Researchers find critical flaws in SecurEnvoy SecurMail, patch now!

If you’re a user of SecurEnvoy SecurMail and you haven’t yet implemented the latest patch, do so now – or risk getting your encrypted emails read by attackers. The warning comes from SEC Consult researchers, who discovered a number of vulnerabilities in the product that break its core security promises. They found seven CVE-assigned flaws, including […]

Insecure by design: What you need to know about defending critical infrastructure

Patching security vulnerabilities in industrial control systems (ICS) is useless in most cases and actively harmful in others, ICS security expert and former NSA analyst Robert M. Lee of Dragos told the US Senate in written testimony last Thursday. The IT security “patch, patch, patch” mantra has little application to industrial control systems, where legacy equipment is […]

Exim vulnerability opens 400,000 servers to remote code execution

If you’re using the Exim mail transfer agent on your Internet-connected Unix-like systems and you haven’t yet upgraded to version 4.90.1, now is the time to do it as all previous versions contain a vulnerability that can be exploited to achieve remote code execution. The buffer overflow vulnerability in the base64 decode function of Exim […]

Hacking Back & the Digital Wild West

The Internet is a modern day Wild West. Individuals, businesses, and governments face extraordinary challenges protecting themselves in the digital Wild West, and history has shown that law enforcement is under-resourced to tackle all but the most pressing criminal cases. What’s the answer? U.S. Congressional Representatives Tom Graves and Kyrsten Sinema are proposing legislation — the Active Cyber […]

A Secure Development Approach Pays Off

News headlines abound with stories of well-known companies falling victim to cyberattacks and data breaches. But there’s a far bigger problem than the headlines would lead you to believe. It’s a problem that is part of the approach that has, so far, been taken to software development, and one that is leaving tiny imperfections deep […]

Equifax says millions more Americans affected by hack than first thought

Equifax has confirmed more Americans are impacted by the cyberattack that targeted the credit rating giant last year than was first revealed. The company said in a statement that an ongoing analysis showed 2.4 million more Americans had their names and partial drivers’ license information stolen, but they were not previously thought to have been affected. The […]

Why Cryptocurrencies Are Dangerous for Enterprises

Whatever the latest hot, new cryptocurrency is — be it bitcoin or one of its quickly sprouting rivals — doesn’t matter: coin mining and trading activities by employees and by hackers is a considerable security problem in the enterprise. Cryptocurrencies and the industries sprouting around them are infecting enterprise desktops and servers with malware, making systems […]

Nearly half of security pros rarely change their security strategy, even after a cyber attack

Nearly half (46 percent) of IT security professionals rarely change their security strategy substantially – even after experiencing a cyber attack. This level of cyber security inertia and failure to learn from past incidents puts sensitive data, infrastructure and assets at risk, according to CyberArk. An overwhelming number of IT security professionals believe securing an […]

The Hapless User: Secure from the inside out

Over the past few years, we’ve seen several high-profile organisations succumb to crippling security breaches. Each incident acts as a reminder that malicious attackers do not discriminate and no organisation is safe, no matter the size or industry. Organisations are starting to wake up and move security higher up the priority list. Companies are beginning to […]

Enabling Better Risk Mitigation with Threat Intelligence

To effectively respond to cyber threats these days you need to have a way to prioritize them. Data from your IDS, IPS, firewalls, routers and other internal hardware and software systems is critical to detecting threats on your network. But the sheer volume of alerts generated by these systems can make it very hard for […]