Security News

"Several years ago in cybersecurity, companies realized that the single greatest threat vector was the individual end user. So, the focus shifted from perimeter and end-point security to automatically applying security at the user level," said Jeff Kukowski, CEO of CloudBolt. "I think this new report reveals a similar parallel in cloud security. Macro solutions that don't make cloud security automatic at the individual, cloud-provisioning 'moment of truth' create lots of opportunity for exposure and leave enterprises only 'somewhat, sometimes' secure. I predict 2023 will be the year we see significantly more focus on shoring up these current cloud security shortfalls. It's a very solvable problem when you apply the right approaches," Kukowski continued.

As VP of Research at Pentera, Alex Spivakovsky leads a team of former pen-testers, red-teamers, and incident response experts whose job is to bypass existing security controls. In this Help Net Security video, Spivakovsky discusses the misconception that hackers are waiting by their computers, monitoring the latest CVE announcements, and constructing plans to breach a company by exploiting the CVE. It's a backward way of thinking about the hacking process because, to a hacker, a CVE is a tool, not a strategy.

A report released on Tuesday by researchers from Cisco's Talos threat intelligence group dissected one: XLL files in Excel. Microsoft describes XLL files as "a type of dynamic link library file that can only be opened by Excel".

Security benefits of on-premises networks Monitoring and on-site staff mitigate security risks. "On-premises security deals with deploying tools that require all network traffic to be routed via the physical security appliances residing on the network premises, so it can be monitored and analyzed to mitigate security risks," Thangaraj said.

With the rapid expansion of Internet-connected devices, both consumer and industrial, the cyber-threat landscape is growing faster than individuals' ability to keep up. Comcast's biennial take on consumer cyber health, the 2022 Xfinity Cyber Health Report, found that there are an average of 15 connected devices per household, up 25% from 2020 - with "Power users" having as many as 34.

The European Commission last week proposed rules governing the use of Advance Passenger Information in a bid to strengthen border security. Airlines, she said, less formally share Advance Passenger Information [PDF] - flight details and passenger passport data collected by airlines upon check-in.

In the same report, 60% of survey respondents acknowledged that they were struggling to recruit cybersecurity talent, 52% said it was hard to retain the security talent that they had and 67% said that the shortage of qualified cybersecurity employees was generating risk for their companies. The confluence of these factors makes enterprise security - and being able to maintain it with on-staff security professionals - a major priority for CIOs in 2023.

Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. Found and reported by Microsoft principal security researcher Jonathan Bar Or, the security flaw is now tracked as CVE-2022-42821.

Here's a look at how cybercrime will evolve in 2023 and what you can do to secure and protect your organization in the year ahead. With the rapid modernization and digitization of supply chains come new security risks. The introduction of new technology around software supply chains means there are likely security holes that have yet to be identified, but are essential to uncover in order to protect your organization in 2023.

The number of open source vulnerabilities that Mend identified and added to its vulnerability database in the first nine months of 2022 was 33 percent greater than the first nine months of 2021, reflecting both the growth in the number of published open-source packages and the acceleration of vulnerabilities. The report's representative sampling through January to September 2022 of approximately 1,000 North American companies found that only 13 percent of vulnerabilities seen were remediated, compared with 40 percent remediated by those using modern application security best practices.