Articles about cybersecurity

A major new threat has made its presence felt in the last few months. Cybercriminals have expanded the use of screen spoofing or overlay attacks from web applications to trusted mobile apps.

What’s more, the availability of as-a-service technology has lowered the threshold for attacks. We spoke to Dr. Klaus Schenk, SVP security and threat research at Verimatrix, to learn more about how these attacks work and what can be done to guard against them.

Continue reading →

The risks from shadow and unauthorized apps have been known for years, but new research from Armis finds employees of 67 percent of UK organizations are introducing risk to the business by downloading applications and software onto assets without the knowledge or management of IT or security teams.

In addition the study, carried out by Vanson Bourne, finds 39 percent of enterprises admit to feeling challenged by increasingly complicated regulations and governance requirements.

Continue reading →

A new report from access management platform Cerby highlights the critical need for best practices for businesses and political leaders to secure their accounts as the November 2024 US elections quickly approach.

Researchers analyzed social media platforms Facebook, Twitter (X), Instagram, TikTok, and YouTube across six key security parameters. The report provides detailed insights into gaps in their support for enterprise-grade authentication and authorization.

Continue reading →

Many people choose to browse the internet using a VPN because it offers a number of benefits including privacy and safety, and this is true whatever operating system you use.

With the launch of an all new app for Linux, Proton VPN is offering users of the open source OS greater functionality and a more intuitive interface. The Proton VPN Linux app natively supports Proton VPN's core security and privacy features.

Continue reading →

A new survey of 800 security and IT leaders from large organizations shows 76 percent of security and IT pros believe we are heading towards a cloud reckoning in terms of costs and security.

The study from Venafi finds that 84 percent believe Kubernetes will soon be the main platform used to develop all applications. But, three-quarters worry that the speed and complexity of Kubernetes and containers is creating new security blind spots.

Continue reading →

As businesses look to manage their cybersecurity risk, many have turned to insurance to cover the financial implications of a successful breach.

However, insurers naturally want to limit their own exposure to risk and the small print of the policy may limit some claims. In particular this can apply to IoT devices which represent a major unprotected attack surface in corporate networks.

Continue reading →

Passkeys are often touted as being the way to achieve a passwordless future. But as yet passkeys are supported by only a small number of websites. Passkeys are a safer, more efficient way of authenticating users, but it will be a long time before they become the norm -- if indeed they ever become the norm.

We talked to Darren Guccione, CEO and co-founder of Keeper Security, to discuss the use cases for passkeys, the barriers to mass adoption and how users can adopt and secure passkeys in conjunction with their passwords.

Continue reading →

A new report from Dashlane finds that password health and hygiene have improved globally over the past year, reducing the risk of account takeover for consumers and businesses.

However, reuse is still widespread leaving user accounts particularly vulnerable to password-spraying attacks if they’re not protected by strong multi-factor authentication.

Continue reading →

We're all familiar with link shortening services, those handy tools that allow you to shrink URLs down to a manageable size to make them easier to share.

Of course in the past these have been used for nefarious purposes too, hiding the true nature of a link to get people to click on phishing or malware messages. Now though researchers at Infoblox have uncovered something even more sinister, the operation of a shady link shortening service made especially for cybercrime.

Continue reading →

It's been another profitable year for the cybercriminal underworld. Once again, headlines have been regularly dominated by serious breaches such as the Royal Mail and Capita, whilst behind the scenes, criminal gangs have raked in huge profits.

The shadow economy of the dark web has continued to thrive and develop as a mirror of the legitimate business world. Threat actors are increasingly well-organized, from highly developed ransomware-as-a-service (RaaS) offerings to extremely lucrative vulnerability trading. Here, we'll delve into the most prominent trends driving the bustling dark web economy -- and how organizations can defend themselves against such threats.

Continue reading →

The UK cybersecurity workforce gap has reached a record high, with 73,439 professionals needed to adequately safeguard digital assets, representing a 29.3 percent increase over 2022.

Research by security professionals organization ISC2 shows the UK cybersecurity workforce has reached 367,300 people, an 8.3 percent increase from 2022, representing more than 28,000 new jobs.

Continue reading →

A new report from HP Wolf Security reveals cybercriminal marketplaces offering low-level attackers the tools needed to bypass detection and infect users in the form of so-called 'meal kits'.

These are pre-packaged malware kits which give low-level attackers all the ingredients to evade detection tools, making it easier for them to breach organizations and steal sensitive data.

Continue reading →

"Are we secure?" For most security leaders, this is one of the most daunting questions they can be asked. While it may seem like a basic inquiry for those in leadership positions, for those on the ‘cybersecurity front line’, thinking in these terms is far too vague and oversimplifies a complex and ever-evolving threat landscape.

Instead, management and IT teams need to shift their thinking to a far more appropriate measure of security:  "Are we adversary aligned?" But what does adversary alignment really mean?

Continue reading →

A new survey of over 300 cybersecurity professionals from SlashNext looks at cybercriminal behavior and activity on the Dark Web particularly as it relates to leveraging Generative AI tools and chatbots and finds a startling 1,265 percent increase in malicious phishing emails since the launch of ChatGPT in November 2022.

It also shows a 967 percent increase in credential phishing in particular and that 68 percent of all phishing emails are text-based Business Email Compromise (BEC) attacks.

Continue reading →

Over the last two years, the average organization's cybersecurity program was prepared to preventively defend against, or block, just 57 percent of the cyberattacks it encountered. This means 43 percent of attacks launched are successful and need to be remediated after the fact.

This is among the findings of a new report from Tenable, based on a survey of over 800 IT and cybersecurity leaders carried out by Forrester Consulting.

Continue reading →