Articles about cybersecurity

The nature of the modern world means that we all have lots of different accounts to manage various services.

Protecting all of these can be a challenge and you can end up with lots of different tools like password managers, VPNs, anti-virus tools and more. It also leads to people getting lazy and reusing passwords.

Continue reading →

Kaspersky's annual spam and phishing report, released today, shows its anti-phishing system thwarted over 709 million attempts to access phishing and scam websites in 2023 -- a 40 percent increase over 2022.

There's also been a surge in attacks spread via messaging platforms, including 62,127 phishing attempts on Telegram -- a 22 percent increase from the year before. AI platforms, social media services, and cryptocurrency exchanges are the other most-exploited channels.

Continue reading →

A new survey of 150 IT security and data science leaders shows that 98 percent of enterprises consider at least some of their AI models crucial to their business success, and 77 percent identified breaches to their AI in the past year.

Yet the study from HiddenLayer shows only 14 percent of IT leaders say their respective companies are planning and testing for adversarial attacks on AI models.

Continue reading →

New research from email security provider EasyDMARC finds that 25 percent of e-commerce retailers expect to see a notable drop in email deliverability following Yahoo and Google's email authentication policy changes.

Both Google's sender guidelines and Yahoo's sender requirements and recommendations have stated that failure to comply with the new sending standards could negatively impact email delivery. For e-commerce providers that rely on email as a marketing and customer communications channel, these measures could negatively impact customer engagement and sales.

Continue reading →

Over the years, security vendors have pushed companies to integrate their tools into the DevOps pipeline with the promise of being able to move faster and be more secure.

However, as businesses have matured their DevSecOps practices the more they have been hit by mountains of reported vulnerabilities and problems that have slowed them down. So, has DevSecOps failed in its promise? We talked to Eitan Worcel, CEO at Mobb, to find out.

Continue reading →

According to a new study, 89 percent of cybersecurity professionals agree that their company's sensitive data is increasingly vulnerable to new AI technologies.

The study of 700 respondents across cybersecurity roles, conducted by Vanson Bourne for Code42, also finds that 87 percent are concerned their employees may inadvertently expose sensitive data to competitors by inputting it into GenAI. In addition 87 percent are concerned their employees are not following their GenAI policy.

Continue reading →

Over 70 percent of respondents to a new survey say they feel their current security stack is highly effective against image-based and QR code phishing, however, 76 percent report being compromised by these types of attacks within the past year.

The study of 300 IT and security professionals across a variety of industries and geographies, from Osterman Research for IRONSCALES, shows almost 93 percent of IT and security professionals are aware of image-based phishing attacks targeting their organizations, and nearly 79 percent say the same about QR code attacks.

Continue reading →

Towards the end of last year the American Airlines pilot union was hit with a ransomware attack. This is just one of a growing number of attacks targeting the aviation sector.

What makes the aviation industry such an attractive target and how can it protect itself? We spoke to Marty Edwards, deputy CTO for OT/IoT at Tenable, to find out.

Continue reading →

Staff at various levels work in multiple cybersecurity functions according to the latest report from IANS research and recruitment specialist Artico Search.

It finds 42 percent have responsibilities that span multiple cybersecurity domains. Of the AppSec staff, 74 percent also contribute to product security and 67 percent are involved in identity and access management (IAM).

Continue reading →

There is an increasing level of crossover and connectivity between IT, operational technology (OT) and IoT assets, which raises the risk of cyberattacks originating in IT systems and then spreading into OT environments.

To help businesses address this risk Tenable is launching a new exposure management platform that provides holistic visibility into assets across IT and OT environments.

Continue reading →

A new study reveals that 92 percent of companies surveyed had experienced a breach in the past year due to vulnerabilities of applications developed in-house.

The report from Checkmarx shows that in recent years the responsibility for application security has shifted away from dedicated security teams and is now shared between AppSec managers and developers.

Continue reading →

Globally, the average number of DDoS attacks per customer grew by 94 percent in 2023, according to a new report from Radware.

"The technological race between good and bad actors has never been more intense," says Pascal Geenens, Radware's director of threat intelligence. "With advancements like Generative AI, inexperienced threat actors are becoming more proficient and skilled attackers more emboldened. In 2024, look for attack numbers to climb and attack patterns, like the shift in Web DDoS attacks, to continue to evolve."

Continue reading →

Sadly, there has never been a better phrase than ‘survival of the fittest’ to describe cyber criminal groups. They are constantly refining their tactics to cause greater disruption and earn even bigger profits. The ransomware ecosystem is a resilient and lucrative business model, and attacks are causing huge pain for organizations.

Just look at the recent attack on the British Library. The attack rendered the British Library’s website inoperative, and it’s been reported the institution may have to spend £7 million to recover. The Rhysida group, who were responsible for the attack, disseminated hundreds of thousands of confidential documents on the internet, encompassing both customer and employee information.

Continue reading →

As commercial adoption of cloud technologies continues, cloud-focused malware campaigns have increased in both sophistication and number.

A new report from Cado Security is based on analysis of real-world techniques employed by attackers using honeypot infrastructure. Last year Cado introduced 'Cloudypots', a new, more sophisticated, high-interaction honeypot system.

Continue reading →

The nature of cybersecurity is such that much of the work goes on in the background. People notice when there's a problem but not when there isn't.

A new report from CybSafe shows that 31 percent of enterprise workers in the US and UK would like to see more transparency around what the cybersecurity team does.

Continue reading →