Articles about Security

Google is preparing to launch a new Chrome feature which will give users the ability to hide their IP address. Previously known as Gnatcatcher, the feature is now called IP Protection and makes use of proxies to help prevent online tracking.

IP Protection is described as "a privacy proxy that anonymizes IP addresses for qualifying traffic". One of its primary aims is to limit the possibility for fingerprinting as a means of tracking users online, which is something that has become increasingly common as steps are taken to block, and even kill off, third-party cookies.

Continue reading →

The news last month of yet another cyberattack on MGM Resorts, initiating a system shutdown and disrupting its operations, is yet another in a very long list of attacks that we have witnessed in the past couple of years.  Having the right preventive and defensive cybersecurity measures in place for such attacks is a given, and it is what most organizations focus on. But it is also about understanding how the organization will recover from an incident and how they can limit the extent of an attack. 

Today, being impacted by a cyberattack is almost inevitable. The global average cost of a data breach in 2023 was $4.45 million, a 15 percent increase over 3 years, according to IBM. Therefore, companies also need to think about how they can proactively recover, how quickly they can recover, and the cost of recovery to the business.

Continue reading →

Today, Global Encryption Day 2023, marks the perfect opportunity to reflect on what has been a highly challenging year for the technology.

Encryption acts as a fundamental safeguard of data privacy, securing data both during transmission and while at rest. It often serves as a primary defense against hackers and is indispensable in preventing unauthorized access to sensitive information. With the risk of reputational damage and massive fines for those who are breached, it is essential for any organizations looking to ensure regulatory compliance.  

Continue reading →

In this new era of generative artificial intelligence, one of the biggest security risks involves business email compromise attacks. Countless malicious phishing emails are already being cloned, refined, and delivered by smart AI bots around the world.

A business email compromise (BEC) is a sophisticated cybercrime that uses emails to trick the receiver into giving up funds, credentials, or proprietary information through social engineering and computer intrusion techniques. Many BEC attacks combine multi-channel elements to make the frauds seem more convincing, such as incorporating fake text messages, web links, or call center numbers into the mix with email payloads. For example, the attackers might spoof a legitimate business phone number to confirm fraudulent banking details with a victim.

Continue reading →

A new report goes some way to showing that the BitLocker security feature of Windows 11 could be massively reducing the performance of SSDs.

An investigation found that the data encryption tool, which is enabled by default in Windows 11 Pro, can slow solid state drives by as much as 45 percent. While it would be reasonable to expect a bit of a performance drop overall as the software works away encrypting and decrypting files, few people would expect the hit to be quite so significant.

Continue reading →

Cybersecurity Awareness Month does precisely what its name suggests. It serves as a reminder of the sector's importance for businesses and consumers across the globe.  

As we look back on yet another year where threats have continued to evolve, and the task at hand seems greater than ever -- it's important to take cognizance of the cyber-dangers out there and recognize our roles in the fight against 'hackers'. 

Continue reading →

It’s the 20th anniversary of Cybersecurity Awareness Month, and it’s safe to say a lot has changed in the cybersecurity industry since then. For example, just over the last year, we have seen the meteoric rise of generative AI and the huge impact it is already having on the cybersecurity industry.

Aaron Kiemele, CISO at Jamf, argues that now with the rise of generative AI, the threat posed by techniques such as phishing has completely changed: "With the advancements in large language models for machine learning, such as ChatGPT, cybercriminals are leveraging AI to automate attacks, analyze vast amounts of data, and craft more effective phishing emails or malware to achieve their nefarious ends. We can no longer rely on bad spelling or sketchy formatting."

Continue reading →

The Meta-owned messaging app WhatsApp has joined the growing legions of apps and services to support passkeys.

Initially available to Android users, the passwordless authentication feature makes it possible to secure a WhatsApp account with face recognition, a fingerprint or a PIN. It is a security feature that is billed as not only offering greater protection than passwords, but also being faster to use.

Continue reading →

It can be frustrating to buy a new phone only to discover that there is an OS update to install before you can start using it. For iPhone users this could soon be a thing of the past thanks to an innovative new system developed by Apple.

The recently released iPhone 15 suffered with an overheating issue that was later fixed with a software update, putting the onus on owners of new devices to download and install the patch. But a new "proprietary pad-like device" will allow Apple Stores to install the latest software on handsets without the need to open the box.

Continue reading →

Microsoft now has a bug bounty program that aims to find issues in artificial intelligence. Specifically, the Microsoft AI Bounty Program is focused on tracking down vulnerabilities in the company’s own AI-powered "Bing experience". This catch-all term covers a surprising number of products and services.

Interestingly, with this bounty program Microsoft is only offering rewards for the discovery of vulnerabilities considered Critical or Important. Those that are deemed of Moderate or Low severity will go unrewarded.

Continue reading →

With the increasing reliance on APIs, detecting suspicious API traffic has become crucial to ensure the security and integrity of these interactions. Suspicious API traffic poses a huge threat to the overall system and its data, the traffic can indicate malicious intent such as unauthorized access attempts, data breaches, or even potential attacks targeting vulnerabilities in the API infrastructure.

API traffic refers to the data and requests that are transmitted between different applications or systems using APIs. This allows software programs to communicate and exchange information, enabling seamless integration and interaction between various platforms. API traffic also involves the transfer of data, such as requests for data retrieval or updates, between the client application and the server hosting the API. 

Continue reading →

The modern workforce is more distributed and dependent on devices than ever before. In this hybrid work environment, digital employee experiences are siloed. IT teams are on the hook to ensure end-user productivity despite strained financial resources and the IT talent war.

Despite their technical expertise, IT service teams are limited in their ability to be in multiple locations at once. Distributed workforces further cause significant blind spots and open up businesses to vulnerabilities hiding in the dark estate. That’s where hidden issues live, yet IT teams can’t see them. The potential for unknown risks is nothing new in IT. So why should businesses care about the dark estate, especially now when IT departments are already burdened by lengthy lists of service requests, putting out fires, and keeping up with security challenges?

Continue reading →

In the ever-evolving realm of the cloud, dwell times are now measured in moments, not days. Whereas Mandiant’s 2023 M-Trends report highlighted a global median dwell time of 16 days for on-premises environments, the Sysdig Threat Research Team (TRT) recently reported in their 2023 Global Cloud Threat Report that cloud dwell time is five minutes.

To better understand the stark difference between defenders' abilities to find attackers in the cloud and on-premises, I sat down with the Sysdig TRT to discuss their findings. They circled around four distinct, but closely related reasons.

Continue reading →

With the release of this month's security updates for Windows, Microsoft has brought to an end support for not only Windows Server 2012, but also Windows 11 21H2.

What this means for users of these versions of the operating system is that there will be no more updates of any sort made available -- and this means both security updates and non-security updates. For anyone who wants or needs to stick with Windows 2012, things could get expensive, but there are free upgrades available to those currently running Windows 11 21H2.

Continue reading →

For anyone running Windows 10 21H2 or Windows 10 22H2, Microsoft has a new cumulative update that fixes various issues with the operating system as well as introducing new features and options.

As is customary, Microsoft provides sparse details about the security issues the update addresses, but it does share information about the various other improvements included in the KB5031356 update.

Continue reading →