Articles about cybersecurity

A new report from Picus Security looks at real-world malware samples and identifies the most common techniques leveraged by attackers.

It identifies a surge in 'hunter-killer' demonstrating a shift in adversaries' ability to identify and neutralize advanced enterprise defenses such as next-gen firewalls, antivirus, and EDR. According to the report, there has been a 333 percent increase in malware that can actively target defensive systems in an attempt to disable them.

Continue reading →

The overwhelming majority of organizations (91 percent) have experienced a software supply chain incident in the past 12 months, according to a new report.

The study from Data Theorem and the Enterprise Strategy Group surveyed over 350 respondents from private- and public-sector organizations in the US and Canada across cybersecurity professionals, application developers and IT professionals.

Continue reading →

The cybersecurity landscape is changing all the time and security teams are constantly searching for anything that can give them an edge in defending their systems.

We spoke to Rajeev Gupta, co-founder and chief product officer at insurance specialist Cowbell Cyber, about cyber risk assessment and how it can help businesses understand their level of risk and improve it to stay ahead of bad actors and threats like phishing attempts.

Continue reading →

A new report from BlueVoyant looks at the new risks organisations face from outside the traditional IT perimeters.

In particular, cybercriminals are using AI to create more effective phishing campaigns, and employing online adverts to lure victims to malicious websites.

Continue reading →

With many countries around the world holding elections this year, Tidal Cyber has released a new report looking at the threats to global elections and offering insights on prioritizing defenses against top adversaries and election interference tactics, techniques, and behaviors.

The report identifies the top ten countries facing the highest election cyber interference threats this year as: the US, the UK, South Korea, India, Belgium, Pakistan, Belarus, Mexico, Georgia, and Indonesia.

Continue reading →

Enterprises are dealing with ever greater volumes of data and that brings with it added risk as well as compliance issues and management costs.

In particular, it's important for security and compliance to be able to securely dispose of data that's no longer required. This is why data erasure specialist Blancco Technology Group is announcing a global collaboration with Lenovo to provide secure data erasure as part of the Lenovo ThinkShield security solution.

Continue reading →

New research from Barracuda finds that 30 percent of all attacks against web applications target security misconfigurations -- such as coding and implementation errors.

Analysis of incidents detected and mitigated by Barracuda Application Security during December shows 21 percent involved code injection. Though these were more than just SQL injections, generally designed to steal, destroy, or manipulate data.

Continue reading →

Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools now make up the majority of malicious tools in use by attackers, according to a new study.

The report from Darktrace shows malware loaders (77 percent of investigated threats) are the most common tool, followed by cryptominers (52 percent), and botnets (39 percent).

Continue reading →

Security and networking specialist Cisco is announcing changes to its Cisco Security Cloud as part of its mission to simplify security.

Cisco Identity Intelligence -- available from July this year -- will run on top of customers' existing identity stores and provides unified visibility, as well as AI-driven analytics.

Continue reading →

Data is the lifeblood of modern business and enterprise resource planning (ERP) systems are where it's likely to live. ERP software integrates data and business functions across departments like finance, manufacturing, marketing, sales and more, and of course this makes it an attractive target for cyber criminals.

So what threats do ERP systems face and what can enterprises do to defend against them? We spoke to Kellie Synder, CCO of Onapsis, to find out.

Continue reading →

According to new research from International Data Corporation (IDC) and Exabeam, 57 percent of companies experienced significant security incidents in the last year that needed extra resources to address.

North America experienced the highest rate of security incidents (66 percent), closely followed by Western Europe (65 percent), then Asia Pacific and Japan (APJ) (34 percent).

Continue reading →

New research from Cofense reveals the most common phishing themes of last year, which offer insight into the threat actor's intentions.

Information analyzed to determine the theme includes the brand being spoofed, any attachment names, rendered attachments in the case of documents or HTML files, and the email body content, plus of course the subject.

Continue reading →

A new report from cloud security company Sysdig reveals that many businesses are indulging in the dangerous practice of putting convenience before preventive security in pursuit of faster application development.

"Attackers are leveraging automation to exploit every point of weakness they can uncover," says Crystal Morin, cybersecurity strategist at Sysdig. "This year's report shows that many companies are chasing faster innovation at the cost of more comprehensive security -- a gamble that poses real business risks."

Continue reading →

Web intelligence company Searchlight Cyber has released a new report on the ransomware landscape of the dark web, highlighting changing tactics and the groups that security teams need to look out for in 2024.

LockBit, BlackCat (also known as ALPHV or Noberus), and Cl0p were the most prolific ransomware groups of 2023 by the number of victims claimed on their dark web leak sites. However, a major finding of the report is that these groups' share of overall ransomware victims has actually decreased as the number of operators has grown.

Continue reading →

Cyberattacks are forcing the majority of companies to pay ransoms and break their 'do not pay' policies, with data recovery deficiencies compounding the problem.

New research from Cohesity, based on responses from over 900 IT and security decision-makers, shows that companies firmly operate in a 'when,' not 'if,' reality of cyberattacks.

Continue reading →