Protecting backups from ransomware [Q&A]
Cybercriminals know that backups are the last line of defense against ransomware, so it’s essential that they are properly protected.
In an ideal world they would be air-gapped but in the current era of hyperconnectivity that can prove somewhat impractical. We talked to Bret Piatt, CEO of CyberFortress, to discuss the need to protect backups and the strategies for doing so.
Google launches OSV-Scanner to help identify vulnerabilities in open source software
Google has announced a new tool designed to help identify vulnerabilities in open source software.
The OSV-Scanner is described as a frontend to the existing OSV (open source vulnerabilities) database and one of the aims is to alert developers to security issues in the code their projects depend on.
Microsoft releases KB5021233 and KB5021237 updates to fix Windows 10 security issues
Microsoft has released a couple of important cumulative security updates for Windows 10. The KB5021233 and KB5021237 updates are available for Windows 10 versions 1809, 21H1, 21H2 and 22H2.
Because of the security issues addressed by the updates, both are mandatory and will be automatically installed. In addition to security fixes, there are a handful of other notable changes with these updates.
As we go into 2023, corporate aposematism is a worthy consideration
Despite the endless amount of information that is available on cyber security and ransomware, alongside technology providers waxing lyrical about breach prevention, the view that "it’ll never happen to us" is still prevalent -- not just among smaller businesses, but surprisingly in bigger organizations too.
So, when the breach actually happens, and the bad actors demand a ransom, frequently, organizations’ reflex reaction is to make the ransom payment as a way of "making it go away".
Play multiplayer Tron in a Windows or Linux terminal window
If you copy large files from one location to another in Windows you can now play Lunar Lander in the copy dialog box.
If you prefer to play multiplayer Tron (or single-player Snake) you can do so through a Windows or Linux terminal. Microsoft gives users a choice of command-line shells, but this game runs just fine in anything including Command Prompt, PowerShell or Terminal, although you’ll need to make sure you’re running it in Administrator mode.
Distractions means 36 percent of tech workers only do the bare minimum for security at work
In a year of international events that has been dubbed a 'permacrisis', 46 percent of tech industry workers say that distractions from world events make it hard to care about their jobs.
More worrying is that 36 percent of tech industry workers say they only do the bare minimum when it comes to security at work -- compared to 11 percent of employees in other industries.
Bad bot traffic up 50 percent as fraudsters target Black Friday
New research from Kasada shows a 50 percent jump in bad bot activity during Black Friday week, with bot operators using customized open-source development tools, headless browsers, and new Solver Services to conduct their attacks at scale.
The report also shows a six times spike in automated gift card lookups this holiday shopping season, a key indicator that fraudsters are using bots to identify and steal gift card balances.
Would you bet your chocolate on preventing a breach?
While 97 percent of business leaders and security professionals say their organization is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago, one in five wouldn't bet a chocolate bar that they could prevent a damaging breach.
Ivanti surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand their perception of today's cybersecurity threats and find out how companies are preparing for future threats.
What dangerous security vulnerabilities can access control systems have?
Modern access control systems can recognize employees by their faces. This is very convenient. People do not need to wear a badge with an RFID chip around their necks all the time and use the card with every closed door. It seems that the future has come. Employees can walk around the office with their heads held high, and the doors will open by themselves.
But it turns out that many access control systems that use facial recognition technology have security vulnerabilities. In this article, you will read about the most dangerous problems.
Microsoft completely ends support for Windows 7 and Windows 8 in under a month; now really is the time to move on
It is no secret that the uptake of Windows 11 is rather slow. Microsoft may be unlikely to publicly say as much, but the company will no doubt be extremely disappointed at the number of people who have made the leap to the latest version of its operating system.
All this could change in 2023, however. There are many people and businesses who have hung on to Windows 7 or Windows 8, despite the fact that mainstream supported ended back in 2020. But when January 10, 2023 rolls around, Microsoft will no longer even offer paid-for Extended Security Updates. And with the likes of Edge and Chrome no longer supporting the aged OSes, the time really has come to switch to Windows 11.
When disaster strikes, having the proper business continuity and emergency preparedness technology can ensure enterprise resiliency within healthcare organizations
Even when a disaster or critical incident occurs, hospitals and healthcare organizations must be able to continue to provide assistance to existing patients, while also preparing for a surge of new ones. With many hospitals operating at nearly full capacity, even during periods of relative calm, business downtime of any duration will significantly impact both profitability and patient health outcomes; ensuring business continuity during any situation is critical, particularly in a times of limited resources.
While readiness for crises and critical incidents is essential for conducting resilient business operations in any industry, for healthcare providers, the stakes are higher. Threats like communicable disease outbreaks, weather disasters, and cyberattacks not only disrupt business-as-usual -- they also put individual lives and community well-being in jeopardy.
How fraudsters attack blockchain technology and how it can be prevented
The global financial crisis of 2008-09 resulted in the development of the Bitcoin whitepaper which introduced the world to the idea of blockchain technology and cryptocurrency. Within blockchain, information is stored in several databases (blocks) that are linked together chronologically through cryptographic hashes to form a distributed network (chain). Since its inception the global blockchain market is expected to hit $67.5 billion by 2026.
Within the realm of banking, financial services, and insurance (BFSI) the evolution of cryptocurrencies as an asset class for investors has furthered the commercialization of blockchain technology through decentralized finance (DeFi) services. As of 2021, there are over 6,000 cryptocurrencies being traded freely with global cryptocurrency market capitalize reaching $990 billion. Serving investors' needs are exchanges, lenders, asset managers, custodians, cross-border payment applications, and clearing & settlement houses that all benefit from the surge in blockchain use-cases.
The opportunities and risks of the metaverse
We know that not many consumers actually care about the metaverse, but that hasn't stopped tech giants investing heavily in preparing for it.
A new report from Tenable, based on a study of 1,500 professionals representing roles in cybersecurity, DevOps and IT engineering, shows 68 percent of respondents plan to do business in the metaverse within the next three years, with 23 percent having already begun initiatives in the past six months.
Budget and momentum are key to cybersecurity automation maturity -- and CISOs are feeling left behind
As cyber threats intensify and the human and financial resources available to deal with them remain limited, there is a growing need for automation in cybersecurity.
The intelligent automation of key cybersecurity processes can significantly improve an organization's posture and at the same time support under-pressure employees by reducing reliance on manual processes. But in what is a relatively new approach, how far have organizations progressed along the cybersecurity automation maturity curve and is everyone on the same journey?
Why your security strategy needs to be pre-emptive [Q&A]
As cyberattacks become more sophisticated, so traditional security techniques may no longer be up to the task of protecting systems.
What's needed is an approach that can spot the routes an attacker may use and help close them down. We spoke to Todd Carroll, CISO at CybelAngel and with over 20 years previous experience in the FBI's cyber, counter intelligence, and counter terrorism branches, to discuss the need for a pre-emptive attitude to cybersecurity and how such an approach can work.