Continuous Monitoring and Protection
Do you put yourself at greater risk for successful attacks by making one of these security mistakes? How much of your personal time do you spend online? The answer may be a lot more than you think. One recent study estimated that Brits spend five hours on average each day glued to their screens, not including work time. It found that those aged 16-24 spend over 2,500 hours per year on Instagram alone. In fact,…
Read MoreSurvey finds SMBs, weary of security failures, curious about detection and response How a company sees its digital security preparedness is critical. Conservative companies might follow the crowd, implementing a necessary minimum to ensure nominal security, and perhaps that’s the right choice for their business. Margins could be tight, or growth might not call for an outsized security budget. Maybe digitization has spared their business segment or processes more than others. In contrast, perhaps growth…
Read Moreby Paul Ducklin Remember those Exchange zero-days that emerged in a blaze of publicity back in September 2022? Those flaws, and attacks based on them, were wittily but misleadingly dubbed ProxyNotShell because the vulnerabilities involved were reminiscent of the ProxyShell security flaw in Exchange that hit the news in August 2021. Fortunately, unlike ProxyShell, the new bugs weren’t directly exploitable by anyone with an internet connection and a misguided sense of cybersecurity adventure. This time,…
Read Moreby Paul Ducklin No sooner had we stopped to catch our breath after reviewing the latest 62 patches (or 64, depending on how you count) dropped by Microsoft on Patch Tuesday… …than Apple’s latest security bulletins landed in our inbox. This time there were just two reported fixes: for mobile devices running the latest iOS or iPadOS, and for Macs running the latest macOS incarnation, version 13, better known as Ventura. To summarise what are…
Read MoreAn analysis of the numerous LDAP queries that Russian cyberespionage group APT29 had made to the Active Directory system has led to the discovery of a vulnerability in Windows’ ‘credential roaming’ functionality. Also referred to as Cozy Bear, the Dukes, and Yttrium, APT29 is a Russian cyberespionage group likely sponsored by the Russian Foreign Intelligence Service (SVR). The group is believed to be responsible for multiple high-profile attacks, including the 2016 targeting of the Democratic…
Read Moreby Paul Ducklin Here’s an important thing to remember about jurisprudential arithmetic, where two negatives definitely don’t make a positive: stealing money from someone who originally acquired it through criminal means doesn’t “cancel out” the criminality. You can still go to prison for a very lengthy stretch, and here’s one way. Remember Silk Road? Not the actual road, or more properly, the web of East-West trading routes linking China to the Middle East and Europe…
Read MoreSecurity posture management startup Veriti has emerged from stealth mode with $18.5 million raised in two funding rounds led by Insight Partners and NFX and AMITI. Founded in 2021, the Tel Aviv-based company seeks to help organizations improve their security posture by proactively and continually hunting for and addressing security gaps and misconfigurations across the entire business environment. Veriti says it has designed its Unified Security Posture Management platform based on feedback from CISOs and…
Read MoreLet’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants…
Read MoreMake sure that the device that’s supposed to help you keep tabs on your little one isn’t itself a privacy and security risk We’ve probably all read horror stories online: a parent is woken in the middle of the night by strange noises coming from their child’s bedroom. They open the door, only to find a stranger “talking” to their baby through the monitor. While rare, such cases do happen from time to time. Smart…
Read Moreby Paul Ducklin Well-known cybersecurity researcher Fabian Bräunlein has featured not once but twice before on Naked Security for his work in researching the pros and cons of Apple’s AirTag products. In 2021, he dug into the protocol devised by Apple for keeping tags on tags and found that the cryprography was good, making it hard for anyone to keep tabs on you via an AirTag that you owned. Even though the system relies on…
Read More