Articles about cybersecurity

The truth about cybersecurity is that it’s almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry becomes increasingly sophisticated and their technology more advanced.

Once a hacker has broken through an organization’s defenses, it is relatively easy to move within the network and access information without being detected for days, and even months. This is a significant concern for Banking and Financial Services organizations, which house valuable sensitive and Personally Identifiable Information (PII). The goal of cybersecurity is to minimize the risk and the impact of a breach. Understanding the adversary’s mindset and activity is central to this.

Continue reading →

Over the past year, more than 50 percent of organizations have experienced at least one security incident involving ICS/OT systems. Among the top vulnerabilities exploited are internet-accessible devices (33 percent) and transient devices (27 percent), often used to bypass traditional defenses.

A new report from the SANS Institute, in partnership with OPSWAT, shows that while 55 percent of organizations reported increased ICS/OT cybersecurity budgets over the past two years, much of that investment remains heavily skewed toward technology, with limited focus on operational resilience.

Continue reading →

New research from Darktrace finds that 78 percent of CISOs say that AI-powered threats are having a significant impact on their organizations, a five percent increase from 2024.

There's more confidence about dealing with them though, more than 60 percent now say that they are adequately prepared to defend against these threats, an increase of nearly 15 percent year-on-year.

Continue reading →

Inconsistent adoption of DMARC standards is leaving 60 percent of US healthcare organizations that have already reported breaches exposed to a second attack.

The study from Red Sift looks at breaches reported to the US Department of Health and Human Services (HHS) during 2023-2024 shows that of 101 companies analyzed, 61 percent remain unprotected, with 33 having no DMARC policy and 28 lacking any data on DMARC.

Continue reading →

Certificates are an important part of security for organizations but they're not without risks. These include certificates with long lifespans (one in every 13 certificates have lifespans over two years), certificates without key usage (one in every 25 certificates), certificates with negative serial numbers (one in every 27 certificates), and unsanctioned domain usage.

Keyfactor is launching a Command Risk Intelligence which will visibility into every certificate in use and helps teams proactively identify and mitigate certificate-related risks before they disrupt business operations.

Continue reading →

A new report shows that 87 percent of companies in the US and UK have, or are in the process of, rolling out passkeys with goals tied to improved user experience, enhanced security, and compliance.

The research from the FIDO Alliance, along with underwriters Axiad, HID, and Thales, finds 47 percent report rolling out a mix of device-bound passkeys on physical security keys and/or cards and passkeys synced securely across the user's devices.

Continue reading →

Third-party risk has emerged as a dominant driver of cyber insurance claims and material losses in 2024, according to new data from leading cyber risk solutions company Resilience.

Cyber insurance claims data shows that third-party risk, including ransomware and outages affecting vendors, accounted for 31 percent of all claims in 2024. Even more startling, third-party risk led to claims with incurred losses for the first time ever, making up nearly a quarter (23 percent) of incurred claims in 2024 (compared to none in 2023).

Continue reading →

The latest Reveal survey from Infragistics into development concerns shows security (51 percent), AI code reliability (45 percent), and data privacy (41 percent) among their biggest software development challenges for 2025.

AI continues to be a major focus, with 73 percent of tech leaders citing expanding the use of AI within organizations as their top priority for 2025.

Continue reading →

Ransomware attacks reached record levels throughout 2024 according to the latest State of Ransomware report from BlackFog.

LockBit, one of the most prominent ransomware gangs in recent years, remained the most active ransomware variant through 2024 affecting 603 victims. May was the busiest month, with nearly 200 attacks launched, accounting for 36 percent of all attacks that month.

Continue reading →

A surge in API adoption, driven by the need for organizations to modernize infrastructures and unlock new revenue streams, is contributing to the rise in API security risk according to a new report.

The study from Salt Security finds 99 percent of respondents encountered API security issues within the past 12 months and 55 percent slowed the rollout of a new application due to API security concerns.

Continue reading →

The total number of web DDoS attacks surged 550 percent last year compared to 2023, according to the latest report from Radware.

The average duration of network DDoS attacks increased 37 percent over 2023, with North America facing 66 percent of web application and API attacks.

Continue reading →

While many organizations have solutions in place to identify patchable CVEs, non-patchable security issues such as misconfigurations continue to provide threat actors with consistent access points to exploit organizations.

We spoke to Jason Mar-Tang, field CISO at Pentera, to discuss the challenge of non-patchable security issues vs. CVEs, what makes them so much more difficult to identify, the challenges of remediation, and what standards organizations should implement to tackle this challenge.

Continue reading →

Analysis of 965 commercial codebases across 16 industries during 2024 by Black Duck Software finds 86 percent contain open source software vulnerabilities and 81 percent high- or critical-risk vulnerabilities.

Black Duck's Open Source Security and Risk Analysis (OSSRA) report also shows that the number of open source files in an average application has tripled from around 5,300 in 2020 to more than 16,000 in 2024.

Continue reading →

More than ever enterprises are turning to Linux solutions. But while the open source OS has a good reputation for security that doesn't mean that it’s invulnerable and it's important to stay on top of updates and patching.

Seal Security is launching Seal OS, a holistic solution designed to automatically fix vulnerabilities in both Linux operating systems and application code.

Continue reading →

A new report predicts a record-breaking 41,000 to 50,000 new Common Vulnerabilities and Exposures (CVEs) this year, based on data from the National Vulnerability Database (NVD).

The forecast, from the Forum of Incident Response and Security Teams (FIRST), suggests an 11 percent increase compared to 2024, and a whopping 470 percent increase compared to 2023.

Continue reading →