Organizations rely on APIs to make their systems easily accessible across platforms. However, new APIs are typically less protected and less secure. New research from Wallarm shows the average time for a new API to be found by attackers is just 29 seconds.

The research used a honeypot to look at API activity and in its first 20 days in November the lngest time taken for a new API to be discovered was 34 seconds.

Continue reading →

Despite the rise of other means of communication email remains the most commonly used. This makes it attractive to cybercriminals as it offers an entry point to businesses and the gateway that employees rely on to do their jobs.

A new report from Abnormal Security highlights the attacks that we’re likely to see in the next year and shows the need for improved defenses, including the use of AI.

Continue reading →

A new study finds 25 percent of respondents have encountered AI-enhanced security threats related to APIs or LLMs, with 75 percent of respondents expressing serious concern about AI-enhanced attacks in the future.

The research from API specialist Kong shows that although 85 percent say they're confident in their organization's security capabilities, 55 percent of respondents have experienced an API security incident in the past year, highlighting a notable disconnect.

Continue reading →

A new report shows that 96 percent of attacks conducted by a leading pro-Russian hacktivist group targeted Europe this year, with attackers focusing on influencing public perception and trust over direct technical disruptions.

Based on research and data from more than 135,000 security events in 160 countries, the Security Navigator report from Orange Cyberdefense also reveals that hacktivists were responsible for 23 percent of cyberattacks that directly targeted OT and 46 percent of these attacks resulted in a 'manipulation of control.'

Continue reading →

Historically, security metrics have focused on measuring how many attacks are successful and how long it takes for a successful attack to be detected. This is perhaps unsurprising since the bulk of the industry has focused on building tools to detect adversaries.

We spoke to Nicko van Someren, chief technology officer at Absolute Security, to learn why companies focusing purely on defense can create more risk for their organizations, and why instead of focusing on 'time to detection,' it's time to reset security metrics to focus on 'time to recovery.'

Continue reading →

Thanksgiving, Black Friday, Cyber Monday, and Christmas bring millions of shoppers online with attractive discounts and limited time offers, but of course they also create ideal conditions for cybercriminals to exploit unwary bargain hunters.

A new report from Fortinet's FortiGuard Labs looks at the evolving threat surface of eCommerce, highlighting how cybercriminals are leveraging Remote Code Execution (RCE) exploits, Man-in-the-Middle (MITM) phishing kits, sniffers, and website cloning services to manipulate online transactions and gain access to steal sensitive data.

Continue reading →

Cyberattackers are targeting holidays and weekends to cause maximum disruption, yet many businesses remain underprepared outside of standard working hours.

A new report from Semperis, based on a survey of almost 1,000 cybersecurity professionals, shows that 86 percent of surveyed organizations in the US, UK, France and Germany that were attacked were targeted during a holiday or weekend.

Continue reading →

Automated bot attacks targeting social media platforms have surged in the lead-up to the US presidential election, with the sector accounting for 28 percent of all attacks in Q3, up from just three percent in Q1.

The latest identity fraud report from AU10TIX shows an increasing industrialization of identity fraud, with bad actors launching automated mega-attacks using thousands of false identities targeting payments, crypto and social media companies all over the world.

Continue reading →

The manufacturing industry is the most affected by cyber attacks, accounting for over 25 percent of all incidents, across the top 10 industries, of which 45 percent are malware attacks.

According to a new report from security awareness training company KnowBe4 the industry has become increasingly attractive to cybercriminals in recent years due to its interconnected nature, having a low tolerance for downtime, and valuable intellectual property stored in its databases, which could save competitors millions if obtained.

Continue reading →

Data from a recent survey conducted by RSA Conference shows that 72 percent of Fortune 1000 CISOs say they have already seen threat actors using generative AI against their organization.

AI-generated phishing emails are the top threat, with 70 percent of CISOs reporting that they've observed highly tailored phishing emails targeting their business Other top GenAI threats include vishing (37 percent), automated hacking (22 percent), deepfakes (21 percent) and misinformation (17 percent).

Continue reading →

The number of malicious web requests rose by 53.2 percent in the first half of 2024, compared to the same period last year according to a new study.

The report from German cybersecurity company Myra finds that for the first quarter of 2024, the number of malicious requests on websites, online portals and web APIs increased by 29.8 percent compared to 2023. In the second quarter, the growth was even more pronounced at 80 percent.

Continue reading →

A new report from insurance provider Coalition finds that that ransomware claims severity spiked by 68 percent in the first half of 2024 to an average loss of $353,000.

While high ransomware demands have come back into vogue, funds transfer fraud (FTF) has also seen a notable decrease in both frequency (two percent) and severity (15 percent).

Continue reading →

New research reveals that 90 percent of successful attacks against GenAI have resulted in the leakage of sensitive data.

The report from Pillar Security, based on real-world analysis of more than 2,000 AI applications, shows 20 percent of jailbreak attack attempts successfully bypassed GenAI application guardrails and adversaries needed an average of just 42 seconds to execute an attack.

Continue reading →

A new report from Abnormal Security reveals a rise in targeted email compromise attacks on the healthcare sector.

Vendor email compromise (VEC) attacks on the sector have consistently trended upward, recording a 60 percent increase between August 2023 and August 2024. The sector's reliance on long-term vendor relationships is being exploited through VEC, where cybercriminals impersonate trusted vendors to bypass traditional email security and trick employees.

Continue reading →

A new report from Red Canary finds 87 percent of respondents have been impacted by a security incident they were unable to detect and neutralize in the past year, resulting in data compromise, outages, fines, audit failures and reputational damage.

Based on a study of 700 cybersecurity leaders it finds 73 percent say their attack surface has widened in the past two years, by an average of 77 percent, with 64 percent admitting to having knowledge deficits around securing new technologies.

Continue reading →