Articles about cybersecurity

macOS and iOS have showed an increased exploitation rate of seven percent and eight percent, respectively. Although macOS reduced its total vulnerability by 29 percent from 2023 to 2022, exploited vulnerabilities have increased by over 30 percent.

This is among the findings of the Software Vulnerability Ratings Report from Action1 Corporation which offers insights into vulnerability trends within commonly used enterprise software categories, focusing on exploitation rate and Remote Code Execution (RCE) vulnerabilities.

Continue reading →

A new survey of over 1,000 Security and IT leaders across Australia, France, Germany, Singapore, UK, and the USA, shows a decline in detection and response capabilities year-on-year.

The Hybrid Cloud Security Report from Gigamon shows that as hybrid cloud environments grow in complexity and threat actors launch a barrage of concealed attacks, 65 percent of respondents believe their existing security tooling cannot effectively detect breaches.

Continue reading →

Cloud security company Sysdig is launching a new, enhanced cloud-native investigation process designed to cut incident analysis time to just five minutes.

By visualizing a given incident in the Sysdig Cloud Attack Graph, security analysts can gain a dynamic view of the relationships between resources for a better understanding of the killchain and potential lateral movement across a cloud environment.

Continue reading →

Stepping into the role of a Cybersecurity Architect (CSA) is no mean feat, as it requires both upskilling and a fundamental shift in the way you view cybersecurity altogether.

Cybersecurity Architect’s Handbook is an all-encompassing guide, introducing the essential skills for aspiring CSAs, outlining a path for cybersecurity engineers and newcomers to evolve into architects, and sharing best practices to enhance the skills of existing CSAs.

Continue reading →

Given the quality of many politicians at the moment you might be forgiven for thinking that sometimes a deepfake would be an improvement.

But to be serious, a new study from Jumio of over 2,000 adults from across the UK finds that 60 percent are worried about the potential for AI and deepfakes to influence upcoming elections, and only 33 percent think they could easily spot a deepfake of a politician.

Continue reading →

New research by Keeper Security shows nearly half of security professionals (48 percent) say they favor standalone security solutions for specific issues.

But, this has resulted in security pros grappling with an average of 32 different security solutions in their tech stacks, and some managing hundreds of different security tools.

Continue reading →

The latest GRIT Ransomware Report from GuidePoint Security shows that May this year resulted in a 33 percent increase overall in ransomware activity compared to April 2024, indicating a degree of seasonality given a similar increase month-on-month in May 2023 relative to April 2023.

May 2024 closed with an increase in overall victim volume. However, a deep review reveals that the rise was driven disproportionately by LockBit's 175 posted victims, accounting for 37 percent of the month’s total publicly posted ransomware victims.

Continue reading →

Security information and event management (SIEM) systems used by enterprises only have detections for 38 (19 percent) of the 201 techniques covered in the MITRE ATT&CK v14 framework according to a new report.

CardinalOps analyzed more than 3,000 detection rules, 1.2 million log sources and hundreds of unique log source types from real-world SIEM instances across Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic.

Continue reading →

New research shows that nearly 30 percent of enterprise IT assets are missing at least one critical security control, such as endpoint security or patch management.

The study from Sevco Security also shows more than six percent of all IT assets have reached the end-of-life stage, creating instances of known-but-unpatched vulnerabilities.

Continue reading →

In 2006, British mathematician Clive Humby declared that data is the new oil -- and so could be the fuel source for a new, data-driven Industrial Revolution. 

Given that he and his wife helped Tesco make £90m from its first attempt at a Clubcard, he should know. And it looks like the “derricks” out there are actually pumping that informational black gold up to the surface: the global big data analytics market is predicted to be more than $745bn by 2030 -- and while it may not be the most dependable metric, Big Tech is throwing billions at AI at a rate described as “some of the largest infusions of cash in a specific technology in Silicon Valley history”. 

Continue reading →

The proliferation of APIs in the financial services industry has created a vast and complex attack surface that traditional security measures cannot adequately protect.

API security specialist Traceable AI surveyed over 150 cybersecurity professionals in the US, uncovering critical vulnerabilities, concerns, and current API security practices in the financial sector.

Continue reading →

New research from WithSecure looks at the trend of mass exploitation of edge services and infrastructure by attackers.

The number of edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) added to the Known Exploited Vulnerability Catalogue (KEV) per month in 2024 is 22 percent higher than in 2023, while the number of other CVEs added to the KEV per month has dropped 56 percent compared to 2023.

Continue reading →

A new report into IT asset management (ITAM) shows that 53 percent of IT teams report challenges gaining or maintaining complete visibility of their technology investments.

The study from Flexera also finds nearly a quarter (22 percent) of the global IT leaders surveyed say they have paid more than $5 million in audit costs over the past three years, up from 15 percent in 2023.

Continue reading →

Organizations face significant challenges with open source security, primarily due to the rapid pace at which open source vulnerabilities are identified compared to the slower pace of remediation efforts.

This discrepancy creates a scenario where security teams are constantly trying to catch up, struggling against an ever-growing list of vulnerabilities that pose serious threats to their systems.

Continue reading →

As a wise man once said, a failure to plan is a plan to fail. This is especially true in the world of cybersecurity, where it is all but inevitable that an organization will face a security incident.

According to the 2024 Data Protection Trends report from Veeam, ransomware is the leading type of cyber crime, due to its lucrative nature. Cyber criminals have found that stealing, encrypting and selling data back to their victims is highly profitable, which has led to ransomware becoming a billion-dollar industry. Between ransom payments, maintenance, and lost business due to downtime, the average ransomware attack costs a business around £3.5 million.

Continue reading →