Articles about cybersecurity

A new report from OpenText finds that collaboration and coordination taking place between nation-states and cybercrime rings to target global supply chains and further geopolitical motives has become a signature trend in the threat landscape.

Russia has been seen to collaborate with malware-as-a-service gangs including Killnet, Lokibot, Ponyloader and Amadey, while China has entered into similar relationships with the Storm0558, Red Relay, and Volt Typhoon cybercrime rings, typically to support its geopolitical agenda in the South China Sea.

Continue reading →

Sharing is caring so the saying goes, but that shouldn't apply quite so much when applied to sensitive data. A new report from CybSafe shows 38 percent of employees admit to sharing sensitive information without the knowledge of their employer.

The study of over 7,000 individuals across the United States, UK, Canada, Germany, Australia, India and New Zealand, reveals workers are more connected than ever, with 53 percent of participants stating they're always online.

Continue reading →

Traditional processes for ensuring employees have the right levels of access to systems have come under strain and become harder to manage because of the spread of cloud-based software.

A new AI-powered identity governance and administration (IGA) platform from Zilla Security aims to tackle the long-standing challenge of managing hundreds of roles or group membership rules to ensure organizations give users job-appropriate access.

Continue reading →

Cybercriminals are increasingly adopting a 'mobile-first' attack strategy to infiltrate enterprise systems by targeting weak, unsecured, and unmanaged mobile endpoints, recognizing mobile as a major entry point to corporate networks and sensitive data.

A new report from Zimperium zLabs shows a significant rise in mobile phishing -- or 'mishing' -- a technique that employs various tactics specifically designed to exploit vulnerabilities in mobile devices.

Continue reading →

It's usually the case that cybersecurity is seen as being all about technology and that humans -- making mistakes and falling for social engineering -- are something of a liability.

But are people really just a problem or can they also be part of the solution? Toney Jennings, CEO of DataStone, believes we need to shift our thinking away from the current paradigm to empowering people as a hidden asset in the protection of their organization. We talked to him to find out more.

Continue reading →

The latest threat insights report from HP Wolf Security has identified a new campaign using malware believed to have been written with the help of GenAI.

Analysis of the campaign, targeting French-speakers using VBScript and JavaScript, finds the structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables are strong indications that the threat actor used GenAI to create the malware.

Continue reading →

A new global study reveals that 58 percent of people use a username and password to login to personal accounts and 54 percent do so to login to work accounts.

The report from Yubico, based on a study of 20,000 people around the world carried out by Talker Research, reveals a worrying lack of awareness of best practices for authentication. 39 percent think username and password are the most secure and 37 percent think mobile SMS based authentication is the most secure, though both are highly susceptible to phishing attacks.

Continue reading →

The presence of any data relating to an organization on the dark web demonstrably increases its risk of a cyberattack.

This probably won't come as too much of a surprise but it's confirmed by new research from Searchlight Cyber, the dark web intelligence company, and the Marsh McLennan Cyber Risk Intelligence Center.

Continue reading →

A new qualification aims to equip cybersecurity professionals with the skills needed to tackle cybercrime in the age of AI.

Certified Ethical Hacker CEH v13 from EC-Council, a leader in cybersecurity certification, education, and training, provides in-depth training by integrating AI into all five phases of ethical hacking, from reconnaissance and scanning to gaining access, maintaining access, and covering tracks.

Continue reading →

AI has become an undeniable and powerful part of the digital landscape. It makes systems stronger and more automated -- but it also has the potential to present a threat.

Some 80 percent of executives believe deepfakes pose a risk to their business, yet only 29 percent say they have taken steps to combat them. We spoke to Patrick Harding, chief product architect at Ping Identity, to discuss the security threats posed by AI and the need to take steps to properly secure identity by adding additional layers of protection.

Continue reading →

In Not With A Bug, But With A Sticker: Attacks on Machine Learning Systems and What To Do About Them, a team of distinguished adversarial machine learning researchers deliver a riveting account of the most significant risk to currently deployed artificial intelligence systems: cybersecurity threats. The authors take you on a sweeping tour -- from inside secretive government organizations to academic workshops at ski chalets to Google’s cafeteria -- recounting how major AI systems remain vulnerable to the exploits of bad actors of all stripes.

Based on hundreds of interviews of academic researchers, policy makers, business leaders and national security experts, the authors compile the complex science of attacking AI systems with color and flourish and provide a front row seat to those who championed this change. Grounded in real world examples of previous attacks, you will learn how adversaries can upend the reliability of otherwise robust AI systems with straightforward exploits.

Continue reading →

Over half of C-suite and other executives (51.6 percent) expect an increase in the number and size of deepfake attacks targeting their organizations' financial and accounting data in the next year.

A new Deloitte poll shows that increase could impact more than one-quarter of executives in the year ahead, as those polled report that their organizations experienced at least one (15.1 percent) or multiple (10.8 percent) deepfake financial fraud incidents during the past year.

Continue reading →

According to a new survey, 84 percent of organizations in the enterprise sector spotted a cyberattack within the last 12 months, compared to only 65 percent in 2023.

The study from Netwrix shows the most common security incidents are phishing, user or admin account compromise, and ransomware or other malware attack.

Continue reading →

The latest threat detection data from Red Canary shows that Atomic Stealer -- an infostealer that targets credentials, payment card data, keychain details, and cryptocurrency wallet information on macOS devices -- has entered the top 10 threats.

Other notable appearances include Scarlet Goldfinch -- an 'activity cluster' that uses fake browser updates to trick users into downloading a legitimate remote management and monitoring tool that can be abused to deploy malicious software -- and ChromeLoader -- a malicious browser extension that reads and hijacks browser traffic to redirect it to specific sites, likely to conduct pay-per-click advertising fraud.

Continue reading →

A survey of 800 security decision-makers across the US, UK, Germany and France reveals that 92 percent of security leaders have concerns about the use of AI-generated code within their organization.

In spite of these concerns though the study from Venafi finds 83 percent of organizations use AI for coding and open source software is present in 61 percent of applications.

Continue reading →