Articles about cybersecurity

While some professions -- including medicine, law, and engineering -- have wholeheartedly embraced wide-ranging codes of ethics and conduct, the field of cybersecurity continues to lack an overarching ethical standard. This vacuum constitutes a significant threat to the safety of consumers and businesses around the world, slows commerce, and delays innovation.

The Code of Honor: Embracing Ethics in Cybersecurity delivers a first of its kind comprehensive discussion of the ethical challenges that face contemporary information security workers, managers, and executives.

Continue reading →

Perimeter solutions such as Secure Email Gateways (SEGs) have long been a cornerstone of email security, historically serving as the primary line of defence against malicious emails entering an organization. Utilizing legacy technology such as signature and reputation-based detection, SEGs have provided pre-delivery intervention by quarantining malicious attacks before they reach the end recipient.

Why, then, are 91 percent of cybersecurity leaders frustrated with their SEGs, and 87 percent considering a replacement?

Continue reading →

A new zero-trust stealth mode browser is being launched by SlashNext, designed to see through obfuscation techniques commonly used by threat actors, and deliver enhanced protection against phishing and malware.

In recent years, well-intentioned companies offering free services such as CAPTCHA solutions and content delivery networks have inadvertently aided threat actors. For example, Cloudflare's Turnstile Services and similar CAPTCHA solutions are commonly exploited as obfuscation techniques. CAPTCHAs are used to block the crawlers employed by security services from accessing and analyzing phishing sites.

Continue reading →

In an increasingly digital world, youngsters are just as a risk as the rest of us -- perhaps more so -- which means cybersecurity education for children is crucial.

Security awareness training company KnowBe4 has released its Children's Interactive Cybersecurity Activity Kit, featuring an AI safety video, a password video game, a cybersecurity activity book, and middle school lesson plans.

Continue reading →

Trust management platform Vanta is launching new tools to help businesses understand their risk posture, particularly with regard to third-parties.

Report Center provides a real-time view into the state of a business' security and compliance program. It can automatically collect and visualize data across the entire security program, including risk management, vendors, compliance, personnel and trust.

Continue reading →

Nearly two-thirds of CISOs report increasing budgets this year, with average growth rising from six percent in 2023 to eight percent this year, but this is only about half of growth rates in 2021 (16 percent) and 2022 (17 percent).

A study from IANS Research and Artico Search shows that a quarter of CISOs are experiencing flat budgets while 12 percent face declines.

Continue reading →

Following the July 2024 CrowdStrike IT outages, over 78 percent of people in the UK now worry about the heavy reliance of global organizations on IT systems and software providers.

A new survey of 2,000 UK adults by One Poll for Nineteen Group, organizers of the International Cyber Expo shows that 44 percent of respondents were in some way impacted by the outages. 18 percent were affected themselves and 26 percent knew someone who was.

Continue reading →

Attacks on content creators and online influencers have surged alongside the growing accessibility of deepfake technologies, posing a significant threat.

To combat these threats Bitdefender is launching a new Security for Creators package that safeguards content channels and social media accounts from takeovers and supports Windows, Mac, Android, and iOS.

Continue reading →

Enterprises are facing a rapidly changing privacy landscape, in which some laws contradict each other, while struggling to reduce costs and gain visibility into their privacy risks.

Indeed there’s been a recent increase in lawsuits against companies for online privacy violations that is putting significant strain on C-level executives and they're looking to their IT leaders to address all of this risk with technology.

Continue reading →

A new report from dark web intelligence specialist Searchlight Cyber shows a 56 percent increase in the number of active ransomware groups this year compared to the first half of 2023, reflecting a diversification of the ransomware landscape.

LockBit has retained its top position despite the disruption caused by Operation Cronos, though its number of listed victims has fallen compared to H1 2023.

Continue reading →

In 2024, the average cost of a data breach skyrocketed to $4.88 million, up from $4.45 million in 2023, showing a 10 percent spike and the highest increase since the pandemic.

Some industries though have seen even bigger increases. Data from a Stocklytics survey of 604 organizations across 17 industries and in 16 countries between March 2023 and February 2024 shows the industrial sector has seen the biggest data breach cost growth in the past year.

Continue reading →

Published vulnerabilities have increased by 43 percent compared to H1 2023, with 23,668 vulnerabilities reported in H1 2024 according to a new report from Forescout.

The average number of new CVEs per day is 111 or 3,381 per month, and 20 percent of exploited vulnerabilities affected VPN and network infrastructure.

Continue reading →

Third-party browser scripts are the code snippets that organizations put into their websites to run ads, analytics, chatbots, etc -- essentially anything that isn't coded by the organization itself.

Which sounds innocuous enough, but these scripts are increasingly being used as a vector for cyberattacks. We spoke to Simon Wijckmans, CEO of c/side, to understand how these attacks operate and what can be done to defend against them.

Continue reading →

New research from Legit Security shows that widely available GenAI development services risk sensitive information exposure, or leakage of secrets.

Legit's analysis of unprotected vector databases finds that 30 servers investigated contained corporate or private data, including company email conversations, customer PII, product serial numbers, financial records, resumes, and contact information.

Continue reading →

As network boundaries can no longer be relied on to define the limits of cybersecurity, zero trust has become the overarching framework that now guides enterprise security strategies.

However, Zero Trust Network Access (ZTNA) has its limitations, especially in application security, and this can open up risk for organizations heavily reliant on SaaS systems.

Continue reading →