Articles about cybersecurity

In Not With A Bug, But With A Sticker: Attacks on Machine Learning Systems and What To Do About Them, a team of distinguished adversarial machine learning researchers deliver a riveting account of the most significant risk to currently deployed artificial intelligence systems: cybersecurity threats. The authors take you on a sweeping tour -- from inside secretive government organizations to academic workshops at ski chalets to Google’s cafeteria -- recounting how major AI systems remain vulnerable to the exploits of bad actors of all stripes.

Based on hundreds of interviews of academic researchers, policy makers, business leaders and national security experts, the authors compile the complex science of attacking AI systems with color and flourish and provide a front row seat to those who championed this change. Grounded in real world examples of previous attacks, you will learn how adversaries can upend the reliability of otherwise robust AI systems with straightforward exploits.

Continue reading →

Over half of C-suite and other executives (51.6 percent) expect an increase in the number and size of deepfake attacks targeting their organizations' financial and accounting data in the next year.

A new Deloitte poll shows that increase could impact more than one-quarter of executives in the year ahead, as those polled report that their organizations experienced at least one (15.1 percent) or multiple (10.8 percent) deepfake financial fraud incidents during the past year.

Continue reading →

According to a new survey, 84 percent of organizations in the enterprise sector spotted a cyberattack within the last 12 months, compared to only 65 percent in 2023.

The study from Netwrix shows the most common security incidents are phishing, user or admin account compromise, and ransomware or other malware attack.

Continue reading →

The latest threat detection data from Red Canary shows that Atomic Stealer -- an infostealer that targets credentials, payment card data, keychain details, and cryptocurrency wallet information on macOS devices -- has entered the top 10 threats.

Other notable appearances include Scarlet Goldfinch -- an 'activity cluster' that uses fake browser updates to trick users into downloading a legitimate remote management and monitoring tool that can be abused to deploy malicious software -- and ChromeLoader -- a malicious browser extension that reads and hijacks browser traffic to redirect it to specific sites, likely to conduct pay-per-click advertising fraud.

Continue reading →

A survey of 800 security decision-makers across the US, UK, Germany and France reveals that 92 percent of security leaders have concerns about the use of AI-generated code within their organization.

In spite of these concerns though the study from Venafi finds 83 percent of organizations use AI for coding and open source software is present in 61 percent of applications.

Continue reading →

A new survey of 2,000 people in the UK for the International Cyber Expo shows that 72 percent believe that cyberwarfare is likely to be the next step in modern combat.

Over half of people (52 percent) said they believe cyberwarfare may be the next step in warfare combined with physical tactics.

Continue reading →

A new report from Orca Security highlights that, as organizations invest in AI innovation, most of them are doing so without regard for security.

The report uncovers a wide range of AI risks, including exposed API keys, overly permissive identities, misconfigurations, and more.

Continue reading →

According to Gartner, 60 percent of organizations work with over 1,000 third parties, and a new report shows many of these supply misconfigured or vulnerable hardware and software, putting customers at risk.

The study from CyCognito finds web server environments, including platforms like Apache, NGINX, Microsoft IIS, and Google Web Server, were the host of 34 percent of all severe issues across surveyed assets. They accounted for more severe issues than 54 other environments combined (out of 60 environments surveyed),

Continue reading →

A new report from SpyCloud finds that Ransomware is seen as the biggest cybersecurity threat across every industry, with 75 percent of organizations affected by ransomware more than once in the past 12 months -- a jump from 61 percent in 2023.

Based on a survey of 510 individuals in active cybersecurity roles within organizations in the US and the UK with at least 500 employees, the report shows some industries are more at risk than others, with insurance firms 6.3x more likely to experience a ransomware attack and healthcare 2.1x more likely.

Continue reading →

Effective cyber risk management is more crucial than ever for organizations across all industries as threat actors are constantly evolving their tactics. Yet, the latest Cyber Risk Peer Benchmarking Report from Critical Start unveils a striking dichotomy between strategy and execution in cyber risk management. While 91 percent of organizations acknowledge the criticality of having a robust risk management strategy, the execution of these strategies appear to fall short.

This gap between cyber risk strategy and execution widens as organizations grow larger. To fully comprehend an organization’s risk and executive strategies effectively, IT leaders must first understand the lifecycle of cyber risk and ensure each stage is addressed.

Continue reading →

More than 65 percent of websites are unprotected against simple bot attacks and 95 percent of advanced bot attacks go undetected on websites.

A new report from DataDome reveals that eCommerce and luxury goods sites are at greatest risk. Just five percent of luxury brand websites and 10 percent of eCommerce websites are fully protected against bad bots.

Continue reading →

A new survey of IT and security leaders working within critical infrastructure industries reveals that 80 percent of organizations experienced an email-related security breach over the past year, and 63.3 percent of respondents say their email security approach needs to be improved.

The report from infrastructure protection company OPSWAT based on a study by Osterman Research finds that despite advancements in cybersecurity, 48 percent of organizations lack confidence in their existing email security defenses, leaving them vulnerable to potentially devastating cyberattacks.

Continue reading →

Modern software development teams are under so much pressure to deliver fast. Unfortunately, speed can mean security gets overlooked during development. Fixing these issues later in the development cycle, or worse, after the software has been released, can be time-consuming, expensive and damaging to a company’s reputation. That’s where early detection of software vulnerabilities comes in. By finding and fixing these issues early organizations can save time, reduce costs and protect their users from security breaches.

In this post, we’ll look at why early detection is key, how it impacts development timelines and budgets and how security in the early stages of software development is the key to both secure and efficient software delivery.

Continue reading →

Representatives from leading nations including the US and UK are meeting for three days of talks to focus on tackling global cyber threats and boosting cyber skills.

Over the next three days, countries including the EU member states, Canada, Japan and international organizations such as the World Economic Forum and the OECD will discuss how global cyber security workforces can be strengthened, from agreeing ways to boost cyber skills to developing new professional standards.

Continue reading →

With a rapidly developing threat landscape, an increase in high-profile data breaches, the introduction of new legislation, and customer tolerance for poor data handling at an all-time low, the stakes are high for companies to have robust cybersecurity in place. However, despite their best efforts, companies are often found to not be doing enough to protect their assets.

Often, this is due to a case of ‘too much, too fast’. As businesses invest in new technologies, their day-to-day operations are being supported by ever more complex and fragmented technology platforms. At the same time, the amount of customer data available to them is growing and constantly streaming in, and bad actors are consistently launching more sophisticated attacks. Meanwhile, leaders are not fully aware of or own responsibility for their cybersecurity plans. As the digital world evolves with new threats and regulations, business leaders must recognize the importance of data protection. If they do not, they cannot adequately protect their customer's data and are in danger of losing their trust and even their continued existence in business.

Continue reading →