The number of new posts on dark web forums about elections surged by 394 percent in 2023 compared to 2022, research released this week by cybersecurity firm NordVPN reveals. And in the first two months of 2024 alone, users have already published almost half as many posts.

With more than 60 countries holding national elections in 2024, representing over half of the world's population, this is a significant year in history for global democracy so it's unsurprising that there's an increase in interest.

Ensuring observability has always involved three pillars: logs, metrics and traces. However, the reality is that most organizations simply store this information in silos which are incapable of communicating with one another.

Jeremy Burton, CEO of Observe, believes organizations need to go beyond the three pillars of past failed solutions and instead view observability as purely a data problem. We talked to him to learn more.

Google has announced significant updates to its Chrome web browser aimed at bolstering cybersecurity for its users. In response to the ever-evolving nature of cyber threats, Chrome will now feature real-time Safe Browsing protections and enhanced password security measures, particularly for desktop and iOS users.

Traditionally, Chrome’s Safe Browsing feature relied on a periodically updated list to check if websites or files posed a potential danger. However, with malicious sites often fleeting, existing for less than 10 minutes on average, this method had its limitations. To address this, Chrome’s Standard protection mode will now verify sites against a real-time, server-side list of known malicious URLs. This shift is expected to increase the efficacy of phishing attack prevention by 25 percent.

As the volume of data continues to increase and the threat landscape continues to evolve, it is increasingly important for organizations to protect backup data from unwanted deletion. Threats today can take the form of a malicious insider deleting backup data or a targeted cyberattack on the backups themselves. Modern ransomware attacks often first seek out and destroy backups before moving on to encrypting production data. However, companies will benefit from implementing immutability, the act of making data writable but noneditable for a defined period of time, as part of their data protection arsenal to help avoid or recover from a loss of production data situation.

The rise in cyber incidents, which according to the Veeam Data Protection Trends Report 2023 is the leading cause of outages over the past three years, is bringing the need for immutability to the fore, particularly as most organizations reported having fallen victim to cyber incidents, on average, twice a year.

Business email compromise (BEC) is one of the most common and expensive threats to organizations so they need to respond to attacks quickly and effectively.

To allow companies to investigate and respond to Microsoft 365 compromises such as BEC, account takeover (ATO) and insider threats, Cado Security is introducing a new feature to its platform so customers can automatically import the Microsoft 365 Unified Audit Log (UAL) by timeframe, user, IP, or workload.

A new report from DoControl finds that companies are generating approximately 286,000 new SaaS assets, such as files or recordings, each week. However, it also found the public exposure of 35,000 sensitive assets at the average company, a significant lapse in data management and access controls.

The report finds a 182 percent increase in employees sharing company-owned assets via their personal email too. In 2023, findings show that the average company had one out of six employees share data with their personal email account (1.3 million assets).

Detections for malicious email forwarding rules have risen by nearly 600 percent in 2023, as adversaries compromised email accounts, redirected sensitive communications to archive folders and other places users are unlikely to look, and attempted to modify payroll or wire transfer destinations, re-routing money into the criminal’s account.

This is one of the findings in the latest Threat Detection Report from Red Canary. Half of the threats in top 10 leverage malvertising and/or SEO poisoning, occasionally leading to more serious payloads like ransomware precursors that could lead to a serious attack if not detected.

New threat research from Salt Labs has uncovered critical security flaws within ChatGPT plugins, highlighting a new risk for enterprises.

Plugins provide AI chatbots like ChatGPT with access and permissions to perform tasks on behalf of users within third party websites. For example, committing code to GitHub repositories or retrieving data from an organization's Google Drives.

According to a new report, 74 percent of all cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering.

More than two-thirds believe employees are putting the organization at risk through the misuse of email, oversharing company information on social media, and careless web browsing. This highlights the need for staff to receive better training on the risks.

Friction and lack of communication between development and security teams can lead to problems in software development and testing.

How can we bridge the gap between developer and security teams and help them see that they have common goals? We spoke to Scott Gerlach, CSO and co-founder of StackHawk, the company making web application and API security testing part of software delivery, to find out.

The nature of the modern world means that we all have lots of different accounts to manage various services.

Protecting all of these can be a challenge and you can end up with lots of different tools like password managers, VPNs, anti-virus tools and more. It also leads to people getting lazy and reusing passwords.

Kaspersky's annual spam and phishing report, released today, shows its anti-phishing system thwarted over 709 million attempts to access phishing and scam websites in 2023 -- a 40 percent increase over 2022.

There's also been a surge in attacks spread via messaging platforms, including 62,127 phishing attempts on Telegram -- a 22 percent increase from the year before. AI platforms, social media services, and cryptocurrency exchanges are the other most-exploited channels.

A new survey of 150 IT security and data science leaders shows that 98 percent of enterprises consider at least some of their AI models crucial to their business success, and 77 percent identified breaches to their AI in the past year.

Yet the study from HiddenLayer shows only 14 percent of IT leaders say their respective companies are planning and testing for adversarial attacks on AI models.

New research from email security provider EasyDMARC finds that 25 percent of e-commerce retailers expect to see a notable drop in email deliverability following Yahoo and Google's email authentication policy changes.

Both Google's sender guidelines and Yahoo's sender requirements and recommendations have stated that failure to comply with the new sending standards could negatively impact email delivery. For e-commerce providers that rely on email as a marketing and customer communications channel, these measures could negatively impact customer engagement and sales.

Over the years, security vendors have pushed companies to integrate their tools into the DevOps pipeline with the promise of being able to move faster and be more secure.

However, as businesses have matured their DevSecOps practices the more they have been hit by mountains of reported vulnerabilities and problems that have slowed them down. So, has DevSecOps failed in its promise? We talked to Eitan Worcel, CEO at Mobb, to find out.