Articles about cybersecurity

Although software supply chain breaches are increasing, a new study from JFrog finds that only 30 percent of respondents identified the need to address vulnerabilities in their software supply chain as a top security concern.

It also uncovers a disconnect between management and developers. 92 percent of executives claim their organizations possess tools to detect malicious open-source packages, while only 70 percent of developers think the same.

Continue reading →

Fraudulent transactions in the first half of 2024 were up over 73 percent year on year, and suspected fraudulent transactions increased by over 84 percent, according to the 2024 Mid-Year Identity Fraud Review, released today by AuthenticID.

The report also looks at the latest trends including a surge in AI-enabled fraud, as well as the increased use of deepfakes for identity fraud tactics like account takeover attacks and injection attacks.

Continue reading →

Including a number in your password doesn't make it much more secure, does it? If that number is a seven then it just might, according to ProxyScrape.

Strange though it may sound, seven is a rare number in terms of people's preference for it. People naturally gravitate towards using predictable patterns in their passwords. Numbers like 0, 1, and 2 are often overused due to their convenience on both keyboards and number pads. The number 7, however, is less predictable and less frequently used, making it a statistically rare choice.

Continue reading →

Email security tools such as Secure Email Gateways (SEGs) often encode URLs that are embedded in emails. This enables the security appliance to scan the URL before the recipient visits the website.

But when SEGs detect URLs in emails that have already been SEG encoded they don't scan the URL. A new report from Cofense reveals that threat actors are making use of this to avoid detection.

Continue reading →

An overwhelming 91 percent of respondents to a new survey say their security budget is increasing this year, demonstrating a growing recognition of the importance of cybersecurity within organizations.

However, the report from Seemplicity shows organizations report using an average of 38 different security product vendors, suggesting high levels of complexity and fragmentation within their attack surfaces.

Continue reading →

Since ChatGPT's launch in 2022, there's been an explosion of speculative use cases for generative AI in the workforce -- and concern from the cybersecurity community over an unproven, unvetted, and potentially powerful new tool.

How have those concerns played out in the real world? We sat down with Nick Hyatt, director of threat intelligence at Blackpoint Cyber, to hear about the reality of generative AI's risk to the modern workplace.

Continue reading →

A new survey reveals that 73 percent of life sciences companies are turning to artificial intelligence to address the cybersecurity skills gap.

The report from Code42 shows the life sciences sector is at the forefront of artificial intelligence use, with AI tools presenting new opportunities for cybersecurity teams to enable automated detection and response, as well as freeing up the resources to concentrate on strategic tasks.

Continue reading →

Data security company Druva is adding to its platform with a new threat hunting capability that empowers IT and security teams to search their global data footprint for indicators of compromise (IOCs).

The company is also announcing the expanded global availability of Managed Data Detection and Response (Managed DDR), a service that uses a combination of technology and human expertise to proactively monitor customer backups for faster detection of and response to threats.

Continue reading →

Cybercriminals are abusing legitimate URL protection services to hide malicious URLs in phishing emails, according to a new Threat Spotlight from Barracuda Networks.

Researchers have observed phishing attacks taking advantage of three different URL protection services to mask their phishing URLs. The services are provided by trusted, legitimate brands. To date, these attacks have targeted hundreds of companies.

Continue reading →

The Olympic Games begin next week in Paris and cybersecurity company WithSecure is warning that they face a greater risk of cyberattack than ever due to the current state of geopolitical uncertainty.

As the world's biggest sporting event, the Olympics draws potential attacks from both criminal and nation-state threat actors, with various objectives and capabilities.

Continue reading →

Sharing of passwords is a problem. It's reckoned that 43 percent of US internet users share their passwords with others, probably using insecure methods such as messaging, writing them down, or shared documents.

The issue is even worse for businesses, with approximately 69 percent of employees admitting to sharing passwords with colleagues. Good news then is that open-source password manager Proton Pass is launching Secure Links, a new feature enabling users to share items easily and securely with anyone, including non-Proton Pass users.

Continue reading →

The rapid deployment of cloud resources has led to misconfigurations and security risks, leaving security teams scrambling to adapt and secure their businesses following migrations away from traditional on-premises environments.

Despite successfully enhancing prevention and detection in the cloud, organizations now face a significant challenge in assessing the true scope and impact of issues that do arise.

Continue reading →

Surfshark has introduced Alternative Number, an addition to its Alternative ID product suite. This feature provides users with a virtual US-based phone number, accessible through the Surfshark app, aimed at protecting users' actual phone numbers from misuse online.

Alternative Number helps shield personal information in an era where phone numbers are commonly required for online activities. "It can be difficult to keep your phone number to yourself online. We’re constantly asked for our numbers whenever we post ad listings, shop online, or sign up for free products/services. But there’s no telling where your number ends up once you share it online," says Sarunas Sereika, Alternative ID Product Manager at Surfshark.

Continue reading →

A new survey reveals that 29 percent of security professionals say their biggest frustration is that their advice is being ignored.

The study, conducted by security awareness specialist KnowBe4 at Infosecurity Europe 2024 in London, finds other issues include a stated a lack of skilled workers to employ (15 percent), while a further 13 percent highlight working in an inadequate security culture or environment is their biggest complaint, with the same percentage claiming they have too many tools to manage at their organizations.

Continue reading →

Despite there being a record-breaking number of data breaches in the last year, 63 percent of organizations report that they believe their security measures are effective.

A new report from Dasera looks at how data risk perceptions and actual preparedness against breaches fluctuates across different industries and finds the top threats concerning organizations are data breaches, ransomware, insider threats, and misconfigurations.

Continue reading →