Articles about cybersecurity

Over 58,000 unique websites from around the world are vulnerable to data breaches and even complete takeovers according to new research.

The Cybernews research team has investigated publicly exposed environment files (.env) that should be kept private and protected at all costs. These files hold passwords, API keys, and other secrets that websites need to access databases, mail servers, payment processors, content management systems, and various other services.

Continue reading →

As organizations have come to rely more on the cloud, it's become an increasingly attractive target for cybercriminals seeking to steal data or extract ransoms.

In the past this has involved the use of malware, but as attackers get more sophisticated there’s a move towards different types of attack. We spoke to Shai Morag, SVP and general manager cloud security at Tenable, to discover more about these threats and how to tackle them.

Continue reading →

Leaked or stolen credentials remain a major cause of security breaches and reuse of passwords between accounts only compounds the problem.

Password manager company Dashlane is launching new automated tool to empower admins to proactively create a more security-conscious workforce and drive better credential security behavior across their organization, reducing the risk of credential theft.

Continue reading →

A new study from the Identity Defined Security Alliance (IDSA) finds that 90 percent of organizations experienced an identity-related incident in the past year and 84 percent suffered a direct business impact as a result.

The survey of over 520 identity and security professionals from organizations with over 1,000 employees finds the most significant impact, seeing a measurable rise this year, is distracting from core business (52 percent).

Continue reading →

A new survey shows that 59 percent of executives say budget/cost is the top roadblock to achieving their cloud security objectives, followed by complexity (47 percent) and lack of skilled resources (41 percent).

The study from Gatepoint Research for Orca Security of 200 senior decision makers also reveals that 57 percent of respondents identify misconfigurations as their top cloud security risk, followed by unauthorized access (50 percent), data breaches (35 percent), insecure APIs (31 percent), lack of visibility (29 percent), and malicious insiders (12 percent).

Continue reading →

Attack surfaces keep expanding, making it increasingly challenging for organizations to obtain and make sense of the most relevant insights from their attack surface data.

Attack surface management platform Detectify says its users see an average of 300 breaches per set policy, with over 70 percent of active policies focusing on spotting risky open ports.

Continue reading →

Think you’ve been hit by a cyber-attack? You need to move fast, but what immediate actions should you take, or should you not take?  Here’s a Cyber Incident Responder’s guide to steer you through the turmoil. The actions your team takes -- or doesn’t take -- can greatly impact the overall duration of recovery, cost, and the potential to uncover vital evidence left by threat actors within your infrastructure.

Identifying a cyber security incident can be challenging. Many threat actors have mastered the art of quietly infiltrating IT systems and hiding their digital footprints. Not all cyber-attacks are as overt as encryption-based ransomware or mandate fraud. The rise of encryption-less ransomware and corporate and state-level espionage is concerning. These silent intruders can lead to data and intellectual property (IP) loss, diminished competitive edge or market share, potential regulatory fines, and reputational damage.  All of which can be just as devastating, if not more so, to an organization, its employees, and investors, than a single ransomware incident.

Continue reading →

Organizations have grappled with business threats posed by various automated bots and crawlers over the years. The latest flavor to take the spotlight is AI crawlers which source proprietary content to feed the AIs they serve.

We spoke to Eyal Benishti, CEO of IRONSCALES, to discuss AI crawlers and why it's important for security teams to establish boundaries for their use.

Continue reading →

Almost three times as many phishing, malicious, deny-listed, and offensive links have been delivered to mobile devices than a year ago, according to a new report from Lookout.

The Lookout Mobile Threat Landscape Report is based on data derived from the Lookout Security Cloud that analyzes data from more than 220 million devices, 325 million apps and billions of web items.

Continue reading →

Although the goals and challenges of IT and security professionals overlap, 72 percent of respondents to a new survey report that security data and IT data are siloed in their organization, contributing to elevated security risk.

The survey of over 7,000 executive leaders, IT and cybersecurity professionals‌ and office workers, from Ivanti finds 63 percent report that siloed data slows down security response times.

Continue reading →

There are more than 15 billion IoT devices worldwide, and that number is expected to reach 29 million by 2030, with consumer products like baby monitors, smartwatches, and fridges accounting for more than half. However, connectivity comes at a cost. Data usage, privacy concerns, and cyberattacks pose a serious threat to users and manufacturers. To address this, the government has implemented a Cyber Trust Mark Program to help people easily identify products that meet security standards. The initiative provides manufacturers with a roadmap to improve security and prepare for future requirements.

A key part of The Cyber Trust Mark program is that devices must pass tests designed to ensure security and data privacy. Securing connected solutions poses a unique challenge for manufacturers. While patching a network configuration issue is simple, software is often separated from connected device design workflows. This means security testing occurs in the final stages of product design, making it harder to build security from the ground up.

Continue reading →

The last six months has seen a 341 percent increase in malicious emails, including an alarming spike in phishing, BEC, and other message-based attacks fueled by the continued growth of generative AI.

The latest State of Phishing Report from SlashNext finds that since the launch of ChatGPT in November 2022, there has been a 4,151 percent increase in malicious emails sent.

Continue reading →

If you're a cybersecurity professional, then you know how it often seems that no one cares about (or understands) information security.

InfoSec professionals frequently struggle to integrate security into their companies' processes. Many are at odds with their organizations. Most are under-resourced. There must be a better way. The Cybersecurity Manager's Guide is an essential manager's handbook that offers a new approach to building and maintaining an information security program that's both effective and easy to follow.

Continue reading →

Microsoft has announced a series of updates to Edge for Business aimed at making the browser a more attractive proposition for enterprises.

Launched at Build yesterday, new features include screenshot prevention in order to block data exfiltration, this also applies to Copilot prompts and responses. There's also improved leak protection for sensitive documents.

Continue reading →

The amount of corporate data workers put into AI tools increased 485 percent from March 2023 to March 2024, and is increasing exponentially. The trend is highest among tech workers with 23.6 percent putting corporate data into an AI tool.

A new report from Cyberhaven looks at AI adoption trends and their link to heightened risk. A worrying finding is that 73.8 percent of ChatGPT usage at work is through non-corporate accounts, that unlike enterprise versions incorporate whatever you share in public models.

Continue reading →