Articles about Security

0patch beats Microsoft to fix serious local privilege escalation vulnerability in Windows

Laptop plaster

Once again, micro-patching firm 0patch has beaten Microsoft to the punch, releasing an unofficial patch for a zero-day vulnerability in Windows.

This time around we're talking about CVE-2021-24084, a local privilege escalation (LPE) zero-day vulnerability in Windows' Mobile Device Management service. The flaw affects Windows 10 version 1809 and later, and Microsoft is yet to release an official patch of its own. Not wanting to leave systems at risk of attack, 0patch stepped in to help out users by offering up a free fix.

Continue reading

CronRAT is a new Linux malware set to strike on February 31st

CronRAT

Yes, you did read the headline correctly; security researchers have discovered a stealthy new remote access trojan (RAT) designed to attack Linux systems. Named CronRAT, the malware hides as a scheduled task and is configured to run on a non-existent date – February 31st.

Researchers from Sansec warn that CronRAT "enables server-side Magecart data theft which bypasses browser-based security solutions". This is something that is particularly concerning this Black Friday.

Continue reading

45 percent of Brits don't trust tech companies to safeguard their data

A survey of 2,000 UK adults, reveals that 45 percent don't trust big tech companies to safeguard their personal data.

The study from NexGen Cloud finds 66 percent concerned about how tech giants are able to collect and use their personal information. In addition only 24 percent of individuals believe big tech firms have their best interests at heart.

Continue reading

Phishing, ransomware and human error are seen as biggest security threats

web threats

New research from Python software house STX Next finds that that CTOs see human error, ransomware and phishing as the biggest security threats.

The study of 500 CTOs globally shows 59 percent still see human error as the main security threat to their business, alongside other prominent concerns such as ransomware (49 percent) and phishing (36 percent).

Continue reading

Zero-day vulnerability could give an attacker admin access in Windows 11 and older

vulnerability

A security researcher has revealed a serious vulnerability affecting Windows 10, Windows 11 and Windows Server. By exploiting the vulnerability, an attacker would be able to easily gain administrative privileges on a victim's system.

The discovery and revelation were made by Abdelhamid Naceri, during his research on a Microsoft patch for another vulnerability tracked as CVE-2021-41379. He was able to bypass the patch for the Windows Installer Elevation of Privilege Vulnerability and also discovered another serious zero-day for which he has shared a proof-of-concept exploit.

Continue reading

The machine identity crisis -- and what to do about it [Q&A]

Every single networked machine relies on an identity -- in the form of cryptographic keys or digital certificates -- so that it can identify itself and communicate with other machines securely.

In the wrong hands though machine identities can enable cybercriminals to appear trustworthy, slip past security defences undetected, gain access to networks, and exfiltrate data. Yet organizations still overlook the importance of protecting them.

Continue reading

New malware dispenses RAT droppings

A new javascript downloader named 'RATDispenser', distributing eight different Remote Access Trojans, keyloggers and information stealers has been uncovered by HP Wolf Security.

Most worrying is that RATDispenser is only detected by 11 percent of available anti-virus engines, meaning it's able to bypass detection tools and successfully deploy malware in the majority of cases.

Continue reading

Two-thirds of UK business leaders expect more cybersecurity threats

Around two thirds (66 percent) of UK business leaders expect the threat from cyber criminals to increase over the next 12 months, according to the latest PwC cybersecurity survey of business and technology executives.

In the past year ransomware has had a significant impact on organizations already dealing with the challenges posed by the Covid pandemic, and 61 percent of executives expect to see an increase in reportable ransomware incidents in 2022.

Continue reading

How businesses can improve their third-party security [Q&A]

Risk dial

In recent years many of the most high-profile cyberattacks have come through the supply chain, involving third-party suppliers and partners.

It's historically been difficult for businesses to assess third-party risks, often involving time consuming manual processes in order to do so.

Continue reading

Retailers at risk due to poor TLS/SSL management

Shopping cart key

Big retail businesses can have hundreds of TLS/SSL certificates identifying specific internet-connected devices, but many lack an organization-wide framework for managing them.

In the run up to the busiest shopping period of the year, new research from BitSight finds that 75 percent of the retail sector is at heightened risk of ransomware due to poor TLS/SSL configuration management.

Continue reading

Using AI to deal with ransomware attacks [Q&A]

AI money

Ransomware is a particularly heartless -- though undeniably lucrative -- endeavor. Criminals target schools, vital infrastructure, and even patient records in attempts to cash in. As a result, many security professionals put defensive ransomware strategies at the top of their to-do list.

Understandably, most of these strategies start with measures that minimize the footholds attackers can find. Checking inbound emails for ransomware payloads, giving users training on safe internet usage, and monitoring the network for suspicious activity are essential elements of an effective anti-ransomware strategy.

Continue reading

Mid-sized businesses are 490 percent more likely to be breached

Data breach

Mid-sized organizations are as much as 490 percent or more likely to experience a security breach by the end of 2021 as they were in 2019.

A report from security platform Coro shows that mid-size companies are largely unprotected due to the fact that they lack resources, expensive products and expertise needed to protect against increasing attacks.

Continue reading

Security pros lose sleep over protecting critical assets

A new poll of 250 information technology, IT security, legal and risk/fraud/compliance professionals reveals that 83 percent say they have experienced a successful cyber attack in the past two years, with half saying the attackers managed to reach their critical IT assets.

No surprise then that 86 percent admit to having been kept awake at night by concerns about the protection of critical systems.

Continue reading

So you think you're following best security practice? Think again

Security

A new report shows that 86 percent of organizations believe they follow best practices for security hygiene and posture management, though they may not actually be doing so.

The report, created for asset management and governance company JupiterOne by Enterprise Strategy Group (ESG), finds that 73 percent of security professionals admit that they still depend on spreadsheets to manage security hygiene and posture at their organizations.

Continue reading

It's beginning to look a lot like a cyberattack -- demands of the job hit CISOs' private lives

Two in five CISOs have missed holidays like Thanksgiving due to work demands and a quarter haven't taken time off work in the past 12 months.

A new report from Tessian based on a study of 300 CISOs also shows that they work, on average, 11 more hours than they're contracted to each week while one in 10 works 20 to 24 hours extra a week.

Continue reading

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.