Articles about Security

The transition from 2024 to 2025 brings a lot of uncertainty, speculation, and hopefully some optimism for the world of data privacy.

As technology continued to innovate, securing data grew more complex and consumers grew more concerned over how their information was being used. Regulatory changes are coming soon, with several states providing their own data privacy standards in anticipation of a shifting focus within the U.S. federal government, creating an important inflection point to set the tone for the future of data privacy and security.

Continue reading →

If you’ve got BitLocker enabled on your computer and you’re seeing unexpected error messages, you can take some comfort in knowing that you are not alone -- and also that Microsoft is aware of the issue.

The problem affects some systems with TPMs (Trusted Platform Module), and it results in a message being displayed that reads: “For your security, some settings are managed by your administrator”.

Continue reading →

While making much of the end of support for Windows 10, practically begging users to move on to Windows 11, Microsoft is sending out some confusing signals. The company has announced that the new Outlook for Windows will be forcibly installed on the aging operating system.

Somewhat unusually, the app will be pushed out as part of February’s security updates. This is likely to lead to mixed reactions; some people will be unhappy at having software installed against their will, while others will be pleased to get something new and more secure.

Continue reading →

Having agreed to pay out $95 million to settle a lawsuit alleging Siri recorded private conversations without consent, Apple has doubled down on its assertion that it has done nothing  wrong.

In a statement entitled “Our longstanding privacy commitment with Siri”, the company stresses it is committed to protecting user privacy. Referring specifically to Siri as “the most private digital assistant”, Apple insists that it “has never used Siri data to build marketing profiles, never made it available for advertising, and never sold it to anyone for any purpose”. 

Continue reading →

Organizations are caught up in a whirlwind of AI adoption, whilst struggling to ensure their security standards can match up. And as the rush to integrate AI into business processes continues into 2025, the time to safeguard its deployment is now.

To-date much of the security discussion around AI has focused on protecting against AI-powered threats. However, an overlooked aspect of AI security lies in the internal workings of AI systems, notably the hidden layers in machine learning models. Understanding the evolving threats to these internal structures is crucial to ensuring the safety and integrity of organizations seeking a security foothold in the current storm of AI adoption.

Continue reading →

Microsoft is vocal about the importance of ensuring that Windows users have all of the latest security updates installed, and rightly so. Now the company has warned that using certain installation media to install Windows 11 24H2 could result in not being able to receive any further security updates.

The root cause of the problem has not been revealed as Microsoft is still investigating, but the issue can occur when using media such as CDs or USB drives to install the latest version of Windows 11. While the cause is not known, and there is no specific fix, there is a workaround.

Continue reading →

With the threat landscape becoming increasingly sophisticated, companies need agile approaches to improve their defenses and mitigate risks. After all, hackers are adapting their strategies and introducing new tools and technologies to improve their success rates. The resulting rise in cyber-attacks is evident in Xalient’s latest research report ‘Why SASE is the Blueprint for Future-proofing Your Network in 2025 and Beyond’, where  a staggering 99 percent of respondents say they have experienced an attack in the last 12 months.

It is no surprise that cyber security is gaining attention from across the C-suite, with 58 percent of CEOs considering cyber-attacks a very big threat to business operations, as PwC's 25th CEO Survey finds. With security moving further up the boardroom agenda, security teams are under greater scrutiny as they work to safeguard the company, its data and its employees. But what are the biggest security challenges and how can security teams improve the security posture of their organisations?

Continue reading →

Apple looks ready to continue its foray into the smart home market with a new doorbell to rival Amazon’s Ring. Driven by Face ID, Apple’s upcoming device is set to be more than just a doorbell -- facial recognition will be used to unlock the door as well.

But if you are looking for a smart doorbell right now, Apple may not be the choice for you. The company’s work is said to be in the preliminary stages, with products unlikely to emerge until at least the tail end of 2025, but likely some time in 2026.

Continue reading →

Critical national infrastructure (CNI) has had a rough 2024 in the UK when it comes to cybercrime. From the chaos caused by a teenager who hacked into TfL to the dangerous impact on the NHS after the Synnovis breach. And let us not forget the ongoing fallout from the Sellafield breach in December 2023.

These are just a few of the notable cases of a much wider problem, with Bridewell finding that 60 percent of UK CNI organizations experiencing at least one ransomware attack over the past 12 months.

Continue reading →

In 2024, opposing nation-states have utilized cyberattacks to project power and disruption from within their own borders. This shift has been epitomized by the rise of the “Axis of Upheaval,” dominated by the CRINKs nations -- China, Russia, Iran, North Korea -- who share a common reliance on using cyberattacks to wreak havoc in an affordable manner.

Whether it’s North Korea using ransomware to generate revenue for its isolated regime, or Russia focusing on disrupting and eroding public trust in democratic institutions, each state is finding its niche to cause harm. Despite these varied goals and techniques, it’s the same sectors again and again in the crosshairs. Whether it’s CNI, healthcare, or finance, these organizations now must protect against a wide range of attack styles and techniques.

Continue reading →

As we navigate an increasingly digital landscape, the threats posed by cybercriminals are evolving at an alarming pace. The latest predictions highlight a future where AI-driven technologies, particularly deep fakes, will become more sophisticated, making it challenging for individuals and organizations to distinguish between genuine and malicious entities.

This article explores three critical predictions regarding the future of cyber threats: the rise of hyper-realistic deep fakes, the escalation of browser-based ransomware attacks targeting essential infrastructure, and the growing risk of insider threats in remote work environments. Understanding these trends is crucial for developing effective strategies to safeguard against the next wave of cybercrime.

Sophisticated AI-Driven Deepfakes Will Bypass Traditional Security Measures

Continue reading →

There are still various obstacles in the way of updating to Windows 11 24H2, but Microsoft has just removed one of them. Until now, systems with a USB scanner that used the eSCL scan protocol were blocked from installing the update, but this block has now been lifted.

This is not all that is to be found in the update, of course. There is a somewhat controversial switch to a shortened date format in the taskbar as well as a batch of important security fixes.

Continue reading →

Despite decades of technological advancement, email remains the predominant attack vector for cybercriminals, with estimates suggesting that 80-90 percent of cyberattacks originate through email channels. While the cybersecurity industry has made significant strides in other areas, many businesses continue to rely on outdated email security measures that leave them vulnerable to increasingly sophisticated threats. This protection gap demands immediate attention from IT leaders.

Traditional secure email gateways (SEGs) like Mimecast and Proofpoint have served as the backbone of organizational email security for years. Similar to how traditional firewalls operate at network perimeters, these gateways excel at blocking known threats through signature-based detection and basic filtering rules. However, just as modern network security has evolved beyond simple perimeter defenses, email security requires a more sophisticated approach.

Continue reading →

In an era when successful hacks are now an inevitability, too many organizations have a false sense of security when it comes to their data. Unfortunately, cyber criminals are ready and willing to take advantage of this complacency.

Gone are the days when CISOs could simply focus on building up frontline cyber defenses alone. Today’s cyber adversaries are using AI technologies like ChatGPT to augment and elevate the sophistication and effectiveness of their attacks on an industrial scale. Whether that’s automating how they scan for vulnerabilities or initiating highly adaptive attacks that can evade traditional perimeter security measures.

Continue reading →

0patch has revealed a 0day vulnerability that affects all desktop versions of Windows as well as Windows Server. In all, a staggering 21 different editions of Windows have the security issue which is described as a URL File NTLM Hash Disclosure vulnerability.

The security patching firm has reported the issue to Microsoft but -- as has been the case in the past -- the Windows-maker has yet to produce a fix. Stepping up to fill the void, 0patch has released free micropatches for all affected versions of Windows.

Continue reading →