is installed on consumer and enterprise desktops, laptops and tablets around the world. If exploited, the vulnerabilities could be used to "escalate privileges from a non-administrator user to kernel mode privileges". The problem only affected Windows systems, not those running Linux.

Continue reading →

As the speed and complexity of software development increases, security and development teams have seen the need to integrate and automate security testing within their development workflows.

But doing this can slow development pipelines and overwhelm teams with large volumes of testing results, many of which don't require immediate attention. To address this Synopsys is unveiling its new Intelligent Orchestration solution at the RSA Conference later this month.

Continue reading →

The digital transformation efforts spurred by COVID 19 have created major problems for enterprises in navigating privacy and security and put identity security high on the priorities list for this shift to a new, flexible work model

Identity management platform SecureAuth has announced updates to its platform to allow businesses to address these challenges.

Continue reading →