Security News

With data breaches on the rise along with consumer demand for privacy and control over their own data, governments have in turn adopted new data protection regulations - and businesses are feeling the pressure. The survey reveals that despite the growing demand for data privacy and security, U.S. consumers still lack familiarity with data protection best practices.

The growing awareness of cloud misconfigurations comes at a time of huge growth in cloud platforms. On one hand, 87 percent said they were fully or mostly in control of their remote working environment, with 51 percent crediting the acceleration of cloud migration as an influence that had improved their security best practice.

So you've decided to set up a vulnerability scanning programme, great. If you're not sure about that yet - check out this comprehensive vulnerability scanning guide.

If you're like most IT professionals, the threat of a ransomware attack might keep you up at night. Recent Veritas Technologies research suggests that the average organization has had 2.57 ransomware attacks that led to significant downtime in the past 12 months, with 10 percent experiencing downtime that impacted business more than five times.

The National Cybersecurity Alliance and CybSafe announced the release of a report which polled 2,000 individuals across the U.S. and UK. The report examined key cybersecurity trends, attitudes, and behaviors ahead of Cybersecurity Awareness Month this month. "The cybersecurity threat landscape is as complex and diverse as it has ever been," said Lisa Plaggemier, Interim Executive Director, National Cybersecurity Alliance.

Cybersecurity training is not the same across all companies; SMB training programs must be tailored according to size and security awareness. Who better to give advice about how small- or medium-sized businesses should handle cybersecurity than an organization and expert with currency in helping SMBs survive? Anete Poriete, UX researcher at CyberSmart, in her Real Business article, The Best Practises for Cybersecurity Training in SMEs, said there's a common misconception that SMBs aren't aware of cybersecurity threats.

Despite a marked increase in concerns around malware attacks and third-party risk, only 8% of organizations with web applications for file uploads have fully implemented the best practices for file upload security, a report from OPSWAT reveals. Most concerning, one-third of organizations with a web application for file uploads do not scan all file uploads to detect malicious files and a majority do not sanitize file uploads with CDR to prevent unknown malware and zero-day attacks.

The Open Source Security Foundation on Wednesday announced the availability of a new GitHub app that can be used to automatically and continuously enforce security best practices for GitHub projects. Allstar is a companion to Security Scorecards, an automated risk assessment tool for repositories and their dependencies that was also contributed by Google.

Google and the Open Source Security Foundation have released Allstar, an app that allows organizations / owners of GitHub repositories to set up security policy expectations for GitHub projects and to make sure that these policies are adhered to. "Allstar works by continuously checking expected GitHub API states and repository file contents against defined security policies and applying enforcement actions when expected states do not match the policies," OpenSSF's John Mertic explained.

The PCI Security Standards Council and the Cloud Security Alliance issued a joint bulletin to highlight the importance of properly scoping cloud environments. At a high level, scoping involves the identification of people, processes, and technologies that interact with or could otherwise impact the security of payment data or systems.