Articles about cybersecurity

Tails 6.0, the newest version of the privacy-focused Linux distribution, is now available for download. It is notable for being the first version of Tails to be based on Debian 12 (Bookworm) and use the GNOME 43 desktop environment. This update also introduces a host of new features, security enhancements, and usability improvements, alongside updated versions of the majority of the software included in Tails.

In Tails 6.0, users will find a new error detection feature for the Persistent Storage, which alerts them about errors when reading or writing from the Tails USB stick. This helps in diagnosing hardware failures and prompts users to backup their Persistent Storage before it's too late. The update also brings automatic mounting of external devices. When an external storage device is plugged in, Tails 6.0 mounts it automatically, and if the device contains an encrypted partition, it offers to unlock the encryption automatically.

Continue reading →

A new report reveals that 81 percent of organizations have public-facing neglected cloud assets with open ports, making them prime targets for attackers who routinely perform reconnaissance to detect exposed ports and known vulnerabilities.

The report from Orca Security is based on analysis of data from billions of cloud assets on AWS, Azure, Google Cloud, Oracle Cloud, and Alibaba Cloud scanned by the Orca Cloud Security Platform in 2023.

Continue reading →

The percentage of codebases with high-risk open source vulnerabilities -- those that have been actively exploited, have documented proof-of-concept exploits or are classified as remote code execution vulnerabilities -- increased from 48 percent in 2022 to 74 percent in 2023, according to new research.

The Open Source Security and Risk Analysis (OSSRA) report from Synopsys is based on findings from more than 1,000 commercial codebase audits across 17 industries. While codebases containing at least one open source vulnerability remain consistent year-on-year at 84 percent, significantly more codebases contained high-risk vulnerabilities in 2023.

Continue reading →

A new survey from Viakoo shows that only 50 percent of IT leaders are confident in their Internet of Things security and that 55 percent of IoT cyber incidents could have been prevented with better security measures.

In addition 71 percent say they wish they had started their IoT security efforts differently in order to remediate issues faster.

Continue reading →

A new report shows that 66 percent of organizations in the UK experienced at least one successful phishing attack in 2023 compared to 91 percent the previous year.

However, the study from Proofpoint shows the negative consequences of attacks have soared, with a 30 percent increase in reports of financial penalties, such as regulatory fines, and a 78 percent increase in reports of reputational damage.

Continue reading →

Attacks targeting the business logic of APIs made up 27 percent of attacks in 2023, a growth of 10 percent since the previous year. Account takeover (ATO) attacks targeting APIs also increased from 35 percent in 2022 to 46 percent in 2023.

This is among the findings of a new report from Imperva which shows API traffic constituted over 71 percent of web traffic last year. While there are benefits of APIs in allowing seamless connectivity, enhancing online experiences, and driving innovation, their widespread adoption leads to new security challenges.

Continue reading →

As consumers and businesses undergo a sea change shift towards mobile interfaces, embracing everything from retail to human resources management, the landscape of mobile security is experiencing a parallel transformation.

With this surge in reliance on mobile devices, threats have become more sophisticated, spanning network vulnerabilities, the proliferation of malware, and the craftiness of phishing schemes.

Continue reading →

The market for AI in cybersecurity is expected to reach more than $133 billion by 2030 according to a new report from Techopedia.

There's both a positive and negative impact from AI use. Hackers using AI has fueled a huge rise in cybercrime, expected to reach a massive $9.22 trillion cost to internet users in 2024, with the vast majority (85 percent) of cybersecurity professionals blaming AI. This rise is for these key reasons: AI increases the speed and volume of attacks, it adapts to specific defenses, and it creates more sophisticated, personalized attacks.

Continue reading →

Apple devices have historically had a reputation for being immune to malware, but a new report from Jamf reveals that it's tracked 300 malware families on macOS and found 21 new ones in 2023.

Jamf's latest Security 360 report examined a sample of 15 million desktop computers, tablets and smartphone devices they protect, across 90 countries and multiple platforms (macOS, iOS/iPad, Android and Windows).

Continue reading →

With responses from more than 1,100 cybersecurity professionals, a new survey reveals that 88 percent of respondents believe that AI will significantly impact their jobs, now or in the near future.

The study from ISC2 shows 35 percent have already witnessed its effects. However, views on exactly what the implications of AI might be are mixed.

Continue reading →

A new report from Cyolo and the Ponemon Institute reveals that third-party access to operational technology environments is significantly expanding the attack surface.

According to the study, 73 percent permit third-party access to OT environments, with an average of 77 third parties per organization granted such access.

Continue reading →

The total number of common vulnerabilities and exposures (CVEs) is expected to increase by 25 percent in 2024 to 34,888 vulnerabilities, or roughly 2,900 per month.

This comes from a new report by 'active insurance' provider Coalition which uses honeypots to monitor for spikes to identify the biggest CVEs before they make news headlines -- thus providing companies with the opportunity to take action before an incident can occur.

Continue reading →

Cloud intrusions increased by 75 percent overall last year as adversaries set their sights on the cloud through the use of valid credentials.

This is one of the findings of the 2024 CrowdStrike Global Threat Report released today. It notes an increase in interactive intrusions and hands-on-keyboard activity (60 percent) as adversaries increasingly exploit stolen credentials to gain initial access at targeted organizations.

Continue reading →

The relationship between an organization's chief information officer (CIO) and chief information security officer (CISO) has traditionally been somewhat at odds, since CIO's job is built around sharing information and the CISO's job is to secure it. Plus, the CIO was normally higher in the organizational hierarchy, which could also cause some tension.

But the relationship has evolved in recent years, to the point where the two positions are often more on par with each other. And with security's growing importance to the business (and the boardroom), the two jobs often share the same goals and responsibilities.

Continue reading →

A new report from Cofense based on data from its Phishing Detection Center identifies over 1.5 million malicious emails bypassing customers' secure email gateways (SEGs), a 37 percent increase in threats compared to 2022.

The report shows that SEGs struggle to keep pace with sophisticated phishing campaigns and that relying on 'good enough' email security is no longer an option for most enterprises.

Continue reading →