Articles about cybersecurity

The shift to remote and hybrid working has led to many problems for IT teams, not least that it offers an expanded attack surface. Add in the threat from cybercriminals looking to capitalize on advanced AI capabilities to create malware and you have some major challenges.

We spoke to Doug Kersten, CISO of enterprise collaboration specialist Appfire, to discuss the key security challenges product and DevOps teams face today and how to overcome them.

Continue reading →

Nearly 87 percent of Android and 60 percent of iOS apps request access to device functions unrelated to their performance, according to new research by NordVPN.

Researchers analyzed the most popular mobile apps globally in 18 categories. They found that up to 14 percent of apps collect more unnecessary than necessary data for the apps' performance and only eight percent collect no unnecessary data. On average, every fifth requested permission was not actually needed for the app’s functionality.

Continue reading →

This week Malwarebytes has launched a new identity theft protection solution aimed at individuals, helping them secure their digital identities and defend against identity and online threats.

Called -- imagine how many meetings it must have taken! -- Identity Theft Protection, it includes real-time identity monitoring and alerts, robust credit protection and reporting and live agent-supported identity recovery and resolution services, all backed by up to a $2 million identity theft insurance policy.

Continue reading →

One of the effects of the pandemic and the shift to remote and hybrid working has been that organizations have become increasingly reliant on messaging tools like Teams and Slack.

But new research from CybSafe shows that 47 percent of workers have received no training in the use of these platforms and could be putting themselves and their employers at risk.

Continue reading →

Ethical hacking company HackerOne has announced that its ethical hacker community has surpassed $300 million in total all-time rewards on the HackerOne platform.

The company's 2023 Hacker-Powered Security Report also shows 30 hackers have earned more than a million dollars on the platform, with one hacker surpassing four million dollars in total earnings.

Continue reading →

OpenText Cybersecurity has released its sixth annual look at the threat landscape to reveal the most notorious malware trends.

This year four new ransomware gangs, believed to be a new generation of previous big players, top the list. Newcomer Cl0p takes the prize for this year's nastiest malware after commanding exorbitant ransom demands with its MOVEit campaign.

Continue reading →

We all know that you shouldn't share your passwords with anyone else. But the world is a complex place and there are occasions when it's necessary to send someone a login -- sharing access to a business social media account for example -- or other sensitive information.

Email, SMS, Post-it notes, etc are not secure ways to do this, so Proton is launching a new Secure Password Sharing feature for its Proton Pass password manager.

Continue reading →

It’s almost impossible to escape the hype around artificial intelligence (AI) and generative AI. The application of these tools is powerful. Text-based tools such as OpenAI’s ChatGPT and Google’s Bard can help people land jobs, significantly cut down the amount of time it takes to build apps and websites, and add much-needed context by analyzing large amounts of threat data. As with most transformative technologies, there are also risks to consider, especially when it comes to cybersecurity.

AI-powered tools have the potential to help organizations overcome the cybersecurity skills gap. This same technology that is helping companies transform their businesses is also a powerful weapon in the hands of cybercriminals. In a practice, that’s sometimes referred to as offensive AI, where cybercriminals use AI to automate scripts that exploit vulnerabilities in an organization’s security system or make social engineering attacks more convincing. There’s no doubt that it represents a growing threat to the cybersecurity landscape that security teams must prepare for.

Continue reading →

Securing the software supply chain presents many challenges. To make the process easier OX Security recently launched OX-GPT, a ChatGPT integration aimed specifically at improving software supply chain security.

We spoke to Neatsun Ziv, co-founder and CEO of OX Security, to discuss how AI can present developers with customized fix recommendations and cut and paste code fixes, allowing for quick remediation of critical security issues across the software supply chain.

Continue reading →

New research from Salt Labs highlights API security vulnerabilities uncovered in the social sign-in and Open Authentication (OAuth) implementations of multiple online companies.

Sites affected include Grammarly, Vidio, and Bukalapak. The flaw has now been fixed but could have allowed for credential leakage and enabled full account takeover. Salt Labs also reports that 1,000s of other websites using social sign-in mechanisms are likely to be vulnerable to the same type of attack, putting billions of individuals around the globe at risk.

Continue reading →

A new survey of 300 senior cybersecurity stakeholders finds that 98 percent are concerned about the cybersecurity risks posed by ChatGPT, Google Bard, WormGPT, and similar tools.

The report from Abnormal Security shows the main worry is the increased sophistication of email attacks that generative AI will make possible -- particularly, the fact that generative AI will help attackers craft highly specific and personalized email attacks based on publicly available information.

Continue reading →

We've all heard about how AI is being used to improve cyberattacks, by creating better phishing emails for example, but does AI really have the same potential for being sneaky as humans?

New research from IBM X-Force has set out to answer the question, ‘Do the current Generative AI models have the same deceptive abilities as the human mind?’

Continue reading →

Today, 1Password shared some news about a hacking attempt that happened in late September 2023. The company saw some suspicious activity on a software tool they use called Okta, which helps manage apps for their employees. This strange activity was later found to be connected to a known security issue with Okta’s support system.

On September 29, someone from 1Password’s tech team got a surprising email that helped them find this weird activity in their Okta software. They traced this activity back to a suspicious computer address. Someone unauthorized had got into the Okta software with high-level access. This situation looked a lot like known hacking attempts where bad actors get into high-level accounts to mess with security settings and pretend to be users within the company being targeted.

Continue reading →

A new anti-fraud tool from Jumio uses predictive analytics and AI to look at billions of data points across the company's cross-industry network to identify patterns based on behavioral similarities and other indicators.

Jumio's analysis shows that 25 percent of fraud is interconnected, either being perpetrated by fraud rings or by individuals using the same information or credentials to open new accounts on banking sites, eCommerce platforms, sharing economy sites, etc.

Continue reading →

The cybersecurity landscape is experiencing an unprecedented surge in vulnerabilities. In 2022 alone, a staggering 25,096 new vulnerabilities were added to the National Vulnerability Database (NVD). This number represents the highest count of vulnerabilities ever recorded within a single year and reflects a 25 percent increase compared to the 20,196 new vulnerabilities reported in 2021.

This escalating trend indicates that cybersecurity threats are not only on the rise but are also accelerating at an alarming pace. The reasons behind this surge in vulnerabilities are multifaceted, stemming from factors such as the increasing complexity of software and technology systems, the rapid pace of digital transformation, and the growing sophistication of cyber attackers.

Continue reading →