Articles about cybersecurity

Most experts predict a quantum computer capable of breaking RSA and ECC encryption will be developed within the next decade. Virtually all of today’s security systems utilize RSA and ECC algorithms, which means the window to defend against quantum-powered attacks is rapidly closing.

The National Institute of Science and Technology (NIST) has developed new post-quantum cryptography algorithms that are secure against quantum computing attacks. These standards were released in August 2024. With new standards finalized, companies must act now to begin migrating to PQC.

Continue reading →

The number of malicious web requests rose by 53.2 percent in the first half of 2024, compared to the same period last year according to a new study.

The report from German cybersecurity company Myra finds that for the first quarter of 2024, the number of malicious requests on websites, online portals and web APIs increased by 29.8 percent compared to 2023. In the second quarter, the growth was even more pronounced at 80 percent.

Continue reading →

A new report from insurance provider Coalition finds that that ransomware claims severity spiked by 68 percent in the first half of 2024 to an average loss of $353,000.

While high ransomware demands have come back into vogue, funds transfer fraud (FTF) has also seen a notable decrease in both frequency (two percent) and severity (15 percent).

Continue reading →

Organizations are facing an ever-growing volume of risk alerts spread across multiple, disconnected top-10 dashboards. This fragmented view can result in conflicting analyses, duplicate work, missed threats, and strategies that fail to fully protect the organization.

Cloud-based security firm Qualys is addressing this with the launch of a new Risk Operations Center (ROC) with Enterprise TruRisk Management (ETM) that enables CISOs and business leaders to manage cybersecurity risks in real time, transforming fragmented, siloed data into actionable insights that align cyber risk operations with business priorities.

Continue reading →

Google has announced a new partnership with the Global Anti-Scam Alliance (GASA) and the DNS Research Federation (DNS RF) to launch Global Signal Exchange (GSE), a new project with the ambition to be a global clearinghouse for online scams and fraud bad actor signals.

This collaboration combines the strengths of each partner: GASA's extensive network of stakeholders, the DNS Research Federation's robust data platform with already over 40 million signals, and Google's experience in combating scams and fraud.

Continue reading →

New research reveals that 90 percent of successful attacks against GenAI have resulted in the leakage of sensitive data.

The report from Pillar Security, based on real-world analysis of more than 2,000 AI applications, shows 20 percent of jailbreak attack attempts successfully bypassed GenAI application guardrails and adversaries needed an average of just 42 seconds to execute an attack.

Continue reading →

The US banking industry has seen a significant uptick in cyberattacks, particularly in phishing and spoofing, and tactics are becoming increasingly advanced due to AI.

New research from BforeAI analyzed 62,074 domains registered between January and June 2024 with finance-related keywords. Of those registered domains, 62 percent were found to be involved in phishing attacks targeting legitimate entities via spoofing websites.

Continue reading →

New research shows companies are pouring an increasing number of resources into their security awareness and training programs, with 96 percent of respondents allocating it between five percent to 20 percent of their security budgets.

But the research from CultureAI, based on a survey by Opinion Matters of 200 UK-based cyber security teams at organizations with over 1000 employees, finds that while 78 percent train employees at least monthly human-related breaches are still happening at an alarming rate.

Continue reading →

With the current climate of new and more sophisticated cybersecurity products, greater risk and pressure on budgets, it's more important than ever to ensure that they get the best return on their investments.

We spoke to Karthik Swarnam, chief security and trust officer at ArmorCode, to discuss the best practices to ensure ROI from security investments.

Continue reading →

It might sound like a Chinese secret society, but a new report warns that a 'toxic cloud triad' of publicly exposed, critically vulnerable and highly privileged cloud workloads is putting almost four in 10 organizations at risk.

Security gaps caused by misconfigurations, risky entitlements and vulnerabilities combine to dramatically increase cloud risk according to the Tenable Cloud Risk Report.

Continue reading →

A new survey, which polled 200 CISOs from companies with annual revenues exceeding $500 million, highlights growing concerns across a number of areas.

The study from Portnox finds worries around the effectiveness of zero trust, the limitations of multi-factor authentication (MFA), and a looming threat to job security amidst an increasingly complex cybersecurity landscape.

Continue reading →

Though organizations and their users have greatly benefited from hybrid environments and SaaS applications, dispersed workforces have also created unforeseen risks that are increasingly difficult to secure.

The average enterprise user has more than 50 passwords not protected by single sign-on (SSO), each representing a point of risk if not properly monitored and secured.

Continue reading →

A new report from Abnormal Security reveals a rise in targeted email compromise attacks on the healthcare sector.

Vendor email compromise (VEC) attacks on the sector have consistently trended upward, recording a 60 percent increase between August 2023 and August 2024. The sector's reliance on long-term vendor relationships is being exploited through VEC, where cybercriminals impersonate trusted vendors to bypass traditional email security and trick employees.

Continue reading →

Ransomware attacks target industries across the board, but they're of particular concern in the healthcare sector where an attack can mean not only data is at risk but lives too.

We spoke with Amitabh Sinha, chief strategy officer and co-founder of Workspot, to discuss the productivity and patient care aspects of these attacks as well as how modern ransomware recovery strategies can help to ensure mission-critical operations can continue, even during an attack.

Continue reading →

Browser Guard, the free browser extension from Malwarebytes, has added some new features aimed at enhancing users' privacy and protecting their identity online.

Users will now receive a pop-up alert if a website they visit was involved in a recent breach, offering the ability to click and scan their digital footprint to evaluate if private information was exposed.

Continue reading →