Articles about cybersecurity

According to a new survey, 77 percent of organizations have suffered from instances of cyberattacks or data breaches in the past 12 months due to improper access or over-privileged users.

The study from ConductorOne, based on a survey of 523 US-based IT security leaders at companies with 250 to 10,000 employees, also finds 41 percent of respondents say there had been multiple instances of cyberattacks or data breaches due to the same improper access issues.

Continue reading →

More than half of respondents (53 percent) to a new survey say their existing cybersecurity solutions do not effectively address website impersonation attacks, and 41 percent say their existing solutions only partially protect them and their customers.

The study from Memcyco, based on research from Global Surveyz, finds just six percent of brands claim to have a solution that effectively addresses these attacks despite 87 percent of companies recognizing website impersonation as a major issue and 69 percent admitting to having had these attacks carried out against their own website.

Continue reading →

A new Dark Side of GenAI report from Immersive Labs looks at 'prompt injection' attacks, in which individuals input specific instructions to trick chatbots into revealing sensitive information, potentially exposing organizations to data leaks.

Using data gathered from a public prompt injection challenge the report finds a worrying 88 percent of participants successfully tricked the GenAI bot into giving away sensitive information in at least one level of an increasingly difficult challenge.

Continue reading →

Last year saw more mass compromise events arising from zero-day vulnerabilities (53 percent) than from older vulnerabilities for the first time since 2021.

The latest Attack Intelligence Report from Rapid7 also shows mass compromise events stemming from exploitation of network edge devices have almost doubled since the start of 2023, with 36 percent of widely exploited vulnerabilities occurring in network perimeter technologies. More than 60 percent of the vulnerabilities Rapid7 analyzed in network and security appliances in 2023 were exploited as zero-days.

Continue reading →

The financial sector in the UK is under constant attack and that it is grappling to keep pace with ever-evolving cyber threats, according to a new report from security awareness training company KnowBe4.

The frequency of ransomware attacks on the financial sector in the UK doubled in 2023, showcasing an alarming escalation. Phishing and Business Email Compromise (BEC) remain the top threats to organizations including financial institutions.

Continue reading →

Concern around deepfakes has been growing for some time and new research released by ISMS.online shows deepfakes now rank as the second most common information security incident for UK businesses and have been experienced by over a third of organizations.

The report, based on a survey of over 500 information security professionals across the UK, shows that nearly 32 percent of UK businesses have experienced a deepfake security incident in the last 12 months.

Continue reading →

The job of the CISO is becoming increasingly complex, with new rules around security and compliance, disclosure requirements following incidents, and more.

We spoke to John Morello, CTO of Gutsy, a company which was the first to apply process mining to security, to find out how things are changing and how CISOs should respond.

Continue reading →

It can seem like securing systems is all about new threats and zero-day issues. But research from exposure management platform CyCognito shows that older issues can still be a problem.

It shows two percent of organizations have assets still vulnerable to Log4j. What's more over 50 percent of attempted patches require multiple rounds of validation before the patch is successful, often because of incomplete or inaccurately followed remediation instructions -- effectively prolonging the exposure window.

Continue reading →

Over half of CISOs believe generative AI is a force for good and a security enabler, whereas only 25 percent think it presents a risk to their organizational security according to a new survey.

The survey of the ClubCISO community, in collaboration with Telstra Purple, highlights CISOs' confidence in generative AI in their organizations.

Continue reading →

New research from Tenable reveals that 95 percent of 600 organizations surveyed suffered a cloud-related breach in the previous 18 months.

An additional 29 percent reported the breach caused 'significant' harm, which is defined as any adverse consequences to someone or an organization if the confidentiality of PII were breached.

Continue reading →

The use of sensitive data for business is crucial. The growing amount of sensitive data stored in cloud infrastructure and applications creates an increasing and constantly evolving data risk landscape for organizations.

The main cause of risk is how broadly this data is shared within and outside the organization, and how it is being used by users, services, or other applications. We spoke to Liat Hayun at Eureka Security about how this risk can be addressed while still allowing safe use and storage of data.

Continue reading →

The frequency of application attacks is rising as cybercriminals continue to prey on the increasing reliance on web, mobile and desktop apps, according to a new report.

Digital.ai's 2024 Application Security Threat Report looks at data about threats identified from monitoring applications under active protection. The likelihood of an app being attacked rose eight percent year-on-year, with gaming apps and financial services apps facing the highest risk of attack at 76 percent and 67 percent respectively.

Continue reading →

A new report from Jumio shows 72 percent of consumers worry about being fooled by deepfakes on a daily basis.

Based on a survey by Censuswide of more than 8,000 adult consumers, split evenly across the UK, US, Singapore and Mexico, it finds only 15 percent of consumers say they've never encountered a deepfake video, audio or image before, while 60 percent have encountered a deepfake within the past year.

Continue reading →

Google has released an emergency security update for the Chrome browser for Windows, Mac, and Linux, and is urging all users of the browser to install it immediately.

The update is to fix CVE-2024-4671 which could allow remote access to data and Google confirms in Chrome's update notes that it is actively being exploited and therefore represents threat to your online security.

Continue reading →

A new study reveals that 56 percent of UK adults are more worried over potential cyberattacks since Russia's invasion of Ukraine.

The study from Illumio surveyed 2,000 people to understand their attitudes towards cybersecurity and finds only 47 percent are confident in central government's capabilities to ward off digital threats effectively and just 35 percent have confidence in local government.

Continue reading →