Articles about Security

The supply chain attack involving SolarWinds software last year has caused ripples throughout the cybersecurity industry, not least because it went undetected for nine months.

The attack was able to bypass traditional email security by exploiting trusted communications routes between vendors and customers. A worrying new report from Abnormal Security shows that this technique is becoming a mainstream attack vector.

Continue reading →

Greater emphasis on emotional intelligence and other skills required to work with different stakeholders is placing new demands on Chief Information Security Officers (CISOs) according to a new study.

But it's also creating opportunities for CISOs to become leaders of their organizations, according to the report from cyber security provider F-Secure, in conjunction with Omnisperience.

Continue reading →

Almost 75 percent of security analysts are worried about missing out on alerts according to a new study carried out by IDC for FireEye.

The research, which surveyed 300 IT security managers and security analysts in the US, also shows that nearly half of the alerts security analysts receive are false positives, and almost a third get ignored.

Continue reading →

The pandemic-driven shift to remote working has led cybercriminals to ditch many of their old tactics, and put a new emphasis on gathering intelligence and exploiting and preying on fears with targeted and sophisticated attacks.

The latest State of Malware report from Malwarebytes has found a major shift in the devices targeted and strategies deployed by cybercriminals.

Continue reading →

Just days after the regular update release date of Patch Tuesday, Microsoft has released an out-of-band patch to address a problem with WPA3 connections in Windows 10.

The KB5001028 update is for Windows 10 version 1909, and it fixes a problem that caused blue screens and stop error 0x7E in nwifi.sys when using a WPA3 connection. Microsoft says that the problems arose after users installed the KB4598298 or KB4601315 updates.

Continue reading →

Many of us will at some point have attached the wrong file to an email or sent an attachment to the wrong person.

This is more than an inconvenience as it could end up exposing sensitive data. But thanks to a new feature from Tessian you may never make an attachment error again.

Continue reading →

Despite a sharp decrease of 19.2 percent observed earlier in the year, vulnerability disclosures in 2020 are expected to exceed 2019's level according to Risk Based Security.

The company's VulnDB team aggregated 23,269 vulnerabilities disclosed during 2020. Despite the initial disruption from COVID-19, the trend of total number of vulnerabilities suggests that business operations and routines have normalized as the gap has closed to 0.98 percent.

Continue reading →

A new study from cybersecurity company Deep Instinct, finds that last year malware increased by 358 percent overall and ransomware increased by 435 percent as compared with 2019.

The report which analyzes millions of attacks taking place across the year finds distribution of the Emotet malware skyrocketed by 4,000 percent, while malware threats attacking Android phones increased by 263 percent.

Continue reading →

Enterprises invest billions annually on SIEM (Security Information and Event Management) software and expect this investment to result in comprehensive threat coverage.

But a new report from AI-powered threat coverage platform CardinalOps shows that on average SIEM deployment rules miss 84 percent of the techniques listed in MITRE ATT&CK.

Continue reading →

Whenever Microsoft releases updates for Windows, the company is always keen for as many people as possible to get the patch installed. But with this month's Patch Tuesday bug fixes, the company is encouraging Windows users even more than usual.

Referring to two Critical security issues and one Important one, all affecting TCP/IP, Microsoft says that "it is essential that customers apply Windows updates to address these vulnerabilities as soon as possible". The CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094 vulnerabilities affect Windows 7 upwards.

Continue reading →

Today is Safer Internet Day, held annually to promote making the internet a safer and better place for all and particularly for children and younger users.

Industry experts have been keen to offer their their views and advice and we've put together a round up of some of the best.

Continue reading →

Detecting and resolving data leakage is a top security challenge for public sector organizations with 24 percent suffering accidental leakage of cloud data.

The 2021 Cloud Data Security Report from Netwrix finds phishing (reported by 39 percent of organizations) to be the most common incident that government agencies experienced in the cloud, followed by accidental data leakage (24 percent) and targeted attacks on infrastructure (22 percent).

Continue reading →

Failure to automate control of physical accounts is a major weak point in enterprise security according to a study released by Thycotic.

Among the findings are that a significant number of enterprises (28 percent) only audit privileged access management (PAM) on a quarterly or annual basis.

Continue reading →

Cybersecurity and risk management company RSA is launching Detect AI, a cloud-native advanced analytics and machine learning solution that provides rapid detection and actionable insights on data captured by the RSA NetWitness Platform.

It employs cloud-scale processing for behavior analytics and uses unsupervised machine-learning to allow it to detect and respond to threats without manual oversight.

Continue reading →

Disclosed vulnerabilities in industrial control systems (ICS) increased 335 percent in the second half of 2020 compared to the first half.

A new report from Claroty also shows that in the same period 71 percent of ICS vulnerabilities disclosed were remotely exploitable through network attack vectors.

Continue reading →