Last year saw a 34.5 percent year-on-year increase in reported data breach incidents, with over 17 billion records compromised according to a new report from Flashpoint.

This trend looks set to continue as the first two months of 2024 alone saw a massive 429 percent spike in stolen or leaked personal data compared to the same period in the previous year.

Continue reading →

A new report reveals that 67 percent of businesses routinely synchronize most of their users’ passwords from their on-premises directories to their cloud counterparts. This poses substantial security risks by creating a gateway for attackers to hack these environments from on-prem settings.

The report from Silverfort shows that in the rush to the cloud security gaps stemming from legacy infrastructure, misconfigurations, and insecure built-in features create pathways for attackers to access the cloud, significantly weakening a company's resilience to identity threats.

Continue reading →

A new report shows that 95 percent of IT leaders say that cyberattacks are more sophisticated than ever and they are unprepared for this new wave of threat vectors.

The survey, of more than 800 IT and security leaders around the world, from Keeper Security reveals that firms are witnessing AI-powered attacks (51 percent), deepfake technology and supply chain attacks (both 36 percent), cloud jacking (35 percent), Internet of Things (IoT) attacks and 5G network exploits (both 34 percent), and fileless attacks (24 percent).

Continue reading →

Despite cybersecurity threats being on the rise, many small and medium businesses (SMBs) still lack basic security measures, according to AI security company Cyber Upgrade.

It's no secret that hackers target smaller businesses due to inadequate cybersecurity safeguards, as most underestimate the associated risks as well as lacking the resources of larger enterprises.

Continue reading →

Detections for malicious email forwarding rules have risen by nearly 600 percent in 2023, as adversaries compromised email accounts, redirected sensitive communications to archive folders and other places users are unlikely to look, and attempted to modify payroll or wire transfer destinations, re-routing money into the criminal’s account.

This is one of the findings in the latest Threat Detection Report from Red Canary. Half of the threats in top 10 leverage malvertising and/or SEO poisoning, occasionally leading to more serious payloads like ransomware precursors that could lead to a serious attack if not detected.

Continue reading →

Over 70 percent of respondents to a new survey say they feel their current security stack is highly effective against image-based and QR code phishing, however, 76 percent report being compromised by these types of attacks within the past year.

The study of 300 IT and security professionals across a variety of industries and geographies, from Osterman Research for IRONSCALES, shows almost 93 percent of IT and security professionals are aware of image-based phishing attacks targeting their organizations, and nearly 79 percent say the same about QR code attacks.

Continue reading →

Towards the end of last year the American Airlines pilot union was hit with a ransomware attack. This is just one of a growing number of attacks targeting the aviation sector.

What makes the aviation industry such an attractive target and how can it protect itself? We spoke to Marty Edwards, deputy CTO for OT/IoT at Tenable, to find out.

Continue reading →

A new report shows that 66 percent of organizations in the UK experienced at least one successful phishing attack in 2023 compared to 91 percent the previous year.

However, the study from Proofpoint shows the negative consequences of attacks have soared, with a 30 percent increase in reports of financial penalties, such as regulatory fines, and a 78 percent increase in reports of reputational damage.

Continue reading →

Attacks targeting the business logic of APIs made up 27 percent of attacks in 2023, a growth of 10 percent since the previous year. Account takeover (ATO) attacks targeting APIs also increased from 35 percent in 2022 to 46 percent in 2023.

This is among the findings of a new report from Imperva which shows API traffic constituted over 71 percent of web traffic last year. While there are benefits of APIs in allowing seamless connectivity, enhancing online experiences, and driving innovation, their widespread adoption leads to new security challenges.

Continue reading →

Cloud intrusions increased by 75 percent overall last year as adversaries set their sights on the cloud through the use of valid credentials.

This is one of the findings of the 2024 CrowdStrike Global Threat Report released today. It notes an increase in interactive intrusions and hands-on-keyboard activity (60 percent) as adversaries increasingly exploit stolen credentials to gain initial access at targeted organizations.

Continue reading →

New research from Malwarebytes reveals that employees are being tricked into downloading remote monitoring and management tools like AnyDesk to open up back doors to corporate networks.

In a standard phishing technique potential victims are targeted via an email or SMS message, personalized to match their roles within the organization. The link in the email goes to what looks like a legitimate bank website with a link to open a chat support session.

Continue reading →

A new report from HP Wolf Security shows cybercrime groups are using professional advertising tools to optimize their malware campaigns and convince users to take the bait.

The report identifies the DarkGate campaign which uses ad tools to sharpen attacks. Malicious PDF attachments, posing as OneDrive error messages, direct users to sponsored content hosted on a popular ad network. This leads to DarkGate malware which hands backdoor access to cybercriminals into networks, exposing victims to risks like data theft and ransomware..

Continue reading →

A new report from Picus Security looks at real-world malware samples and identifies the most common techniques leveraged by attackers.

It identifies a surge in 'hunter-killer' demonstrating a shift in adversaries' ability to identify and neutralize advanced enterprise defenses such as next-gen firewalls, antivirus, and EDR. According to the report, there has been a 333 percent increase in malware that can actively target defensive systems in an attempt to disable them.

Continue reading →

Data is the lifeblood of modern business and enterprise resource planning (ERP) systems are where it's likely to live. ERP software integrates data and business functions across departments like finance, manufacturing, marketing, sales and more, and of course this makes it an attractive target for cyber criminals.

So what threats do ERP systems face and what can enterprises do to defend against them? We spoke to Kellie Synder, CCO of Onapsis, to find out.

Continue reading →

According to new research from International Data Corporation (IDC) and Exabeam, 57 percent of companies experienced significant security incidents in the last year that needed extra resources to address.

North America experienced the highest rate of security incidents (66 percent), closely followed by Western Europe (65 percent), then Asia Pacific and Japan (APJ) (34 percent).

Continue reading →