TuxCare | Breaking Cybersecurity News | The Hacker News

Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack.  As usual, everyone cried "foul play" and suggested that proper cybersecurity measures should have been in place. And again, as usual, it all happens a bit too late. There was nothing special or unique about the attack, and it wasn't the last of its kind either. So why are we, in IT, still happily whistling into the wind and moving along as if nothing happened? Is everyone's disaster recovery plan really that good? Are all the security measures in place – and tested? Let's Do a Quick Recap (of What You Should Be Doing) First, cover the basics. Perform proper user training that includes all of the usual: password hygiene, restrictions on account sharing, and clear instructions not to open untrusted emails or to access unscrupulous w

Old technology solutions – every organization has a few of them tucked away somewhere.  It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago.  This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went under, then there's no longer any support for the software – which means that the accounting solution only works on some older operating system that isn't supplied with updates either. How valuable is it to  keep older solutions like this running ? Well, organizations don't enjoy running old legacy systems just for the pleasure of it, but they're often forced to keep them running because it's their only option, or at least the only cost-effective option available to them. If it works, it works…? From a purely functional perspective, there is usually no problem with old te

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

As IT professionals, we all reach a certain point in our IT career where we realize that some of our everyday tasks are done the same way year after year without anyone questioning why it's done that way. Despite the constant change and improvement in technology, some things just get done the same ineffective way without any real thought behind it because "that's the way it's always been done." A typical example: patching Month in, month out, a day comes along that is dedicated to patching.  Patching may be more automated than before because you no longer need to log into each system to patch and reboot tediously. It's a step forward, but the patching process remains the same.  Patching is disruptive, slow, error-prone, and rarely fast enough to keep up with new vulnerabilities. Why disruptive? We all know that every time a maintenance window comes along, Bob from accounting will remind everyone how "the company's IT is going to mess up our week

Not too long ago, there was a clear separation between the operational technology (OT) that drives the physical functions of a company – on the factory floor, for example – and the information technology (IT) that manages a company's data to enable management and planning.  As IT assets became increasingly connected to the outside world via the internet, OT remained isolated from IT – and the rest of the world. However, the spread of Industrial IoT (IIoT) as well as the need for constant monitoring and tracking information from manufacturing and assembly lines mean the connection between IT and OT systems has greatly expanded. OT is no longer isolated. OT is now just as exposed to the outside world as IT is. What does this mean for OT security, where hard-to-access devices needed for 24/7 production are difficult to patch? Let's take a look. The Air Gap Is Gone Not so long ago, any data exchange between IT and OT operated via a "sneaker net." An operator would p

A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go.  It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do. But is it a silver bullet for all your cybersecurity problems? No. There's no easy, technology-driven fix for what is really cybersecurity's biggest challenge: the actions of human beings.  It doesn't matter how state-of-the-art your best defenses are. Perimeter firewalls, multi-tiered logins, multi-factor authentication, AI tools – all of these are easily rendered ineffective when Bob from a nondescript department clicks on a phishing link in an email. This isn't news to anyone We've all heard this before. The fact that humans are a key flaw in cybersecurity strategy is hardly news –

What on earth were they thinking? That's what we – and other security experts – were wondering when content giant Patreon recently dismissed its entire internal cybersecurity team in exchange for outsourced services. Of course, we don't know the true motivations for this move. But, as outsiders looking in, we can guess the cybersecurity implications of the decision would be inescapable for any organization. Fire the internal team and you take a huge risk Patreon is a content-creator site that handles billions of dollars in revenue. For reasons unknown to us, Patreon fired not just a couple of staff members or someone in middle management. No: the company fired its entire security team.  It's a big decision with significant consequences because it results in an incalculable loss of organizational knowledge. At the technical level, it's a loss of soft knowledge around deep system interdependencies that internal security experts will just "know" about and ac

SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example. A major security breach or, say, consistent problems in achieving development goals signals to organizations that the existing development framework doesn't work and that something new is needed. But what exactly is SecDevOps, why should you embrace it – and how can you do it more easily in practice? The fundamentals of SecDevOps By itself, SecDevOps is not just one single improvement. You may see it as a new tool, or set of tools, or perhaps a different mindset. Some might see SecDevOps as a culture. In reality, it's all of those factors wrapped into a new approach to development that's intended to put security first. SecDevOps rely on highly reproducible scenarios, touching on topics such as system

Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology. Resolving these conflicts is a must, but it isn't always easy – though sometimes there is a novel solution that helps. In IT management there is a constant struggle between security and operations teams. Yes, both teams ultimately want to have secure systems that are harder to breach. However, security can come at the expense of availability – and vice versa. In this article, we'll look at the availability vs. security conflict, and a solution that helps to resolve that conflict. Ops team focus on availability… security teams lock down Operations teams will always have stability, and therefore availability, as a top priority. Yes, ops teams will make security a priority too but only as far as it touches on either stability or availability, never as an absolute goal. It plays out in the "five nines" uptime goal that sets an incredibly high

Progress powers technology forward. But progress also has a cost: by adding new capabilities and features, the developer community is constantly adjusting the building blocks. That includes the fundamental languages used to code technology solutions. When the building blocks change, the code behind the technology solution must change too. It's a challenging and time-consuming exercise that drains resources. But what if there's an alternative? The problem: reading code someone else wrote Let's take a step back and take a look at one of the fundamental challenges in development: editing someone else's code. Editing code you just wrote, or wrote a couple of weeks ago, is just fine. But editing your own code written years ago – never mind someone else's code - that's a different story. In-house code style rules can help but there are always odd naming conventions for variables and functions, or unusual choices for algorithms. Arguably, a programmer's abilit

Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance. In this article, we'll outline why, particularly given the current climate, war exclusion clauses are increasingly rendering ransomware insurance of reduced value – and why your organization should focus on protecting itself instead. What is ransomware insurance In recent years, ransomware insurance has grown as a product field because organizations are trying to buy protection against the catastrophic effects of a successful ransomware attack. Why try to buy insurance? Well, a single, successful attack can just about wipe out a large organization, or lead to crippling costs –  NotPetya alone led to a total of $10bn in damages .  Ransomware attacks

Common cybercriminals are a menace, there's no doubt about it – from bedroom hackers through to ransomware groups, cybercriminals are causing a lot of damage. But both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups such as the famous hacking groups and state-sponsored groups. In fact, these tools can prove almost impossible to detect – and guard against. BVP47 is a case in point. In this article, we'll outline how this powerful state-sponsored malware has been quietly circulating for years, how it so cleverly disguises itself, and explain what that means for cybersecurity in the enterprise. Background story behind BVP47 It's a long story, fit for a spy novel. Earlier this year, a Chinese cybersecurity research group called Pangu Lab published an in-depth, 56-page report covering a piece of malicious code that the research group decided to call BVP47 (because BVP was the most common string in

Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don't mitigate these risks are vulnerable to attack.  In this article, we outline how containers contributed to agile development, which unique security risks containers bring into the picture – and what organizations can do to secure containerized workloads, going beyond DevOps to achieve  DevSecOps . Why did containers catch on so fast? Containers are, in many ways, the evolution of virtualization. The goal was to speed up the development process, creating a more agile route from development through to testing and implementation – a method that's more lightweight than using full-blown virtual machines, anyway. At the core of this issue is application compatibility, as applications require certain versions of libraries – which could clash with the requirements of other applications. Container

Unless you are living completely off the grid, you know the horrifying war in Ukraine and the related geopolitical tensions have dramatically increased cyberattacks and the threat of even more to come. The Cybersecurity and Infrastructure Security Agency (CISA) provides guidance to US federal agencies in their fight against cybercrime, and the agency's advice has proven so valuable that it's been widely adopted by commercial organizations too. In February, CISA responded to the current situation by issuing an unusual " SHIELDS UP! " warning and advisory. According to CISA, "Every organization—large and small—must be prepared to respond to disruptive cyber incidents." The announcement from CISA consisted of a range of recommendations to help organizations and individuals reduce the likelihood of a successful attack and limit damage in case the worst happens. It also contains general advice for C-level leaders, as well as a tip sheet on how to respond to r

How well do your Linux security practices stack up in today's challenging operating environment? Are you following the correct processes to keep systems up-to-date and protected against the latest threats? Now you can find out thanks to research independently conducted by the Ponemon Institute. The research sponsored by  TuxCare  sought to understand better how organizations are currently managing the security and stability of their Linux-based systems. The results allow all organizations operating Linux-based systems to benchmark their processes against their peers and best practices. You can get a copy of the complete report  HERE  if you can't wait to see the findings, but we've highlighted the key takeaways below if you'd like a preview. Research Goals  Understanding the current State of Enterprise Linux Security Management has never been more imperative. The number of high and critical vulnerabilities continues to grow each year significantly, and exploits aga

Between a series of recent high-profile cybersecurity incidents and the heightened geopolitical tensions, there's rarely been a more dangerous cybersecurity environment. It's a danger that affects every organization – automated attack campaigns don't discriminate between targets. The situation is driven in large part due to a relentless rise in vulnerabilities, with tens of thousands of brand-new vulnerabilities discovered every year. For tech teams that are probably already under-resourced, guarding against this rising tide of threats is an impossible task. Yet, in the battle against cybercrime, some of the most effective and most sensible mitigations are sometimes neglected. In this article, we'll outline why cybersecurity risks have escalated so dramatically – and which easy wins your organization can make for a significant difference in your cybersecurity posture, right now. Recent major cyberattacks point to the danger Cyber security has arguably never been mo