Articles about Security

The truth about cybersecurity is that it’s almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry becomes increasingly sophisticated and their technology more advanced.

Once a hacker has broken through an organization’s defenses, it is relatively easy to move within the network and access information without being detected for days, and even months. This is a significant concern for Banking and Financial Services organizations, which house valuable sensitive and Personally Identifiable Information (PII). The goal of cybersecurity is to minimize the risk and the impact of a breach. Understanding the adversary’s mindset and activity is central to this.

Continue reading →

ExpressVPN has rolled out a much-needed update for Linux users, finally adding a graphical user interface (GUI) to its VPN app. Yes, folks, a GUI for Linux is only being rolled out in 2025! Better late than never, I suppose.

Until now, ExpressVPN users in Linux were stuck with a command-line interface (CLI), while Windows and macOS users enjoyed a more user-friendly experience. This update brings ExpressVPN more in line with competitors like Surfshark, which has long offered a Linux app with a GUI.

Continue reading →

Mozilla has long positioned itself as a champion of privacy and open-source software, but its latest move really makes me worry that the organization could be drifting away from those values. You see, Mozilla has introduced Terms of Use for Firefox for the first time ever. Additionally, there is an updated Privacy Notice. And while Mozilla frames this as a move toward transparency, the actual terms are raising some major red flags for me.

Mozilla claims these new terms are necessary due to a changing “technology landscape,” yet the fine print tells a far different story. One of the most troubling aspects is that users must grant Mozilla all rights necessary to operate Firefox, including a “nonexclusive, royalty-free, worldwide license” to use information entered through the browser. Mozilla insists this is meant to help users navigate the web, but the vague wording leaves a dangerous amount of room for interpretation. Could this include personal data, saved passwords, or browsing history? Mozilla simply fails to say.

Continue reading →

According to estimates from Goldman Sachs, generative AI (GenAI) will constitute 10-15 percent of cloud spending by 2030, or a forecasted $200-300 billion (USD). The public cloud serves as the perfect vessel for delivering AI-enabled applications quickly, cost-effectively, and at scale. For organizations looking to profit from AI’s potential, the path effectively travels through the cloud.

For cloud security teams on the ground, however, the impact of AI can seem complicated. Understanding the challenges it presents, and the key capabilities it enables, can help them work smarter and more effectively. This article explores the three ways cloud security teams should think about AI to enhance protections, improve efficiency, and address resource constraints.

Continue reading →

Earlier this month, reports emerged that the UK government had pressured Apple, under the Investigatory Powers Act 2016, to create a backdoor into encrypted iCloud data. Unlike targeted access requests tied to specific cases, this demand sought a blanket ability to access users’ end-to-end encrypted files.

Apple was forced to reconsider its Advanced Data Protection service in the UK, and this latest development raises a fundamental question: Why does the debate over encryption backdoors persist despite decades of technological progress and repeated warnings from cybersecurity experts?

Continue reading →

Security firm Kaspersky has suffered a dramatic fall from grace in recent years because of its Russian ties. Around the world, concerns have sprung up that the security software actually poses a security risk.

In the middle of last year, the US government banned the software from being sold in the country -- or even updated for existing users. Following suit, Australia has also announced a ban, citing a "security risk to the Commonwealth". Fears of "foreign interference, espionage and sabotage" were also key factors.

Continue reading →

The internet was conceived to connect the world, and internationalized domain names (IDNs) have certainly helped make that vision a reality. By allowing non-ASCII characters in web addresses, they’ve been pivotal in improving both accessibility and inclusivity.

As with any technological breakthrough, cybercriminals have found a way to turn innovation into exploitation. By using Punycode, a system for encoding IDNs, attackers have been able to create their own deceptive domains to mimic trusted brands and evade traditional security defenses to fool even the most wary users.

Continue reading →

The last round of security updates saw Microsoft release the KB5051987 update for Windows 11. As this patch addresses a number of security issues with the operating system, it is a mandatory update that will be automatically installed for most people.

As we’ve seen time and time again, the automatic installation of security updates is a good thing... until it isn’t. And with the KB5051987 update, there are numerous problems that raise the question of whether it is advisable to have Microsoft pushing out obligatory patches that can wreak havoc.

Continue reading →

Software has become central to our daily lives, with nearly every major company relying on it to operate. We are all increasingly dependent on fault free software for almost everything we do -- whether it’s ensuring trains run on time, accessing websites or using online banking.

Software has evolved into a form of digital public infrastructure, just as vital as physical infrastructure like roads and utilities. Yet, despite its critical role, software largely goes unmonitored and unregulated.

Continue reading →

On the battlefield and in the trenches of entrepreneurship, victory comes to those who dare to think unconventionally and act with precision. As a former Green Beret, I've seen firsthand how the principles of unconventional warfare can translate into the business arena. Both demand team building, strategic thinking, and adaptability in dynamic environments.

Let's break down the seven-phase model of unconventional warfare and see how it can guide a startup from its inception to market dominance.

Continue reading →

Modern enterprises are under fire from all angles. Attackers have become increasingly sophisticated and persistent in how they target enterprise data and systems. But as the threat landscape has evolved and become more complex, one tried and true method for malicious attackers stands out as a weak point for nearly every enterprise attack surface: outdated software. As much as patch management has advanced in recent years, the fact remains that most organizations struggle to deploy patches consistently and effectively, and that leaves systems exposed to cyber attacks.  

Cybercriminals have become quite adept at exploiting unpatched software, using it as an easy entry point into enterprise networks. Malicious actors have developed an incredibly sophisticated understanding of where enterprise weak points are. In fact, most criminal operators have a deeper understanding of enterprise attack surfaces than the security teams tasked with defending them. Enterprise networks often consist of hundreds of thousands of IT assets, and every single unpatched instance represents an opportunity for attackers to compromise data and operations.

Continue reading →

Microsoft has very quietly announced that the VPN feature of its Microsoft Defender security tool is going away for anyone unwilling to part with money.

In a support document entitled “End of support-Privacy protection (VPN) in Microsoft Defender for individuals”, the company gives very short notice for the dropping of the free tool. When the end of February rolls around, the VPN feature will only be available to users paying for a Microsoft 365 Personal or Family subscription. What does all of this mean?

Continue reading →

Take a browse through an app store and you will find that there is no shortage of VPN tools to choose from. But which can you trust?

One of the reasons for using a VPN in the first place is to help keep data safe -- but some tools leak information in ways that run completely counter to this. So how do you know which one you should be using? Google has come up with a new way to help guide users towards the safest options,

Continue reading →

Theft of mobile devices is a crime that is not going away any time soon. Phones are now completely central to so many aspects of life, and the theft (or loss) is about much more than the monetary value of the device itself. There is great potential for a thief to gain access to a wealth of information via a stolen phone.

This is why the security of mobile devices is so important, and it is why Google is taking steps to limit the impact of theft. A new feature that is starting to roll out is Identity Check, which requires the use of biometric authentication whenever your device is in an unknown or untrusted location. The company is also harnessing the power of artificial intelligence for good, using AI-powered tools to detect thefts.

Continue reading →

Microsoft has quietly announced a significant change to the sign in/out process for Microsoft accounts. The change could have massive security implications for many people.

As of next month, when you sign into your Microsoft account, you will remain signed in until you opt to sign out manually. At the moment the (arguably more secure) approach sees users signed out automatically after a period of inactivity, helping to protect anyone using a public computer.

Continue reading →