Ransomware operators rely on three key supports to enable them to target organisations en masse, and kicking away just two of these will be a huge win for the security community in its fight back, Chris Krebs, the former director of the United States Cybersecurity and Infrastructure Security Agency (CISA), has told an audience […]

Microsoft’s September Patch Tuesday update arrived on schedule late on 13 September, and this month contained five critical common vulnerabilities and exposures (CVEs) and one actively exploited zero-day, among a total of 64 bug fixes. The zero-day, tracked as CVE-2022-37969, is a privilege elevation vulnerability in Windows Common Log File System Driver. It affects […]

About $7tn worth of transactions will be processed by non-financial services businesses through embedded finance in the US by 2026, according to research. This doubling in the value of transactions made using financial services embedded in platforms was revealed in a Bain & Company and Bain Capital research report, which mirrors research in Europe […]

The UK’s Financial Conduct Authority (FCA) has revealed evidence of a dramatic and ongoing surge in the number of distributed denial of service (DDoS) attacks against the financial sector, with a quarter of the incidents notified in the first six months of this year involving DDoS, compared to 4% in 2021. The data was […]

The death last week of Queen Elizabeth II at the age of 96, following a 70-year reign, has drawn global attention and may yet draw the focus of cyber criminal elements exploiting the historically significant event to spread phishing emails and other scams, according to the National Cyber Security Centre (NCSC). The NCSC, part […]

By What is data masking? Data masking is a method of creating a structurally similar but inauthentic version of an organization’s data that can be used for purposes such as software testing and user training. The purpose is to protect the actual data while having a functional substitute for occasions when the real data is […]

What is a computer worm? A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems. A computer worm duplicates itself to spread to uninfected computers. It often does this by exploiting parts of an operating system that are automatic and invisible […]

It takes an average of just three steps for a threat actor to infiltrate a target cloud environment and get to its “crown jewel” assets, and as a result, vast numbers of organisations are now experiencing cloud security incidents, with at least 80% reporting a “severe” incident in the past 12 months. This is […]

With world-class research institutes in artificial intelligence (AI), Sweden keeps up with all the latest ideas – and sometimes even steps out ahead. But blue-sky research doesn’t always lead to practical solutions that can be used by industry. That’s where AI Sweden plays a key role.  An important first step in the development of […]

Researchers at Secureworks’ Counter Threat Unit (CTU) have warned of a new and potentially serious vulnerability affecting the pass-through authentication (PTA) hybrid identity authentication method used in Azure Active Directory (AD). PTA is one of three authentication options used for hybrid identities in Azure AD, the others being password-hash synchronisation (PHS) and identity federation. […]