Ian Barker

More than half of respondents (53 percent) to a new survey say their existing cybersecurity solutions do not effectively address website impersonation attacks, and 41 percent say their existing solutions only partially protect them and their customers.

The study from Memcyco, based on research from Global Surveyz, finds just six percent of brands claim to have a solution that effectively addresses these attacks despite 87 percent of companies recognizing website impersonation as a major issue and 69 percent admitting to having had these attacks carried out against their own website.

Continue reading →

A new Dark Side of GenAI report from Immersive Labs looks at 'prompt injection' attacks, in which individuals input specific instructions to trick chatbots into revealing sensitive information, potentially exposing organizations to data leaks.

Using data gathered from a public prompt injection challenge the report finds a worrying 88 percent of participants successfully tricked the GenAI bot into giving away sensitive information in at least one level of an increasingly difficult challenge.

Continue reading →

Last year saw more mass compromise events arising from zero-day vulnerabilities (53 percent) than from older vulnerabilities for the first time since 2021.

The latest Attack Intelligence Report from Rapid7 also shows mass compromise events stemming from exploitation of network edge devices have almost doubled since the start of 2023, with 36 percent of widely exploited vulnerabilities occurring in network perimeter technologies. More than 60 percent of the vulnerabilities Rapid7 analyzed in network and security appliances in 2023 were exploited as zero-days.

Continue reading →

The financial sector in the UK is under constant attack and that it is grappling to keep pace with ever-evolving cyber threats, according to a new report from security awareness training company KnowBe4.

The frequency of ransomware attacks on the financial sector in the UK doubled in 2023, showcasing an alarming escalation. Phishing and Business Email Compromise (BEC) remain the top threats to organizations including financial institutions.

Continue reading →

Concern around deepfakes has been growing for some time and new research released by ISMS.online shows deepfakes now rank as the second most common information security incident for UK businesses and have been experienced by over a third of organizations.

The report, based on a survey of over 500 information security professionals across the UK, shows that nearly 32 percent of UK businesses have experienced a deepfake security incident in the last 12 months.

Continue reading →

The job of the CISO is becoming increasingly complex, with new rules around security and compliance, disclosure requirements following incidents, and more.

We spoke to John Morello, CTO of Gutsy, a company which was the first to apply process mining to security, to find out how things are changing and how CISOs should respond.

Continue reading →

For banks, know-your-customer (KYC) measures amount to 40 percent of all anti money laundering (AML) compliance costs, totaling $5.7 million each year. This sum is tiny, however, compared to what is paid for non-compliance. In 2022, global fines for inadequate AML grew by 50 percent, almost reaching $5 billion.

We spoke to Vaidotas Šedys, head of risk management at web intelligence platform Oxylabs, to discover that KYC-related challenges are not just faced by banks but are an issue for proxy and web scraping service providers too.

Continue reading →

If you have an Android phone you'll no doubt be aware of the risk that unwanted trackers can access your data while you're using third-party apps or browsing the web.

If you're worried about being tracked though there is an alternative in the form of /e/OS which has a focus on privacy and can be can be flashed on numerous Android devices to replace Google's ubiquitous OS. Today sees the release of V2 of /e/OS which offers further privacy controls, tools and improved user interface.

Continue reading →

It can seem like securing systems is all about new threats and zero-day issues. But research from exposure management platform CyCognito shows that older issues can still be a problem.

It shows two percent of organizations have assets still vulnerable to Log4j. What's more over 50 percent of attempted patches require multiple rounds of validation before the patch is successful, often because of incomplete or inaccurately followed remediation instructions -- effectively prolonging the exposure window.

Continue reading →

Over half of CISOs believe generative AI is a force for good and a security enabler, whereas only 25 percent think it presents a risk to their organizational security according to a new survey.

The survey of the ClubCISO community, in collaboration with Telstra Purple, highlights CISOs' confidence in generative AI in their organizations.

Continue reading →

Platform-as-a-Service (PaaS) provider Rafay Systems is launching new capabilities for its enterprise PaaS for modern infrastructure to support graphics processing unit- (GPU-) based workloads.

This makes compute resources for AI instantly usale by developers and data scientists but still with the enterprise-grade protections.

Continue reading →

New research from Tenable reveals that 95 percent of 600 organizations surveyed suffered a cloud-related breach in the previous 18 months.

An additional 29 percent reported the breach caused 'significant' harm, which is defined as any adverse consequences to someone or an organization if the confidentiality of PII were breached.

Continue reading →

The use of sensitive data for business is crucial. The growing amount of sensitive data stored in cloud infrastructure and applications creates an increasing and constantly evolving data risk landscape for organizations.

The main cause of risk is how broadly this data is shared within and outside the organization, and how it is being used by users, services, or other applications. We spoke to Liat Hayun at Eureka Security about how this risk can be addressed while still allowing safe use and storage of data.

Continue reading →

The frequency of application attacks is rising as cybercriminals continue to prey on the increasing reliance on web, mobile and desktop apps, according to a new report.

Digital.ai's 2024 Application Security Threat Report looks at data about threats identified from monitoring applications under active protection. The likelihood of an app being attacked rose eight percent year-on-year, with gaming apps and financial services apps facing the highest risk of attack at 76 percent and 67 percent respectively.

Continue reading →

A new report from Jumio shows 72 percent of consumers worry about being fooled by deepfakes on a daily basis.

Based on a survey by Censuswide of more than 8,000 adult consumers, split evenly across the UK, US, Singapore and Mexico, it finds only 15 percent of consumers say they've never encountered a deepfake video, audio or image before, while 60 percent have encountered a deepfake within the past year.

Continue reading →