Articles about Security

Every organization, sooner or later, writes itself a policy. It gets stapled into onboarding packs and waved about during training, and then quietly forgotten. It’s not that people mean to ignore it. It’s just that rules don’t always make themselves felt when the Wi-Fi’s down or the finance team’s in a rush. But culture -- that’s different. Culture settles into the way people think and work and react. It turns guidelines into instincts. That’s when you know security has taken root.

Understanding this shift often begins with a question: what, exactly, are we securing -- and how do we keep track of it all? Which is where you'll find DSPM explained in any sensible conversation. Data Security Posture Management (DSPM) refers to the ongoing process of identifying, monitoring, and reducing risks across sensitive data. It’s less about locking everything up and more about seeing clearly -- knowing where the data is, who can access it, and what it’s doing. The benefit isn’t just technical; it’s cultural. 

Continue reading →

A vulnerability in the Windows NTLM authentication protocol, which is known to have been actively exploited for at least a month, has been added to the US CISA’s Known Exploited Vulnerabilities Catalog.

While Microsoft deprecated NTLM last year, it remains widely used. Security researchers discovered the hash disclosure spoofing bug, and Microsoft quietly patched it in March. But the creation of a patch is one thing -- having users install it is something else. By adding the vulnerability, tracked as CVE-2025-24054, to its catalog, CISA is raising aware that action needs to be taken.

Continue reading →

For many years, the IT community has consistently emphasized the inherent value and significance of data. Data is one of the greatest resources within a business, even referred to as an organization’s crown jewels, and as a result, has become a vital part of business’ security strategies.

However, as the global interconnectivity of technology continues to grow, securing data and its integrity has become one of the most complex parts of cybersecurity. The driving factor behind this increasing complexity is the broadening use of generative AI (GenAI) and large language models (LLMs), for which training data has largely become the world’s publicly available data.

Continue reading →

Cast your mind back to just last week, and there was the usual chaos of problematic updates from Microsoft. But one of the more peculiar things about one of the updates was the creation an empty folder called inetpub after installing the KB5055523 update for Windows 11.

The appearance of this folder caused confusion, but failed to be explained by Microsoft. Users who were irritated by the folder materializing unbidden simply deleted it without side effects -- but now Microsoft has spoken out. The company says that the folder should not be deleted because it improves system security -- but leaves many questions unanswered.

Continue reading →

When Microsoft first added the AI-powered Recall feature to Windows 11, it could hardly have been expecting the backlash that came from users. Concerns about privacy and security forced the company to delay the rollout of the activity and screen monitoring snapshot tool.

Now Microsoft thinks it has made the improvements required to calm the concerns of those who spoke out very loudly against the tool. A new preview version of Recall is making its way to some users right now.

Continue reading →

There is not long left for Office 2016 in terms of official support from Microsoft, but it felt like adding salt to the wound when a recent update caused Word, Excel and Outlook to stop working.

Microsoft is certainly no stranger to breaking Windows with problematic updates, but with the KB5002700 security update released earlier this week, it was Office 2016 that was affected. So severe were the problems caused, Microsoft has been forced to release an out-of-band fix.

Continue reading →

There can’t be a silver lining without a cloud, and for all of the problems Microsoft managed to fix with the KB5055523 update for Windows 11, there is the small issue of it causing Windows Hello authentication to stop working for some.

While the problem is limited to users who meet fairly narrow criteria, the impact for those affected is significant. If you’re running System Guard Secure Launch or Dynamic Root of Trust for Measurement on Windows 11 and Server 2025, caution is advised.

Continue reading →

The next time you sign into your Microsoft account you may well be greeted by a new look. Microsoft has started the roll out of what it is calling a “new sign in experience” as the company uses its Fluent 2 design language to revamp the UI and UX. For better or worse, this is an attempt to create an “unmistakably Microsoft” look and feel.

The changes affect users of Windows, Xbox, Microsoft 365, and more, and Microsoft predicts that the majority of users will see the new look by the end of April. As part of the redesign, users are being given more choice; there is now a dark mode option.

Continue reading →

Cyber-attacks are becoming increasingly sophisticated and targeted, with the average number of weekly attacks per organization soaring to 1,673 in 2024 -- a 44 percent increase from 2023. In response, researchers and defenders are harnessing AI-powered analytics, anomaly detection and correlation engines to bolster security efforts. It’s an ongoing cat-and-mouse game that makes cyber compromise a question of when rather than if.

Effective defense hinges on resilience and minimizing the attack surface. However, many businesses are finding that traditional point-based solutions are leaving them with gaps in their security posture due to limited tools, skills or resources. There are five key factors that are leading organizations to look for a more sustainable and comprehensive platform-based approach.  

Continue reading →

Security issues in Windows crop up with scary frequency, and most are fixed by Microsoft… eventually. But while the tech giant works out how to patch holes in its buggy operating system, there are -- thankfully -- others who are willing to do the fixing faster.

0patch is a familiar name. It is a firm that, on a subscription basis, provides support and security fixes for versions of Windows that Microsoft has abandoned. It also frequently releases free patches for security issues that Microsoft is yet to fix, and this has just happened again with a fix for a worrying SCF File NTLM hash disclosure 0day vulnerability.

Continue reading →

The vast majority of IT professionals will agree that in cybersecurity, waiting for an attack to happen in order to expose weaknesses is a losing strategy.

As such, many will be well-clued up on the benefits of penetration testing; from demonstrating a commitment to protecting sensitive data and ensuring ongoing compliance with industry regulations, to gaining a clearer understanding of security gaps, and strengthening incident response readiness.

Continue reading →

In the film Sliding Doors, a split second choice leads to two branching stories -- yet while the two stories are very different, they both lead to hospital trips and potential tragedy. The world of cyber security is similar. Whatever decisions we make, we are still under pressure and we will -- eventually, whatever we do -- end up facing significant risk.

Yet how do we show that we are doing a good job? If everything is working, there is nothing to see. Or have we collectively just been lucky to that point? Unless you have an active attack taking place, you can argue that your efforts are enough. But when you only look at a single point in time, it is a challenge to show that you are making a difference and reducing risk.

Continue reading →

2024 ushered in one of the biggest shifts in data security, as cyber threats continued to increase in sophistication by leveraging advancements in AI to outpace traditional defenses. High-profile breaches across all industries continued, uncovering vulnerabilities in even the most robust systems. Meanwhile, the ongoing hybrid work models and migration to cloud-based technologies expanded the attack surface, creating new challenges for protecting sensitive data.

As 2025 rolls on, organizations need to follow best practices that represent a proactive, forward-thinking framework to stay ahead of emerging threats, protect critical data, and maintain the trust of their stakeholders. Here are ten best practices that organizations should consider.

Continue reading →

Do you trust your SaaS vendor with the keys to your kingdom? The agent running on your systems is only as secure as your cloud vendor’s security posture. It’s a security risk that should keep every organization’s IT and security teams up at night.

Many vendors will cite pen testing, bug bounty programs, and certifications like SOC 2 and ISO 27001 as a testament to their security. But the reality is that breaches still happen.

Continue reading →

Firefox users running older versions of the web browser could be in for a really nasty surprise. On March 14, 2025, a critical root certificate will expire. And, if your browser isn’t updated to at least Firefox 128 (or ESR 115.13+ for those using the long-term support version) your add-ons will be disabled. Additionally, streaming services that require DRM may even stop working!

For anyone still using an outdated version on Windows, macOS, Linux, or Android, time is running out to avoid these annoyances. Even those sticking with older operating systems (such as Windows 7, 8, and 8.1, or macOS 10.12–10.14) need to at least update to ESR 115.13+ if they want to keep their add-ons and media playback working.

Continue reading →