As we approach the 31st March deadline for compliance with the new PCI DSS 4.0 payment security standard, new data from Cequence Security shows automated fraud is increasing with retailers facing 66.5 percent of all malicious traffic.

Using data from real transactions and attack data from Cequence's Unified API Protection (UAP) platform, the report highlights the growing attack surface cybercriminals exploit in payment infrastructure, loyalty programs, and product pricing systems.

Continue reading →

While Windows remains the most targeted operating system, Linux, once regarded as 'secure by default', has now emerged as the second-most infected OS, according to the 2024 Elastic Global Threat Report.

Linux's expanding use beyond servers has broadened its attack surface. Plus, its open-source nature, while great for developers, can also lead to mistakes and security holes. We spoke to Apu Pavithran, founder and CEO of Hexnode, to find out more about why Linux is being targeted and how it can be defended.

Continue reading →

A new report from Sift reveals an alarming democratization of cybercrime, with 34 percent of consumers seeing offers to participate in payment fraud online, an 89 percent increase over 2024.

The report details how fraudsters openly advertise and sell stolen payment information and fraud services on social media platforms and deep web forums like Telegram, significantly lowering the barrier to entry for anyone to participate in fraudulent activities.

Continue reading →

We're always being encouraged to be greener in our energy usage these days and many people have turned to solar power as a means of doing their bit and reducing their bills.

But the inverter used to convert energy from solar panels to usable household electricity is usually an IoT device and could therefore be vulnerable. New research from Forescout analyzed equipment from six of the top 10 vendors of solar power systems worldwide: Huawei, Sungrow, Ginlong Solis, Growatt, GoodWe, and SMA. It has uncovered 46 new vulnerabilities across three of these inverter vendors, Sungrow, Growatt, and SMA.

Continue reading →

New research shows increasing confidence among developers at large organizations with regards to knowledge gained from security training, but they are still spending a considerable amount of time on security-related tasks.

The study from Checkmarx looks at the current practices of development teams in large enterprises as they work toward more mature states of development, security and operations (DevSecOps).

Continue reading →

Cyber-attacks are becoming increasingly sophisticated and targeted, with the average number of weekly attacks per organization soaring to 1,673 in 2024 -- a 44 percent increase from 2023. In response, researchers and defenders are harnessing AI-powered analytics, anomaly detection and correlation engines to bolster security efforts. It’s an ongoing cat-and-mouse game that makes cyber compromise a question of when rather than if.

Effective defense hinges on resilience and minimizing the attack surface. However, many businesses are finding that traditional point-based solutions are leaving them with gaps in their security posture due to limited tools, skills or resources. There are five key factors that are leading organizations to look for a more sustainable and comprehensive platform-based approach.  

Continue reading →

Popular cloud collaboration and file sharing platforms like Adobe, DocuSign, Dropbox, Canva, and Zoho are being misused in phishing attacks due to their widespread adoption by businesses and individuals.

Research by Cofense finds 8.8 percent of all credential phishing campaigns in 2024 used these websites. Among campaigns exploiting these online document sites 79 percent of all cases containing the domains were credential phishing attacks.

Continue reading →

A new report from Claroty finds that 89 percent of healthcare organizations have medical devices vulnerable to ransomware-linked exploits and insecure internet connectivity.

Based on analysis of more than 2.25 million Internet of Medical Things (IoMT) devices and 647,000-plus OT devices across 351 healthcare organizations, the report finds 99 percent have at least one known exploited vulnerability (KEV) in their networks, while 78 percent of hospitals have OT devices with KEVs, including building management systems, power supplies, and temperature controls.

Continue reading →

With deepfakes getting more sophisticated and harder to detect both organizations and individuals are at risk of falling victim to fraud and phishing attempts.

We spoke to SURF Security CTO, Ziv Yankovitz, to learn more about the increasing threat of deepfakes and best practices that can be used to for combat attacks.

Continue reading →

The latest threat intelligence report from Ontinue finds a 132 percent surge in ransomware attacks, although ransom payments have declined by 35 percent, suggesting a shift in attacker strategies to double down on ransomware efforts.

Among other key trends, the report highlights the rapid rise of Adversary-in-the-Middle (AiTM) attacks, which have become a dominant method for stealing authentication tokens and bypassing multi-factor authentication (MFA).

Continue reading →

Research from VikingCloud finds that a successful cyberattack would force nearly one in five small- and medium-sized businesses to close down.

For nearly a third of SMBs, a cyberattack with relatively small financial impact -- less than $10,000 -- would cause them to shut down, according to the report.

Continue reading →

A new study finds 83 percent of executives now rank supply chain resilience as being as critical as cybersecurity, and many are turning to technology to strengthen their operations.

The research from Cleo shows that to bolster resilience, 47 percent are considering artificial intelligence (AI), recognizing its potential to automate processes, predict disruptions, and enhance decision-making.

Continue reading →

When getting a new smartphone most people focus on features and pricing, while security tends to be overlooked. But as we access the internet more using mobile devices, protecting users' personal information, transactions, and digital identities is vital.

We talked to Tom Tovar, CEO of Appdome, to discuss why mobile security should be at the forefront of consumer and media conversations and why it's currently being neglected.

Continue reading →

A new report from Zscaler reveals a 3,000 percent year-on-year growth in enterprise use of AI/ML tools, highlighting the rapid adoption of AI technologies across industries to unlock new levels of productivity, efficiency, and innovation.

This surge in adoption also brings heightened security concerns though. According to the study enterprises blocked 59.9 percent of all AI/ML transactions, indicating awareness around the potential risks associated with AI/ML tools, including data leakage, unauthorized access, and compliance violations.

Continue reading →

Ransomware attacks are increasingly targeting organizations across industries, with the potential to cause devastating financial, operational, and reputational damage.

We spoke to James Eason, practice lead for cyber risk and compliance at Integrity360, to get his insights into how executive boards can effectively prepare for such incidents.

Continue reading →