Articles about Security

There are many things to consider when it comes to making systems secure, but one thing that is often overlooked is the human angle.

George Finney, CISO, CEO and founder of Well Aware Security believes that cybersecurity is a people problem first and foremost -- people are the ones who write and employ processes and people are the ones who create and use technology. No surprise then that people are behind some 95 percent of cybersecurity incidents.

Continue reading →

A new study shows that 81 percent of development teams have knowingly pushed vulnerable code live, with 20 percent of senior managers even admitting to doing so often.

The report from Immersive Labs based on work by Osterman Research shows low confidence in application security in general, with only half of CISOs believing secure applications could be developed and just 44 percent of all security teams believing their company could withstand a SolarWinds style attack on their build environment.

Continue reading →

The transition to agile development, the rise of microservices, and an increased reliance on cloud services for business operations due to the pandemic have all contributed to an explosion in software development and a dramatic reduction in software delivery time.

But as the speed and complexity of application development skyrockets, application security professionals increasingly find themselves unable to keep up. Silicon Valley startup ArmorCode has produced a next-generation application security solution that consolidates three key AppSec needs into a single intelligent platform and it's raised $3 million in seed financing to develop it further.

Continue reading →

One of the problems the finance and banking sector has had during the pandemic has been reduced branch access and the inability to hold face-to-face meetings.

Identity specialist OneSpan has introduced a technology called Virtual Room. Using this, financial institutions and their customers can digitally review and sign documents together without having to combine multiple tools and apps.

Continue reading →

Over the past 12 months, the COVID-19 pandemic has created the perfect environment for cybercrime to flourish, according to Verizon's 2021 Data Breach Investigations Report.

The report analyzed 29,207 quality incidents, of which 5,258 were confirmed breaches. With large numbers of people working remotely, phishing attacks increased by 11 percent, while attacks using ransomware rose by six percent.

Continue reading →

Anyone running Windows 10 version 2004 or 20H2 has a new cumulative update to install in the form of KB5003173. The update takes Windows build numbers up to 19041.985 and 19042.985.

Cumulative updatse like this are rarely über-exciting, and KB5003173 is no different. Although Microsoft has not introduced any major changes with the update, the release remains an important security update, and it's a good idea to get it installed.

Continue reading →

A new report from cloud-native network detection and response company ExtraHop shows that on the fourth anniversary of the WannaCry attack a high percentage of IT environments are still running known vulnerabilities.

It shows the continuing use of ill-advised and insecure protocols, including Server Message Block version one (SMBv1), which was exploited by the WannaCry ransomware variant to encrypt nearly a quarter of a million machines worldwide, and is still found in 67 percent of environments.

Continue reading →

A large majority of companies that move to multi-cloud environments are not properly configuring their cloud-based services according to a new report from Aqua Security.

Over 12 months, Aqua's research team analysed anonymised cloud infrastructure data from hundreds of organizations. These were divided into SMBs and enterprises based on the volume of cloud resources they scanned.

Continue reading →

HP is launching a newly integrated portfolio of secure by design PCs and printers, hardware-enforced endpoint security software, and endpoint security services to protect its customers from growing cyber threats.

The HP Wolf Security portfolio builds on the company's security research to offer a unified portfolio focused on delivering comprehensive endpoint protection and cyber-resiliency.

Continue reading →

Despite the fact that third party code in IoT projects has grown 17 percent in the past five years, only 56 percent of OEMs have formal policies for testing security.

A report from security testing and software research company GrammaTech, based on findings from a VDC Research survey, reveals that this is despite 73.6 percent of respondents saying security is important, very important or critical.

Continue reading →

Traditional techniques such as security awareness training and phishing simulations have a limited impact on improving employees' real-world cybersecurity practices according to a new report.

The study, prepared by the Cyentia Institute, uses aggregated data from 114,000 Elevate Security Platform users for the last three years, examining malware, phishing, email security and other real world attack data.

Continue reading →

Google is taking steps to make people's accounts more secure by announcing two initiatives to mark World Password Day.

Firstly it's automatically enrolling all Google account users in two-factor authentication. This will begin with accounts that are appropriately configured for this transition. You can see whether your account is ready in Security Checkup.

Continue reading →

Today is World Password Day, in case you hadn't already noticed, a day to promote better password management and safer password choices.

With billions of sets of stolen credentials circulating on the dark web, naturally there is plenty of advice and opinions on offer from the industry, so here's a look at some of what experts are saying about passwords, the vulnerabilities they represent and how they might be replaced.

Continue reading →

There will doubtless be a lot of comment surrounding today's World Password Day (watch this space) but to kick off we'll start with a new survey which shows that people aren’t keen on passwords at all.

The study from identity verification and authentication company Onfido reveals a variety of unpleasant activities that people would rather engage in than create a unique password.

Continue reading →

If you’ve found your system running unexpectedly short of storage space over the past couple of days, then Windows Defender could be to blame.

Some users report that the bug has led to hundreds of thousands and even millions of files being generated by the security software, taking up gigabytes of storage space.

Continue reading →