Articles about cybersecurity

Quantum computing presents a substantial problem for securing systems because of its potential to crack existing encryption protocols.

However, the industry is beginning to gear up to face the threat. Tuta, the email provider with the world's first quantum-safe encryption for email, is now launching its new stand-alone encrypted calendar app.

Continue reading →

Compromised non-human identities have led to successful cyberattacks at that 66 percent of enterprises.

A new report from AppViewX, based on a survey of almost 370 IT, cybersecurity, and DevOps professionals by Enterprise Strategy Group (ESG), also shows 57 percent of the episodes where organizations suffered a successful attack tied to NHI compromises got the board of directors attention.

Continue reading →

A new report from Regula reveals that 49 percent of businesses globally have experienced deepfake scams involving either audio or video -- almost doubling the number of incidents since 2022.

The survey, of 575 business decision makers, shows a significant rise in the prevalence of video deepfakes, with a 20 percent increase in companies reporting incidents compared to 2022.

Continue reading →

The EU's latest Network and Information Security Directive (NIS2) comes into effect on October 18, but new research finds that although nearly 80 percent of businesses are confident in their ability to eventually comply with NIS2 guidelines, up to two-thirds say they will miss this imminent deadline.

The survey from Veeam Software, of over 500 IT decision-makers from Belgium, France, Germany, the Netherlands and the UK, shows 90 percent of respondents reporting at least one security incident that the NIS2 directive could have prevented in the past 12 months.

Continue reading →

A new report from OpenText finds that collaboration and coordination taking place between nation-states and cybercrime rings to target global supply chains and further geopolitical motives has become a signature trend in the threat landscape.

Russia has been seen to collaborate with malware-as-a-service gangs including Killnet, Lokibot, Ponyloader and Amadey, while China has entered into similar relationships with the Storm0558, Red Relay, and Volt Typhoon cybercrime rings, typically to support its geopolitical agenda in the South China Sea.

Continue reading →

Sharing is caring so the saying goes, but that shouldn't apply quite so much when applied to sensitive data. A new report from CybSafe shows 38 percent of employees admit to sharing sensitive information without the knowledge of their employer.

The study of over 7,000 individuals across the United States, UK, Canada, Germany, Australia, India and New Zealand, reveals workers are more connected than ever, with 53 percent of participants stating they're always online.

Continue reading →

Traditional processes for ensuring employees have the right levels of access to systems have come under strain and become harder to manage because of the spread of cloud-based software.

A new AI-powered identity governance and administration (IGA) platform from Zilla Security aims to tackle the long-standing challenge of managing hundreds of roles or group membership rules to ensure organizations give users job-appropriate access.

Continue reading →

Cybercriminals are increasingly adopting a 'mobile-first' attack strategy to infiltrate enterprise systems by targeting weak, unsecured, and unmanaged mobile endpoints, recognizing mobile as a major entry point to corporate networks and sensitive data.

A new report from Zimperium zLabs shows a significant rise in mobile phishing -- or 'mishing' -- a technique that employs various tactics specifically designed to exploit vulnerabilities in mobile devices.

Continue reading →

It's usually the case that cybersecurity is seen as being all about technology and that humans -- making mistakes and falling for social engineering -- are something of a liability.

But are people really just a problem or can they also be part of the solution? Toney Jennings, CEO of DataStone, believes we need to shift our thinking away from the current paradigm to empowering people as a hidden asset in the protection of their organization. We talked to him to find out more.

Continue reading →

The latest threat insights report from HP Wolf Security has identified a new campaign using malware believed to have been written with the help of GenAI.

Analysis of the campaign, targeting French-speakers using VBScript and JavaScript, finds the structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables are strong indications that the threat actor used GenAI to create the malware.

Continue reading →

A new global study reveals that 58 percent of people use a username and password to login to personal accounts and 54 percent do so to login to work accounts.

The report from Yubico, based on a study of 20,000 people around the world carried out by Talker Research, reveals a worrying lack of awareness of best practices for authentication. 39 percent think username and password are the most secure and 37 percent think mobile SMS based authentication is the most secure, though both are highly susceptible to phishing attacks.

Continue reading →

The presence of any data relating to an organization on the dark web demonstrably increases its risk of a cyberattack.

This probably won't come as too much of a surprise but it's confirmed by new research from Searchlight Cyber, the dark web intelligence company, and the Marsh McLennan Cyber Risk Intelligence Center.

Continue reading →

A new qualification aims to equip cybersecurity professionals with the skills needed to tackle cybercrime in the age of AI.

Certified Ethical Hacker CEH v13 from EC-Council, a leader in cybersecurity certification, education, and training, provides in-depth training by integrating AI into all five phases of ethical hacking, from reconnaissance and scanning to gaining access, maintaining access, and covering tracks.

Continue reading →

AI has become an undeniable and powerful part of the digital landscape. It makes systems stronger and more automated -- but it also has the potential to present a threat.

Some 80 percent of executives believe deepfakes pose a risk to their business, yet only 29 percent say they have taken steps to combat them. We spoke to Patrick Harding, chief product architect at Ping Identity, to discuss the security threats posed by AI and the need to take steps to properly secure identity by adding additional layers of protection.

Continue reading →

In Not With A Bug, But With A Sticker: Attacks on Machine Learning Systems and What To Do About Them, a team of distinguished adversarial machine learning researchers deliver a riveting account of the most significant risk to currently deployed artificial intelligence systems: cybersecurity threats. The authors take you on a sweeping tour -- from inside secretive government organizations to academic workshops at ski chalets to Google’s cafeteria -- recounting how major AI systems remain vulnerable to the exploits of bad actors of all stripes.

Based on hundreds of interviews of academic researchers, policy makers, business leaders and national security experts, the authors compile the complex science of attacking AI systems with color and flourish and provide a front row seat to those who championed this change. Grounded in real world examples of previous attacks, you will learn how adversaries can upend the reliability of otherwise robust AI systems with straightforward exploits.

Continue reading →