Security News

Microsoft tightens Edge security for less visited websites
2022-08-08 17:15

Microsoft wants to make it safer for Edge users to browse and visit unfamiliar websites by automatically applying stronger security settings. "With enhanced security mode, Microsoft Edge helps reduce the risk of an attack by automatically applying more conservative security settings on unfamiliar sites and adapts over time as you continue to browse."

How older security vulnerabilities continue to pose a threat
2022-08-08 17:00

Patching security vulnerabilities should be a straightforward process. A report released Monday, August 8, by security firm Rezillion looks at how older vulnerabilities patched by the vendor still pose risks to organizations.

Businesses are struggling to balance security and end-user experience
2022-08-08 08:00

Modern organizations are challenged by conflicting demands to secure the enterprise while delivering excellent end-user experience, according to Broadcom Software. This Help Net Security video highlights how increasing reliance on cloud applications is changing the way businesses operate.

Microsoft Edge gets better security defaults on less popular sites
2022-08-06 15:12

Microsoft is rolling out a new update to the Microsoft Edge Stable Channel over the coming days to improve the web browser's security defaults when visiting less popular websites. Starting with version 104.0.1293.47, Edge will toggle on the "Basic" level of security when the "Enhance your security on the web" optional browsing mode is enabled in settings.

Resolving Availability vs. Security, a Constant Conflict in IT
2022-08-05 10:39

In this article, we'll look at the availability vs. security conflict, and a solution that helps to resolve that conflict. In practice, security teams can make a demand that a system must go down for patching right now and not two weeks from now, reducing availability in order to patch immediately - never mind what the consequences are for users.

Three Common Mistakes That May Sabotage Your Security Training
2022-08-04 10:37

This is where security awareness training comes into play. Security awareness training gives companies the confidence that their employees will execute the right response when they discover a phishing message in their inbox.

6 ways your cloud data security policies are slowing innovation – and how to avoid that
2022-08-04 04:30

As practically every organization shifts from managing their data in network-based data centers to storing it in the cloud, cloud data security policies are created to secure this data in a cloud environment. Development teams leverage the benefits of data in the cloud to generate a growing amount of cloud data stores and tools, to keep up with innovation.

Pulling security to the left: How to think about security before writing code
2022-08-03 15:33

One approach to writing, building and deploying secure applications is known as security by design, or SbD. Taking the cloud by storm after the publication of an Amazon White Paper in 2015, SbD is still Amazon's recommended framework today for systematically approaching security from the onset. SbD is a security assurance approach that formalizes security design, automates security controls and streamlines auditing.

Minimizing the security risks of Single Sign On implementations
2022-08-03 14:04

Because the user was only required to remember a single password, an organization could require additional password complexity, thereby improving the overall password security. While the use of SSO did indeed result in some organizations adopting stronger password policies, it also created additional security risks.

On-Demand Webinar: New CISO Survey Reveals Top Challenges for Small Cyber Security Teams
2022-08-03 12:13

The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis. Survey Results: Top Threat Protection Product Pain Points Overlapping capabilities of disparate technologies: 44%. Being able to see the full picture of an attack: 42%. Deployment and maintenance of disparate technologies on one machine: 41%. Lack of forensic information: 40%. Missing reporting capabilities: 25%. Many of the issues smaller teams face with threat protection products are largely attributable to the fact that they're designed for larger organizations with bigger teams and budgets.