Articles about cybersecurity

Automated bot attacks targeting social media platforms have surged in the lead-up to the US presidential election, with the sector accounting for 28 percent of all attacks in Q3, up from just three percent in Q1.

The latest identity fraud report from AU10TIX shows an increasing industrialization of identity fraud, with bad actors launching automated mega-attacks using thousands of false identities targeting payments, crypto and social media companies all over the world.

Continue reading →

Modernizing identity systems is proving difficult for organizations due to two key challenges, decades of accumulated identity and access management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs).

A new report from Strata Identity and the Cloud Security Alliance (CSA) finds incompatibility with non-standard, legacy applications is a barrier to deploying advanced application authentication for 71 percent of respondents, further highlighting the issue of technical debt with 54 percent of respondents citing it as their top hurdle when modernizing their IAM architecture.

Continue reading →

According to a new report, 80 percent of registered web domains that resemble a Global 2000 brand do not actually belong to that brand.

The report from enterprise-class domain registrar CSC shows that of the homoglyph (look-alike fake) domains owned by third parties other than the Global 2000 brand owners, 42 percent have MX records (email exchange records) compared with 40 percent in 2023. These MX records can be used to send phishing emails or to intercept email.

Continue reading →

With the EU's NIS2 directive now starting to roll out, aiming to achieve a high level of cybersecurity across member states, a new survey commissioned by Veeam shows the significant impact implementation is having on businesses.

The study, carried out by Censuswide, reveals that while 68 percent of companies report receiving the necessary additional budget for NIS2 compliance, 20 percent identify budget as being a significant barrier to achieving compliance.

Continue reading →

A new survey from Norton shows that 60 percent of UK holiday shoppers say they are swayed by good holiday deals and nearly two-thirds (61 percent) give away their personal information to receive a discount when shopping.

The study reveals that 70 percent of Brits have tried to secure discount codes, through means like signing up to a website's mailing list or answering a survey. 61 percent of those who tried to secure discounts admit to divulging their personal information to do so.

Continue reading →

Digital services, including Generative AI, rely heavily upon Application Programming Interfaces (APIs) to access and relay data. But securing these conduits can be difficult so is this a problem that AI could help solve?

We spoke to James Sherlow, systems engineering director, EMEA, at Cequence Security, to find out how Generative AI might be used to address API security.

Continue reading →

Account takeover attacks have increased 24 percent in the second quarter of 2024 compared to the same period last year, according to AI-powered anti-fraud platform Sift.

Account takeovers accounted for losses of almost $13 billion in 2023. To combat the problem Sift’s latest quarterly product update feature an enhanced solution to protect businesses from ATO fraud throughout the entire consumer journey.

Continue reading →

Software supply chain attacks have increasingly made the headlines in recent years. They occur when attackers change the code in third-party software components in order to compromise the applications using them.

These attacks can be used to steal data, corrupt systems or move laterally through networks. We spoke to Ansh Patnaik, chief product officer at CyCognito, to learn more about this type of attack and how to combat it.

Continue reading →

Last year Google launched its Secure AI Framework (SAIF) to help people safely and responsibly deploy AI models.

Today it's adding to that with a new tool that can help others assess their security posture, apply these best practices, and put SAIF principles into action.

Continue reading →

Most cyberattacks are carried out using compromised credentials, but it can be hard for businesses to know if their information has been leaked.

In order to make it easier to discover leaked data, Quadrant Information Security is launching a free Dark Web Reports service offering insights into compromised credentials and leaked information and actionable advice on how to address them.

Continue reading →

While businesses understand that third-party JavaScript tags collect information, only 13 percent are confident they understand what information they collect and only 26 percent are aware that tags can leak their private user data to other organizations.

A new report from the Jscrambler platform for client-side protection, with research conducted by Dimensional Research, shows 97 percent of respondents say they know that third-party tags collect sensitive or private information regularly.

Continue reading →

Many executives are concerned about their employees' level of cyber risk awareness, with a new survey showing that 70 percent believe their employees lack critical cybersecurity knowledge, up from 56 percent in 2023.

The study, of 1,850 executives across 29 countries, from Fortinet also shows that over 60 percent of respondents expect more employees to fall victim to attacks in which cybercriminals use AI.

Continue reading →

A new report reveals that 90 percent of SaaS applications and 91 percent of AI tools within enterprises remain unmanaged, suggesting a widespread vulnerability that continues to grow.

The study from Grip Security highlights the limitations of traditional security strategies in combating 'SaaS risk creep' the number of SaaS applications used in an enterprise increased by 40 percent over the last two years.

Continue reading →

A new report from Sysdig highlights the growing cost and scale of cloud attacks and the evolution of tactics being used by attackers.

Among the findings are that over $100,000 is lost per day to AI resource jacking. It hasn't taken long for threat actors to leverage stolen cloud access to exploit large language models (LLMs), as illustrated by an LLMjacking attack that left one victim on the hook for $30,000 in just three hours. Left unchecked, an LLMjacking operation can cost more than $100,000 per day.

Continue reading →

In an ever more interconnected world facing growing numbers of cyberattacks, it's critical to ensure that technology systems are resilient in order to keep people safe.

Google has announced that it's signed up to the CISA's Secure by Design pledge, a voluntary commitment to specific security goals.

Continue reading →