Articles about Security

Only 22 percent of organizations have developed a formal DevSecOps strategy integrating security into software development lifecycle processes, according to a new report.

But the study from Mezmo shows an overwhelming percentage of those that do have a strategy report a positive impact on accelerating incident detection (95 percent) and response (96 percent) efforts.

Continue reading →

A successful cyberattack can have significant costs for a business, in terms of both reputation and finances. But what's the actual cost of an attack? And if you're looking at insurance how much should you be covered for?

To help answer those questions Safe Security is announcing two industry-first assessment tools to empower organizations to make financial decisions based on their actual cyber risk.

Continue reading →

On Monday, hacker group ClOp claimed to have gained access to 5TB of data from UK water supplier Thames Water and said it could change the chemical composition of the company's water supply.

Thames Water denied the reports and said it hadn't faced a cyber attack. Today it emerges that an attack has taken place but on a different company, South Staffordshire plc, the parent company of South Staffs Water and Cambridge Water.

Continue reading →

Monitoring of backups has long been a necessary chore for IT professionals, but a report out today shows that new issues are also impacting the category and creating greater challenges.

The study from Bocada, a company which specializes in the automation of backup reporting and monitoring, is based on a survey of over 260 IT professionals. Varied environments and growing data volumes are revealed as a major concern, with securing data across backup applications the most-cited backup management challenge, followed by protecting growing data volume.

Continue reading →

The IT infrastructure of a modern enterprise is made up of a complex architecture of dynamic networks, cloud deployments, software applications, and endpoint devices.

Each of these has its own set of security controls, which form a critical part of the technology ecosystem, but managing these systems can hinder efficient threat detection and response, which in turn compromises visibility, allowing vulnerabilities and gaps to flourish.

Continue reading →

Verizon recently released its 2022 Data Breach Investigations Report, giving businesses vital insights into the state of cybersecurity around the world. Containing an analysis of over 23,000 incidents and 5,200 confirmed breaches over 15 years, Verizon attributes the number-one motive of cyberattacks to financial gain. Almost four out of five breaches were attributable to organized crime seeking to extort businesses of hefty ransomware sums, backed by insurance pay-out.

Verizon has also estimated that there has been a 13 percent increase in ransomware breaches -- this is more than in the last 5 years combined. Additionally, 82 percent of cyber breaches involved a human element, namely through stolen credentials, phishing, misuse or simply an error.

Continue reading →

There has been a 90 percent increase in the number of healthcare organizations targeted by cyber-attacks, in comparison with the first quarter of 2022.

The latest cyber threat Landscape report from Kroll finds that while phishing continues to be the vector used for initial access, there has been a vast increase in external remote services (such as VPNs and RDP environments) being compromised, up 700 percent.

Continue reading →

As more and more devices that we might not conventionally think of as 'IT' become connected, the risks to enterprises increase.

To address this concern Claroty is launching xDome, a new cloud-based industrial cybersecurity platform that drives cyber and operational resilience for modern industrial businesses.

Continue reading →

New research from Accenture shows that data stolen in ransomware and other cyberattacks is being weaponized in order to carry out business email compromise (BEC) attacks.

Underground forums have sets of credentials for sale for as little as $10 that provide access to genuine corporate email accounts, making malicious emails seem genuine.

Continue reading →

Office macros have long been a favorite attack method for cybercriminals but now that Microsoft has started blocking them by default the bad guys have started to turn to other methods.

A new report from HP Wolf Security shows a shift to shortcut (LNK) files being used to deliver malware. Attackers often place shortcut files in ZIP email attachments, to help them evade email scanners.

Continue reading →

With more people working remotely, messaging and email have become even more essential tools, but the sharing of sensitive data via these routes also presents risks.

Concentric AI is using this week's Black Hat USA to launch an AI-based solution that protects sensitive data shared as text or attachments across today’s most popular business messaging platforms, including email, Slack, and Microsoft Teams.

Continue reading →

The US Cybersecurity and Infrastructure Security Agency has issued a warning about a security issue with the UnRAR tool for Linux-based systems.

The vulnerability is being tracked as CVE-2022-30333, and if successfully exploited, the flaw could allow an attacker to use the process of unpacking an archive to write data to an area of storage.

Continue reading →

In the second quarter of this year malware events increased over 25 percent, botnets doubled and exploit activity grew by nearly 150 percent, according to a new report.

The report from managed security services provider Nuspire, based on threat intelligence analyzed from Nuspire's trillion traffic logs from client sites and associated with thousands of devices from around the world, shows a substantial increase in botnet activity near the end of Q2, attributed to Torpig Mebroot botnet, a banking trojan designed to scrape and collect credit card and payment information from infected devices.

Continue reading →

It is that time of the month again -- the time that Microsoft releases updates for Windows 11. This time around, the company has released the KB5016629 update to not only fix a problem that prevented the Start menu from opening, but also to address various security issues.

This is a cumulative update which also includes the changes that were part of the KB5015882 update that was made available last month. This means that the KB5016629 update fixes problems with File Explorer as well as introducing new Focus Assist features and better Windows 11 updating.

Continue reading →

A new study reveals that while 80 percent of enterprises are using open source software (OSS) -- set to rise to 99 percent in the next year -- a mere one percent say they aren't worried about security.

The report from Synopsys, based on research by Enterprise Strategy Group (ESG), shows that in response to high profile supply chain attacks 73 percent of respondents say they have increased their efforts significantly to secure their organizations' software supply chain.

Continue reading →