Articles about Security

Traditional rule-based security techniques centered on malware signatures and perimeter protection are increasingly unable to cope with the latest, more sophisticated threats.

Taking a more behavior-based approach to spotting unusual or risky activity offers a solution, but what is required to make it work? We spoke to Sanjay Raja, VP of product marketing and solutions at cybersecurity specialist Gurucul, to find out.

Continue reading →

It's hard not to feel just a little bit sorry for the Russians at the moment. First the Ukrainians keep blowing up their tanks, and now it seems the country has topped the charts in terms of breached accounts from January to March this year.

A study by Surfshark shows that since the start of the invasion of Ukraine in March, 136 percent more Russian accounts have been breached than in February. Ukraine meanwhile appeared in 67 percent fewer breaches than in the quarter before the war.

Continue reading →

Phishing emails that mention holidays are most likely to entice employees to click, according to security awareness training company KnowBe4.

The Q1 2022 top-clicked phishing report finds successful subjects globally include: 'HR: Change in Holiday Schedule', 'St. Patrick's Day: Employee Behavior/Company Policies', and 'Starbucks: Happy Holidays! Have a drink on us'.

Continue reading →

Cyberattacks are something every organization fears. Perhaps those who should be most concerned, and which should scare us most, are the ones that control vital infrastructure -- nuclear power plants (recall Stuxnet in Iran?), banks, telephone carriers, healthcare and power grids. 

Today, security firm Trellix releases its latest report on the current state of affairs in the industry and, as expected, the news isn’t all rainbows and unicorns. 

Continue reading →

A new Risk Insights Index released today by Corvus Insurance reveals that the rate of ransomware claims reached in the final quarter of last year was just half of the peak seen in Q1.

At the same time the average ransom paid was around $167k, 44.2 percent less than the Q3 figure. Fewer ransoms are being paid compared to those demanded too. The percentage for the last quarter of 2021 held steady in the low twenties, down significantly from figures that once were over 50 percent. As recently as Q3 2020, the ratio was 44 percent.

Continue reading →

When the Log4Shell vulnerability first appeared at the end of last year it sent a shockwave through the cybersecurity community.

But just because it's no longer in the headlines doesn't mean it's gone away. There's still a lot that enterprises can learn from the vulnerability and the response to it. We spoke to Maninder Singh, corporate vice president and global head of cybersecurity and GRC services at HCL Technologies, to find out more.

Continue reading →

Windows 11 users have an important update to install. The KB5012592 update takes the operating system up to build 22000.613 and not only includes a number of important security fixes, but also introduces several significant changes.

Like the previously released KB5011563 update, the new KB5012592 update makes it possible to display up to three high-priority toast notifications simultaneously as well as fixing issues with OneDrive. The update also introduces a simpler way to change the default web browser in Windows 11, although it is a change that has been met with disdain from like likes of Mozilla and Vivaldi.

Continue reading →

A new survey finds 83 percent of 1,000 organizations surveyed experienced a certificate-related outage over the last year, with over a quarter (26 percent) saying critical systems were impacted.

The report from identity management firm Venafi shows that digital transformation is driving an average of 42 percent annual growth in the number of machine identities.

Continue reading →

A new survey of more than 1,200 security leaders reveals they've seen an increase in cyberattacks while their teams are facing widening talent gaps.

According to the latest State of Security report from Splunk 65 percent of respondents say they have seen an increase in attempted cyberattacks. In addition, many have been directly impacted by data breaches and costly ransomware attacks, which have left security teams exhausted.

Continue reading →

A new study reveals that 79 percent of cybersecurity professionals think that their organization prioritized maintaining business operations over ensuring robust cybersecurity in the last 12 months.

The CyberArk 2022 Identity Security Threat Landscape Report also points up how the rise of human and machine identities -- often running into the hundreds of thousands per organization -- has driven a build-up of identity-related cybersecurity 'debt', exposing organizations to greater risk.

Continue reading →

Early ransomware campaigns relied on sending out large volumes of emails in so called 'spray-and-pray' attacks.

But a new report released today by Cybereason highlights the rise of sophisticated RansomOps attacks that are allowing ransomware syndicates to reap the benefits of record profits.

Continue reading →

First held in 2021, Identity Management Day seeks to inform about the dangers of casually or improperly managing and securing digital identities by raising awareness and sharing best practices across the industry.

Today's second celebration of all things identity management -- you may have noticed the Identity Management Day eggs and bunnies in the shops (oh, they're for something else?) -- has sparked comment from many industry figures and we round up some of their thoughts below.

Continue reading →

The ongoing struggle between good and bad actors in the cyber world has often been compared to a battle or warfare. More recently the threat of nation state attacks on critical infrastructure has led to more actual military interest in the cyber arena, as we've seen in Ukraine.

The Israel Defense Force's 8200 unit is often referred to the SEALs or SAS of cyber military units and its veterans are driving many of Israel's tech start ups.

Continue reading →

Microsoft is putting the squeeze on anyone who is hanging doggedly on to an old version of Windows.

The company is ending support for Windows 10 version 20H2 in just a few short weeks, meaning that anyone who fails to upgrade will no longer receive security updates. Microsoft would, of course, like users to upgrade to Windows 11, but this is not the only option.

Continue reading →

A new study from Netwrix reveals that 70 percent of organizations use a vulnerability assessment tool, but not always for the reasons you might think.

Rather than to ensure compliance, 70 percent say the primary reason for purchasing the tool is the need for proactive security measures. In addition 76 percent of those who don't yet own a vulnerability assessment tool and plan to acquire one in the near future for the same reason.

Continue reading →