Latest news with #ITsecurity
The Sun
3 days ago
- The Sun
Gmail account holders need to follow 5 rules to avoid potentially losing thousands of pounds & causing ‘weeks of stress'
GMAIL account holders need to follow five rules to avoid potentially losing thousands of pounds & causing 'weeks of stress'. The summer months are full of ice-cream, outings, staycations and holidays, but it means people are more likely have their guard down. 7 7 IT Security firm FoxTech have warned that some Brits may be at risk of potentially losing thousands of pounds. With the rise of artificial intelligence, scammers are using more realistic ways to catch people into being scammed. The team at the company explained: "Scammers are fully aware that summer is a time when many people naturally relax their guard. "Whether they're caught up in the excitement of booking a last-minute getaway or simply waiting on a steady stream of online orders to arrive. 'Inboxes become crowded with enticing offers and seemingly routine updates, which is precisely what cybercriminals are counting on to slip past our usual caution." They have provided five ways in which you could avoid a terrible summer and have maximum enjoyment of the delights of summer. Double-check before clicking 7 You must always hover over links to see where they really lead. Some links might be phishing emails which aim to steal your data through what looks like an urgent message. It is advised that you should be as cautious as possible of any message that is trying to rush you into taking action. The team at FoxTech advised: "Inboxes become crowded with enticing offers and seemingly routine updates, which is precisely what cybercriminals are counting on to slip past our usual caution. AI tricks to beat scammers as scam texts, calls and emails surge "Taking just a little extra time to examine the links you're clicking on or to verify who has actually sent a message can ultimately prevent what might otherwise turn into weeks of stress, financial loss and disruption." Delivery updates 7 It is advised that you should verify delivery updates directly with any provider. Many users get texts or messages about alleged delivery parcels, but these may be fake. However, instead of clicking the link you should go to the courier's official website itself to check for updates. How to spot a dodgy app Detecting a malicious app before you hit the 'Download' button is easy when you know the signs. Follow this eight-point checklist when you're downloading an app you're unsure about: Check the reviews - be wary of both complaints and uniformly positive reviews by fake accounts. Look out for grammar mistakes - legitimate app developers won't have typos or errors in their app descriptions. Check the number of downloads - avoid apps with only several thousand downloads, as it could be fake. Research the developer - do they have a good reputation? Or, are totally fake? Check the release date - a recent release date paired with a high number of downloads is usually bad news. Review the permission agreement - this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary. Check the update frequency - an app that is updated too frequently is usually indicative of security vulnerabilities. Check the icon - look closely, and don't be deceived by distorted, lower-quality versions the icons from legitimate apps. All of this information will available in both Apple's App Store and the Google Play Store. Foxtech added: "Scams are evolving rapidly, and what might look like a harmless deal or a routine delivery text could end up draining your bank account or exposing your personal data. "Taking a few extra seconds to verify a message can spare you weeks of stress and financial headaches." Research travel deals 7 Have you ever thought something is too good to be true? Well that's because maybe it is! Scammers like to entice you to click onto harmful links, and one of the ways they do so is through fake travel advert deals. People could find themselves paying hundreds or even thousands of pounds for trips that simply don't exist The team at FoxTech You are advised to check independent reviews of providers and to make sure you confirm website contact details before clicking on anything. Many users are also advised to make sure you are making a booking through an official platform before you pay. The IT firm warned: "People could find themselves paying hundreds or even thousands of pounds for trips that simply don't exist, only to realise they've handed over sensitive personal and payment details to organised cybercriminals." Boarding passes. 7 A nightmare scenario, you board a plane and someone is sitting in your seat. To avoid this, you should never post travel documents online, which includes boarding passes. Make sure to keep your tickets private because the barcode on the ticket may contain personal information. What is phishing? HERE's what you need to know: Phishing is a type of online fraud It's typically an attempt to nab some of your data Phishing generally involves scammers posing as a trustworthy entity For instance, fraudsters could send you an email claiming to be your bank, asking for details Scammers can also set up fake websites that look like real ones, simply to hoodwink you Phishing can take place over email, social media, texts, phone calls and more The best defence against phishing is to be generally sceptical of weblinks and emails, especially if they were unsolicited Multi-factor authentication 7 A second step of security can never hurt! If you use multi-factor authentication, this will add extra protection to your account. Even if your password does get stolen, this extra layer of verification makes things harder for scammers to access your account.
Yahoo
26-07-2025
- Business
- Yahoo
Buy 3 Cybersecurity Stocks to Strengthen Portfolio Security in 2H25
Cybersecurity encompasses comprehensive security measures designed to protect systems, networks and programs from digital attacks. These attacks often aim to access, alter, or destroy sensitive information, extort money from users through ransomware, or disrupt the integrity of normal business operations. This space focuses on companies that offer integrated protection against evolving security threats while simplifying IT security infrastructure. Cybersecurity companies provide solutions to safeguard applications, networks, and cloud computing environments. Their offerings include application-specific integrated circuits, hardware architecture, operating systems, and associated security and networking functions, ensuring robust defenses against cyberattacks. The widespread adoption of artificial intelligence (AI), IoT devices, and increased digitization across both public and private sectors has heightened vulnerabilities and expanded attack surfaces, necessitating the development of advanced security solutions. We recommend three cybersecurity stocks for the rest of 2025 to strengthen your portfolio. These are CyberArk Software Ltd. CYBR, Okta Inc. OKTA and Fortinet Inc. FTNT. Each of our picks carries either a Zacks Rank #1 (Strong Buy) or 2 (Buy). You can see the complete list of today's Zacks #1 Rank stocks here. The chart below shows the price performance of our three picks in the past three months. Image Source: Zacks Investment Research CyberArk Software Ltd. Zacks Rank #1 CyberArk Software is benefiting from the rising demand for cybersecurity and privileged access security solutions due to the long list of data breaches and increasing digital transformation strategies. A strong presence across verticals, such as banking, healthcare, government and utilities, is safeguarding CYBR from the adverse effects of softening IT spending. CYBR's strategic mix shift toward software-as-a-service and subscription-based solutions is driving top-line growth. CyberArk is gaining customer accounts, which contributes to its revenues. The vast customer base presents the company with an opportunity to upsell products within its installed user base. Furthermore, in the last few quarters, CYBR has been able to close a significant number of seven-figure deals. The growing number of large deals in the revenue mix is helpful as it increases deferred revenues and visibility. Moreover, any product refresh brings in additional dollars as every enterprise attempts to keep its threat management infrastructure updated. These factors in turn support CYBR's top line. CyberArk Software has an expected revenue and earnings growth rate of 31.9% and 26.4%, respectively, for the current year. The Zacks Consensus Estimate for current-year earnings has improved 4.9% in the last 60 days. Okta Inc. Zacks Rank #2 Okta operates as an identity partner in the United States and internationally. OKTA offers a suite of products and services used to manage and secure identities, such as Single Sign-On, which enables users to access applications in the cloud or on-premises from various devices. OKTA also provides Universal Directory, a cloud-based system of record to store and secure user, application, and device profiles for an organization. OKTA's Adaptive Multi-Factor Authentication provides a layer of security for cloud, mobile, web applications, and data, while API Access Management enables organizations to secure APIs. Access Gateway allows organizations to extend Workforce Identity Cloud, and Okta Device Access enables end users to securely log in to devices with Okta credentials. OKTA has expected revenue and earnings growth rates of 9.4% and 16.7%, respectively, for the current year (ending January 2026). The Zacks Consensus Estimate for current-year earnings has improved 2.8% over the last 60 days. Fortinet Inc. Zacks Rank #2 Fortinet is benefiting from rising demand from large enterprise customers and growth in the company's security subscriptions. FTNT is also gaining from the robust growth in Fortinet Security Fabric, cloud and Software-defined Wide Area Network offerings. Higher IT spending on cybersecurity is further expected to aid FTNT in growing faster than the security market. We expect 2025 net sales to rise 13.1% from 2024. FTNT has a strong balance sheet that bodes well for investors. The focus on enhancing its unified threat management portfolio through product development and acquisitions is a tailwind for the company. Fortinet has expected revenue and earnings growth rates of 13.3% and 4.6%, respectively, for the current year. The Zacks Consensus Estimate for current-year earnings has improved 0.4% over the last 60 days. Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Fortinet, Inc. (FTNT) : Free Stock Analysis Report CyberArk Software Ltd. (CYBR) : Free Stock Analysis Report Okta, Inc. (OKTA) : Free Stock Analysis Report This article originally published on Zacks Investment Research ( Zacks Investment Research Sign in to access your portfolio
Yahoo
22-07-2025
- Business
- Yahoo
Qualys to Report Second Quarter 2025 Financial Results on August 5, 2025
FOSTER CITY, Calif., July 22, 2025 /PRNewswire/ -- Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced that the company will report its financial results for the second quarter 2025 after the market closes on Tuesday, August 5, 2025. Qualys will host a conference call and live webcast to discuss its second quarter 2025 financial results at 5:00 p.m. Eastern Time (2:00 p.m. Pacific Time) on Tuesday, August 5, 2025. To access the conference call, please register here. A live webcast of the earnings conference call, investor presentation, and prepared remarks can be accessed at A replay of the conference call will be available through the same webcast link following the end of the call. About QualysQualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based Security, Compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings. The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies. Investor ContactBlair KingSenior Vice President, Investor Relations, Financial Planning & Analysis(650) 538-2088ir@ View original content to download multimedia: SOURCE Qualys, Inc. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
National Post
14-07-2025
- Business
- National Post
CSC Research Finds 40% of Enterprises Could Be at Risk of an Outage Due to SSL Expiration
Article content Article content Domain control validation sunsets on July 15, 2025, putting many companies that rely on WHOIS email at risk for service disruption Article content WILMINGTON, Del. — New research from CSC, an enterprise-class domain security provider and world leader in domain management, SSL management, brand protection, and anti-fraud solutions, indicates that as many as 40% of enterprises are at risk of unexpected service outages caused by out-of-date secure sockets layer (SSL) certificates. This threat stems from the reliance on WHOIS-based email addresses for domain control validation (DCV) that will be officially deprecated on July 15, 2025. Article content CSC analyzed over 100,000 global SSL certificate records and found that many organizations still use WHOIS email as their primary method for domain control validation, despite a 2024 vote by the CA/Browser Forum that mandates the deprecation of WHOIS-based validation due to its associated security vulnerabilities. After July 15, 2025, certificate authorities (CAs) will no longer accept WHOIS email for DCV, making alternative validation methods essential for uninterrupted operations. Article content Compounding the issue, 17% of companies surveyed by CSC are unaware of their current DCV method, suggesting a widespread lack of visibility and preparedness within IT and security teams. To mitigate the risk, companies should immediately audit their certificate management workflows and migrate to accepted DCV alternatives such as domain name system (DNS)-based validation or file-based web token methods. Article content 'For years, WHOIS-based email was seen as the easiest, non-technical DCV method. Organizations that have not switched to alternative DCV methods risk serious consequences—from website outages to critical service failures. But the changes don't stop there,' cautions CSC's senior director of Technology, Security Products and Services, Mark Flegg. 'Organizations also need to bear in mind further industry-wide shifts that will take place in the coming years. Any short-term fixes need to be aligned with this long-term trajectory where automation of certificates and DCV will become unavoidable. Organizations absolutely need to start their prep work now.' Article content From March 15, 2026, certificate life cycles will begin to shorten drastically—from 367 days to 200, then 100, and finally just 47 days by 2029. Correspondingly, DCV re-use periods will reduce from 367 to 200, 100, and then just 10 days by 2028. That means enterprises will be facing up to eight certificate renewals per year. With DCV at 10 days, it could mean revalidation every time a certificate needs to be re-issued. Article content To support enterprises through these transitions, CSC offers a comprehensive suite of digital certificate solutions that can tailor to any organization's workflow. Its newly launched Domain Control Validation as a Service (DCVaaS)—available free of charge to its clients—streamlines the validation process, reducing certificate renewal times by up to 99% and alleviating the manual workload for IT teams. Article content To learn more about CSC's DCVaaS and future-proof your digital certificate operations, request a consultation at About CSC CSC is the trusted security and threat intelligence provider of choice for the Forbes Global 2000 and the 100 Best Global Brands (Interbrand®) with focus areas in domain security and management, along with digital brand and fraud protection. As global companies make significant investments in their security posture, our DomainSec SM platform can help them understand cybersecurity oversights that exist and help them secure their online digital assets and brands. By leveraging CSC's proprietary technology, companies can solidify their security posture to protect against cyber threat vectors targeting their online assets and brand reputation, helping them avoid devastating revenue loss. CSC also provides online brand protection—the combination of online brand monitoring and enforcement activities—with a multidimensional view of various threats outside the firewall targeting specific domains. Fraud protection services that combat phishing in the early stages of attack round out our solutions. Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are—and we accomplish that by employing experts in every business we serve. Visit . Article content Article content Article content Contacts Article content Article content
CNA
14-07-2025
- Business
- CNA
Unlocking visibility across complex hybrid environments
Chief information officers (CIOs) and chief information security officers (CISOs) focus on distinct areas – CIOs aim to optimise infrastructure and IT investments, while CISOs manage security risks. However, both face a common challenge: They sometimes lack the broad context required to make informed decisions. 'In many organisations, data remains trapped in siloes, making it difficult to see the full picture,' said Mr Wong Kang Yeong, vice president of sales (Asia Pacific) at Axonius, an asset intelligence platform. In increasingly complex hybrid environments spanning on-premises, cloud and software-as-a-service (SaaS) systems, such visibility is critical for managing performance, cost and risk. Without a unified view, even basic questions – such as whether critical systems have been patched – can be difficult to answer. This is where Axonius comes in. Designed to integrate seamlessly across hybrid environments, the platform consolidates asset data from over 1,200 sources – spanning IT, security, operations and governance – into a single, unified view. By automating the discovery, correlation and reconciliation of asset information, Axonius eliminates blind spots and ensures that every system, device and identity is accurately tracked with full context. This level of visibility is made possible by Axonius' non-intrusive approach, which connects via APIs (application programming interfaces) and read-only credentials to extract asset data from each tool's management consoles. By automating the process and removing the need for manual input, deployment time is significantly shortened. The platform's proprietary data pipeline consolidates and processes this data daily, delivering reliable asset visibility without disrupting existing operations. Beyond aggregating data, Axonius transforms fragmented asset information into actionable intelligence. The platform continuously reconciles discrepancies by leveraging bi-directional integrations and a unified asset model, enriching raw data with contextual insights. This automated correlation allows teams to proactively identify vulnerabilities, compliance gaps and misconfigurations. For instance, Axonius can detect critical servers that are internet-facing, lack endpoint protection and run vulnerable, exploited software. Through integrated case management and workflow automation, the platform triggers alerts, opens remediation tickets with defined service level agreements and even deploys missing security agents or patches. Underpinning this capability is a patented correlation engine that deduplicates and normalises data from disparate systems, weighing factors like source reliability and data freshness to build a trusted foundation for decision-making. 'In the modern digital landscape, the challenge isn't just collecting data; it's making sense of it quickly and accurately,' said Mr David Hoi, director of solutions engineering (Asia Pacific) at Axonius. 'Axonius bridges gaps between diverse tools and departments. Bringing these elements together helps organisations focus their security and operations where it matters most.' This combination of intelligence and automation is why some regional banks have made Axonius a key aspect of their security operations. 'We use Axonius to identify gaps in asset data, security and compliance,' said Mr Patria Indrajaya, head of IT security, Maybank Indonesia. 'It delivers intelligent insights that support timely decisions, playing an important role in our security strategy.' By aligning asset data from security, IT, operations and compliance, Axonius gives every team a shared foundation, enabling each to address issues without duplicating effort or relying on guesswork. The platform supports discovery of over 40 types of assets – including devices, identities, SaaS applications, installed software and certificates – consolidating them into a single interface accessible across the organisation. Purpose-built workspaces and dashboards ensure that CIOs, CISOs and IT operations teams can access the specific insights they need, all from the same trusted dataset. 'Our platform provides granular role-based access controls,' said Mr Hoi. 'This ensures that each team sees exactly what they need – no more, no less – which helps maintain security and operational efficiency.' Whether deployed on-premises or in a local cloud, Axonius helps organisations navigate growing compliance and data sovereignty demands, which is crucial for regulated sectors like finance and healthcare. The platform also offers bespoke configurations to streamline policy enforcement and enable audit readiness. 'We've seen customers complete audits in just one or two weeks, when it used to take months,' noted Mr Wong. 'Having a unified view of all assets makes it significantly easier to generate accurate reports, demonstrate compliance and respond to regulatory requirements.' As IT and security teams grapple with rising demands and limited resources, platforms like Axonius help them work more efficiently. 'Every tool adds noise to data, making it harder to act with confidence,' said Mr Wong. 'Axonius filters out the noise and gives customers the context they need to make the right calls.'
