Articles about cybersecurity

The high costs, both financial and reputational, of dealing with a cyberattack along with tighter regulations that means attacks must be reported have meant that many more organizations are seeking to protect themselves with cyber insurance.

This is still a relatively new and developing field, so what do industry experts think we'll see in the cyber insurance market in 2024?

Continue reading →

The cloud has become a familiar feature of most computing environments over the last decade, but that doesn't mean that the technology is standing still.

Here are some industry expert views on what we can expect from the cloud scene in 2024.

Continue reading →

Cyber Threat Intelligence introduces the history, terminology, and techniques to be applied within cyber security, offering an overview of the current state of cyberattacks and stimulating readers to consider their own issues from a threat intelligence point of view. The author takes a systematic, system-agnostic, and holistic view to generating, collecting, and applying threat intelligence.

The text covers the threat environment, malicious attacks, collecting, generating, and applying intelligence and attribution, as well as legal and ethical considerations.

Continue reading →

A new report from Abnormal Security highlights real-world examples of how AI is being used to carry out cyberattacks.

Generative AI allows scammers to craft unique email content, making detection that relies on matching known malicious text strings infinitely more difficult.

Continue reading →

You may have come across the term 'root of trust', it’s a source, such as a hardware module, that can always be trusted within a cryptographic system. The system trusts the keys and other cryptographic information it receives from the root of trust module as always authentic and authorized.

Mostly this involves being tied into a specific vendor, but OpenTitan has developed an open source silicon root of trust for use in for use in data center servers, storage, peripherals, and more.

Continue reading →

Never trust, verify everything! This is the premise on which the "Zero Trust" approach was founded. This model of cybersecurity involves implementing controls designed to ensure that only verified users can access company resources, and from similarly approved devices.

This strategy is increasingly being adopted in response to the challenges faced by small and medium-sized enterprises (SMEs), such as the continued evolution of hybrid working, the use of Bring Your Own Device (BYOD) and the increase and sophistication in cyber-attacks. Whereas previously SMEs thought they weren’t a target, now they are seen as the weaker link from a hackers’ perspective and increasingly they are falling victims to cyber attacks.

Continue reading →

Open-source software (OSS) is now so widely used that it is incredibly difficult to find an organization that doesn’t incorporate OSS in some form or another -- whether that be in a standalone open-source product, or more commonly, in the form of OSS packages. Though its usefulness cannot be doubted, the prevalence of this software is exactly what makes it a major target for cyber-attacks.

A prime example of this is Log4j, a popular logging utility used by scores of organizations for recording events such as status reports and errors. In a situation which came to be known as 'Log4shell', a zero-day vulnerability allowed threat actors to compromise systems using malicious code and take control all while remaining undetected. At the time, its impact was described as "enormous" and the implications of its implementation into countless commercial products underlined the inherent vulnerabilities of some open-source technologies when weak points are exposed.

Continue reading →

In total, 86 percent of all cyber threats, including malware, ransomware, and phishing attacks, are delivered over encrypted channels, according to a new report.

The study from Zscaler also shows threats over HTTPS grew by 24 percent from 2022, underscoring the sophisticated nature of cybercriminal tactics that target encrypted channels.

Continue reading →

Artificial Intelligence, Internet of Things, Cybersecurity, Blockchain: these words have become common terms we hear everyday, dominating the news and business landscapes worldwide under what we have come to know as Deep Tech. According to recent research, in 2021 the deep tech market registered a total revenue of US$431.1 Million, and is expected to grow by 21 percent between 2022 and 2032 for a value of US$ 3,733.8.

Start-ups and companies within the Deep Tech space are all about innovation and advancing technologies, often diving into niche parts of already narrow fields. They run the business side differently, they bring revolutionary approaches to traditional dynamics in the work environment, and even create new roles and job titles not seen in other companies. Staying true to their nature where science and innovation plays an important role, these companies engage in specific activities that best compliment their primary immediate goal of research and development, whether this is about technology, sharing knowledge or growing their community.

Continue reading →

In an era marked by continuously evolving cyberthreats, the significance of automation in the realm of cybersecurity cannot be overstated. Automation has emerged as a potent tool that enables security leaders to effectively address the challenges presented by today's digital environment. It offers numerous advantages, including swift and consistent responses to threats, the mitigation of potential human errors and a reduction in incident response times. 

However, while automation is a vital asset, striking the right balance between automation and human involvement is essential to ensure optimal cybersecurity outcomes. In this article, we will explore how organizations can achieve a harmonious partnership between humans and automation to enhance threat detection, response and decision-making.

Continue reading →

New research from mobile security platform Zimperium has uncovered 29 malware families targeting 1,800 banking applications across 61 countries in the last year.

US banking institutions remain by far the most targeted by financially motivated threat actors. There were 109 US banks targeted by banking malware in 2023, compared to the next most targeted countries which were the UK (48) and Italy (44). The report also noted that trojans are evolving beyond simple banking apps to target cryptocurrency, social media, and messaging apps.

Continue reading →

We know that fraud is on the increase and by their very nature scams can be hard to spot because… Well because they're scams.

Step forward Bitdefender with the launch of a new, free scam detection service designed to help users verify fraudulent online schemes delivered by email, embedded links, text, and instant messaging through collaboration with a chatbot powered by artificial intelligence.

Continue reading →

A new report shows that 79 percent of public sector organizations have started to use AI in production (compared to 83 percent in the private sector) but that trust remains a major concern.

The study, from enterprise resilience platform Splunk, shows trust and reliability in AI-enabled systems -- particularly around cybersecurity tools that employ AI -- continue to be the main concerns for decision-makers (48 percent public, 36 percent private).

Continue reading →

As we enter the busiest period of the year for retail sales, there's less than cheery news that scraping, loyalty card fraud and payment card fraud have increased by a collective average of over 700 percent as attackers lay the groundwork for holiday sale attacks ahead of retailer security crackdowns.

A new report from Cequence Security finds threat actors are evolving their tactics, opting for a more nuanced approach that spreads attacks across a broader timeframe to blend in with legitimate traffic and evade detection ahead of peak holiday shopping times.

Continue reading →

As we approach the end of the year, a new report from Detectify shows that none of the top three vulnerabilities found across all industries in 2023 were covered by a CVE.

What's more, 75 percent of the total vulnerabilities regularly scanned by Detectify, primarily crowdsourced from its community of ethical hackers, don't have a CVE assigned. This suggests that over-reliance on frameworks like the CVE program can weaken an organization's security posture and give it an unrealistic sense of security.

Continue reading →