cybersecurity

In recent years, mobile devices have taken center stage and we've become mobile-first users, where mobile devices are our first choice for how we communicate, navigate, work, bank, take photos, shop and stay informed about the world around us. Our increased reliance on mobile phones is not without its risks.

According to Zimperium's Global Mobile Threat Report 2023, 43 percent of all compromised devices were fully exploited (not jailbroken or rooted), an increase of 187 percent year-over-year, a shocking number.

Research released by KnowBe4 shows that 75 percent of security professionals have witnessed employees displaying risky security behaviors at work and 62 percent admit to risky behavior themselves.

Top risky things that cybersecurity pros admit to include using entertainment or streaming services (33 percent), using GenAI within the organization (31 percent), sharing personal information (14 percent), using gaming or gambling websites at work (10 percent) and using adult entertainment websites (two percent).

You'll doubtless be aware already of the major outages of Microsoft systems today causing problems for airports, rail operators, banks, retailers, broadcasters and more.

Among the disruption stores found themselves unable to accept payments and in the UK Sky News’s breakfast show was taken off air. Some airports were forced to use whiteboards to show flight departure information.

It's essential for businesses to get security, privacy and governance right -- not only to prevent breaches, but also comply with increasing numbers of regulations.

DevOps Research and Assessment (DORA) best practices are the gold standard for spotting vulnerabilities across both cloud and mainframe environments and improving development efficiency.

Although software supply chain breaches are increasing, a new study from JFrog finds that only 30 percent of respondents identified the need to address vulnerabilities in their software supply chain as a top security concern.

It also uncovers a disconnect between management and developers. 92 percent of executives claim their organizations possess tools to detect malicious open-source packages, while only 70 percent of developers think the same.

Fraudulent transactions in the first half of 2024 were up over 73 percent year on year, and suspected fraudulent transactions increased by over 84 percent, according to the 2024 Mid-Year Identity Fraud Review, released today by AuthenticID.

The report also looks at the latest trends including a surge in AI-enabled fraud, as well as the increased use of deepfakes for identity fraud tactics like account takeover attacks and injection attacks.

Including a number in your password doesn't make it much more secure, does it? If that number is a seven then it just might, according to ProxyScrape.

Strange though it may sound, seven is a rare number in terms of people's preference for it. People naturally gravitate towards using predictable patterns in their passwords. Numbers like 0, 1, and 2 are often overused due to their convenience on both keyboards and number pads. The number 7, however, is less predictable and less frequently used, making it a statistically rare choice.

Email security tools such as Secure Email Gateways (SEGs) often encode URLs that are embedded in emails. This enables the security appliance to scan the URL before the recipient visits the website.

But when SEGs detect URLs in emails that have already been SEG encoded they don't scan the URL. A new report from Cofense reveals that threat actors are making use of this to avoid detection.

An overwhelming 91 percent of respondents to a new survey say their security budget is increasing this year, demonstrating a growing recognition of the importance of cybersecurity within organizations.

However, the report from Seemplicity shows organizations report using an average of 38 different security product vendors, suggesting high levels of complexity and fragmentation within their attack surfaces.

Since ChatGPT's launch in 2022, there's been an explosion of speculative use cases for generative AI in the workforce -- and concern from the cybersecurity community over an unproven, unvetted, and potentially powerful new tool.

How have those concerns played out in the real world? We sat down with Nick Hyatt, director of threat intelligence at Blackpoint Cyber, to hear about the reality of generative AI's risk to the modern workplace.

A new survey reveals that 73 percent of life sciences companies are turning to artificial intelligence to address the cybersecurity skills gap.

The report from Code42 shows the life sciences sector is at the forefront of artificial intelligence use, with AI tools presenting new opportunities for cybersecurity teams to enable automated detection and response, as well as freeing up the resources to concentrate on strategic tasks.

Data security company Druva is adding to its platform with a new threat hunting capability that empowers IT and security teams to search their global data footprint for indicators of compromise (IOCs).

The company is also announcing the expanded global availability of Managed Data Detection and Response (Managed DDR), a service that uses a combination of technology and human expertise to proactively monitor customer backups for faster detection of and response to threats.

Cybercriminals are abusing legitimate URL protection services to hide malicious URLs in phishing emails, according to a new Threat Spotlight from Barracuda Networks.

Researchers have observed phishing attacks taking advantage of three different URL protection services to mask their phishing URLs. The services are provided by trusted, legitimate brands. To date, these attacks have targeted hundreds of companies.

The Olympic Games begin next week in Paris and cybersecurity company WithSecure is warning that they face a greater risk of cyberattack than ever due to the current state of geopolitical uncertainty.

As the world's biggest sporting event, the Olympics draws potential attacks from both criminal and nation-state threat actors, with various objectives and capabilities.

Sharing of passwords is a problem. It's reckoned that 43 percent of US internet users share their passwords with others, probably using insecure methods such as messaging, writing them down, or shared documents.

The issue is even worse for businesses, with approximately 69 percent of employees admitting to sharing passwords with colleagues. Good news then is that open-source password manager Proton Pass is launching Secure Links, a new feature enabling users to share items easily and securely with anyone, including non-Proton Pass users.