Security News

In this Help Net Security interview, Doug Madory, Director of Internet Analysis at Kentik, discusses the FCC's proposal requiring major U.S. ISPs to implement RPKI Route Origin Validation, and addresses concerns about the impact on smaller ISPs and the global implications of U.S.-mandated changes. Regulatory mandates on BGP security could impose significant burdens on smaller ISPs, particularly regarding their ability to adapt to emerging security standards.

CrowdStrike has hired two outside security firms to review the Falcon sensor code that sparked a global IT outage last month - but it may not have an awful lot to find, because CrowdStrike has identified the simple mistake that caused the incident. The update went through the usual development and testing, and then CrowdStrike pushed a new "Template Type" including the IPC-related info to its Falcon sensors in a "Channel File" numbered 291.

Elastic Security Labs has lifted the lid on a slew of methods available to attackers who want to run malicious apps without triggering Windows' security warnings, including one in use for six years. The research focused on ways to bypass Windows SmartScreen and Smart App Control, the go-to built-in protections against running potentially nasty software downloaded from the web in Windows 8 and 11 respectively.

Data visibility also helps organizations gain insight into what data is sensitive, where that data resides, and protect it appropriately, which enables security teams to prioritize security controls and allocate resources appropriately. Minimizing the MTTD ensures that even though data and its use constantly changes, organizations have the ability to detect when their security posture on sensitive data is impacted.

A previously undocumented Android malware named 'LightSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. [...]

Recent investigations into the cyber security preparedness of Australian Federal Government agencies have found gaps in the public sector's readiness for cyber security attacks or major data breaches, contributing to a focus in 2024 on improving their cyber readiness. More Australia coverage AUSTRAC, Services Australia show cyber security deficiencies.

Both telecommunications provider Optus and private health insurer Medibank suffered large-scale data breaches affecting tens of millions of Australians, leading to heightened regulatory and business focus on cyber security in the years since. More Australia coverage Australia's privacy regulator alleges serious Medibank cyber security failures.

Research suggests there will be just 250m users of AI enabled applications and services this year, a number which will double by 2027 and hit 1bn by 2029 as companies find new, more innovative ways to harness the technology. While the number of native AI applications currently available is around 2,000, a lot more are in the pipeline.

In this post, we're going to look at some of the ways Material Security's unique approach to email security and data protection can dramatically-and quantifiably-save your security teams hours each week while improving the effectiveness of your security program. Just like your department has a budget that limits how much money you can spend on people and tools, your security teams have a limit to the amount of time they can devote to responding to threats on any given day.

Today's phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years.