Articles about cybersecurity

New analysis from MixMode.ai reveals the countries with the highest and lowest risk for cyber threats worldwide in 2024, with the US ranking 9th overall among countries with the lowest risk.

The analysis is based on a comprehensive dataset encompassing various indices, including the National Cyber Security Index, Cybersecurity Exposure Index, Global Cybersecurity Index, Cyber Resilience Index, and the Final Cyber Safety Score to give each of 70 countries a score out of 100.

Continue reading →

A new report from Fortinet shows that the second half of 2023 saw attackers increase the speed with which they capitalized on newly publicized vulnerabilities.

Attacks were carried out 43 percent faster than 1H 2023, starting on average 4.76 days after new exploits were publicly disclosed.

Continue reading →

The latest Email Threat Trends report from VIPRE Security Group identifies the US as the top source of spam emails globally, followed by the UK, Ireland, and Japan. The US, UK, and Canada are the top three countries most subjected to email-based attacks.

Looking at targets, the manufacturing, government, and IT sectors are the most attacked by malicious actors. In Q1 2024, the manufacturing sector suffered 43 percent of email-based attacks, with government (15 percent) and IT (11 percent) trailing well behind. This is a change from Q1 2023, when attackers targeted the financial (25 percent), healthcare (22 percent), and education (15 percent) sectors most often.

Continue reading →

A new study from Prevalent shows third-party Breaches have risen 49 percent year-on-year, increasing threefold since 2021.

The survey of IT professionals conducted in February and March this year shows 61 percent of companies experienced a third-party data breach or cybersecurity incident last year.

Continue reading →

Computers and servers made up 92 percent of DDoS targets in 2013, compared to just eight percent for mobile devices. The split the previous year was 32 percent computers and 68 percent mobile. At the same time the DDoS attack count decreased 55 percent in 2023, but the average attack size grew 233 percent.

The latest DDoS trends report from Nexusguard also finds that shorter attacks lasting 90 minutes increased by 22 percent and made up 81 percent of all DDoS attacks.

Continue reading →

As enterprises increasingly integrate generative AI into critical applications they, often unwittingly, expose those applications to attacks that exploit the unique characteristics of AI, such as prompt injection, insecure outputs, and sensitive data disclosure.

API security company Traceable AI is announcing an early access program for its new Generative AI API Security capability, aimed at specifically targeting the security risks of integrating Gen AI into applications.

Continue reading →

A new report finds that 85 percent of executives surveyed believe computing innovation is
increasing risk.

The report from LevelBlue also shows 74 percent think the opportunity of computing innovation outweighs the corresponding increase in cybersecurity risk -- making cyber resilience nearly impossible to achieve.

Continue reading →

A new report based on data gathered from over 40 million exposures presenting high-impact risks to millions of critical business entities, finds that identity and credential misconfigurations represent 80 percent of security exposures across organizations.

The report, from exposure management specialist XM Cyber based on data analyzed by the Cyentia Institute, shows a third of these exposures put critical assets at direct risk of breach -- an attack vector actively being exploited by adversaries.

Continue reading →

A new report from threat intelligence company Intel 471 shows a global rise in ransomware and hacktivism.

The report notes 4,429 ransomware attacks in 2023, almost double the 2,344 observed in 2022, with the most prominent variants being LockBit 3.0, ALPHV, CLOP, Play and 8BASE. North America saw a notable 125.3 percent increase in ransomware, followed by Europe with 67.7 percent, Asia with 46.8 percent, South America with 40.9 percent.

Continue reading →

Google's proposal to cut TLS certificate lifespans to 90 days -- down from the current 398 -- was aired last year and has caused something of a stir in security circles.

According to a recent Venafi study, 83 percent of organizations have been hit by certificate-related outages in the past 12 months, and 57 percent of organizations have experienced security incidents involving compromised TLS certificates. Shortening certificate lifespans will therefore help businesses reduce the risk of compromise.

Continue reading →

Yesterday's coverage of World Password Day sparked some discussion among the BetaNews team about passkeys and how they work.

We figured that if we're confused about them then some of you probably are too, so here's a FAQ look at passkeys, how they work and why you should consider using them.

Continue reading →

The average organization has roughly 1,400 permissions for every employee, according to a new report from Veza.

The findings also show that identity teams face a daunting number of groups and roles to manage. With organizations averaging nearly 700 groups for every 1,000 users, it is difficult for admins to choose the least-privilege groups and roles that will meet the needs of any given employee, contractor, or service account.

Continue reading →

The cybersecurity world is a fast changing one with a constant arms race between attackers and defenders.

New entrants are always coming to the market with innovative technologies to solve particular problems. We spoke to Justin Somaini, a partner at cybersecurity venture capital firm YL Ventures, to find out more about up and coming security trends and shaping the future of cybersecurity.

Continue reading →

A new report shows that CISOs find it difficult to communicate threats to the C-suite, which is leaving gaps in the organization’s understanding of cyberrisk.

The study from Dynatrace reveals that 87 percent of CISOs say application security is a blind spot at the CEO and board level.

Continue reading →

Google launched its passkeys initiative on 2022's World Password Day and this year it's marking the day with some new updates.

It’s expanding Cross-Account Protection, an initiative where Google will share security notifications about suspicious events on your Google Account with the non-Google apps and services you use. Doing this will allow the other apps and services connected to your Google Account to use the security information to better protect your other accounts.

Continue reading →