Articles about Security

Credential phishing continues to be the top threat facing organizations, increasing 10 percentage points since 2020, accounting for 67 percent of all phishing emails now observed.

The latest Annual State of Phishing Report from Cofense also reveals that 52 percent of all credential phishing attempts observed by the Cofense Phishing Defense Center (PDC) were branded as Microsoft.

Continue reading →

Microsoft is giving Windows users an easy way to avoid drivers that are known to contain vulnerabilities, helping to improve security.

The company is adding a vulnerable driver blocklist option to Windows Defender Application Control (WDAC) which will help to ensure that only trusted drivers can be installed. The new security measure is available to users of Windows 10, Windows 11 and Windows Server 2016 on systems with hypervisor-protected code integrity (HVCI) enabled, and Windows 10 in S Mode.

Continue reading →

A new study carried out by the Ponemon Institute and sponsored by passwordless authentication platform company Nok Nok Labs, shows the significant costs to businesses that result from authentication failures and weaknesses.

According to the study, which surveyed 1,007 IT staff, IT security leaders, and line of business leaders, the average business losses across all types of authentication weaknesses range from $39 million to $42 million.

Continue reading →

In the light of President Biden's new legislation requiring critical infrastructure organizations to disclose cyber incidents to the government within 72 hours, new research from BitSight shows how unprepared many are to meet the strict disclosure requirements.

Based on analysis of more than 12,000 publicly disclosed cyber incidents between 2019 and 2022, the research finds it takes the average organization 105 days to discover and disclose an incident from the date it occurred.

Continue reading →

The public sector has the highest proportion of security flaws in its applications along with some of the lowest and slowest fix rates compared to other industry sectors.

A new report from application security testing company Veracode finds 82 percent of public sector applications have security flaws and that 60 percent of flaws in third-party libraries in the public sector remain unfixed after two years.

Continue reading →

We all make mistakes from time to time, but a cybersecurity error could cost you your job according to a new report.

The study from email security company Tessian finds almost one in four respondents (21 percent) lost their job as a result of a security mistake that compromised their company’s security -- up from 12 percent in 2020.

Continue reading →

The average time to known exploitation of vulnerabilities is 12 days, down from 42 days last year, according to the latest Rapid7 Annual Vulnerability Intelligence report.

Of 50 2021 vulnerabilities looked at in the report, 43 were exploited in the wild and 52 percent of the known exploited vulnerabilities in this report came under attack within one week of public disclosure.

Continue reading →

Google has released an emergency patch for the Windows, macOS and Linux versions of Chrome after the discovery of a zero-day vulnerability that the company says is being actively exploited.

The security fix comes as Microsoft releases a patch of its own for the same vulnerability (CVE-2022-1096) in Edge, its Chromium-based browser. While neither company has given much detail about the problem, Google describes it as being of high severity.

Continue reading →

The Federal Communications Commission has added Kaspersky to its blacklist in a move that has been branded as political. The FCC says that the Russian security firm has been "deemed to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons".

What this means in practice is that Kaspersky is ineligible to receive FCC funding, joining companies such as Huawei and ZTE. Kaspersky has also been sanctioned by HackerOne, with its bug bounty program being indefinitely suspended.

Continue reading →

Security is always a hot topic, but recent world events have made it more critical than ever to review -- and potentially change -- the security you use to protect your PC. With governments worldwide reiterating their warnings about using Russian-made antivirus tools, now is the time to look for a trusted alternative, and we’ve got just the tool to protect your entire household for the next two years.

Developed in Europe, Avast Ultimate 2022 is designed to protect up to 10 devices across Windows, Mac, iOS and Android. It’s a suite of four products: Avast Premium Security 2022, Avast SecureLine VPN 2022, Avast Cleanup Premium 2022, and Avast AntiTrack Premium 2022. Combined, you get comprehensive protection from all kinds of threats, not just against malware.

Continue reading →

Though the overall number fell slightly, DDoS attacks became both bigger and more complicated in 2021 according to a new report from cloud-based managed security services platform F5 Silverline.

By the final quarter of last year the mean attack size recorded was above 21 Gbps, more than four times the level at the beginning of 2020. Last year also saw the record for the largest-ever attack broken on several occasions.

Continue reading →

The annual tax season is inevitably the cue for a spate of attacks impersonating official sites or popular accounting software.

In a new twist for this year researchers at email security firm Avanan have uncovered attacks spoofing fintech apps such as Stash and Public to steal credentials and give users a false sense of security that they've compiled the right tax documents.

Continue reading →

More than three-quarters (78 percent) of respondents to a new survey say managing user identities between multiple clouds is their number one challenge.

The study carried out by Forrester for Strata Identity finds 70 percent want to migrate to the cloud increase security and protect data. But at the same time 28 percent of companies are using four or more public/private clouds today and that's expected to more than double in two years to 65 percent.

Continue reading →

New research from Splunk's SURGe team looks at how quickly ten major ransomware strains, including Lockbit, Revil and Blackmatter, can encrypt 100,000 files.

The research shows that the median ransomware variant can encrypt nearly 100,000 files totaling 53.93GB in 42 minutes and 52 seconds. Encryption speeds vary between ransomware variants though with individual ransomware samples ranging from four minutes to three and a half hours to encrypt the same data.

Continue reading →

Almost a third (29 percent) of workers still use the same passwords for both personal and work accounts, potentially compromising their organisation if a personal account gets hacked.

A new study of 2,000 UK adults carried out by OnePoll for professional services company Gemserv also shows 39 percent of respondents access corporate accounts and content from their personal devices often or always, with another 24 percent doing so sometimes.

Continue reading →