Articles about cybersecurity

Both ransomware groups and APTs continue to exploit vulnerabilities in public-facing applications, particularly in security appliances, business email technologies and enterprise file transfer products.

The latest mid-year threat review from Rapid7, based on the company's threat analytics and underground intelligence data, shows almost 40 percent of incidents Rapid7 managed services teams saw in the first half of 2023 were the result of missing or lax enforcement of multi-factor authentication, particularly for VPNs and virtual desktop infrastructure.

Continue reading →

New analysis of more than 13 billion files stored in public cloud environments reveals that more than 30 percent of cloud data assets contain sensitive information.

The study by Dig Security shows personal identifiable information (PII) is the most common sensitive data type that organizations save. In a sample data set of a billion records, more than 10 million social security numbers were found -- the sixth most common type of sensitive information -- followed by almost three million credit card numbers, the seventh most common type.

Continue reading →

Data breaches and cyberattacks are seldom far from the news, and it's an area that seldom stands still for long.

We spoke to founder and CEO of White Knight Labs, Greg Hatcher, to discuss how threat tactics are evolving and what organizations can do to protect themselves.

Continue reading →

We are moving nearer to a passwordless future according to a survey from Delinea carried out at at the 2023 Black Hat USA Conference.

A survey of 100 attendees finds 54 percent say that 'passwordless' is a viable concept while 79 percent agree that passwords are evolving or becoming obsolete.

Continue reading →

Data is one of the biggest drivers of innovation in healthcare today. Almost everything in healthcare relies on having access to the right data from developing new drugs and medical equipment to allocating resources.

Making use of this data often requires sharing with other organizations and that presents challenges when it comes to keeping it secure. We spoke to Riddhiman Das, co-founder and CEO at TripleBlind, to learn how healthcare organizations are securing their data while still making it accessible.

Continue reading →

Earlier this week we reported on a technique that could determine a password by listening to keystrokes. Just in case you weren't worried enough by that, today we learn of the risk of passwords being compromised by 'thermal attacks'.

These use heat-sensitive cameras to read the traces of fingerprints left on surfaces like smartphone screens, computer keyboards and PIN pads. Hackers can then use the relative intensity of heat traces across recently-touched surfaces to reconstruct users' passwords.

Continue reading →

Ever keen to jump aboard a passing bandwagon, scammers are looking to make a quick buck by exploiting eager vacationers trying to save money when booking travel deals.

But new research from Bitdefender Antispam Lab finds that only 38 percent of analyzed travel-themed spam emails received during a three-month analysis were marketing lures, with the remaining 62 percent marked as scams.

Continue reading →

New research from audio visual solutions and services provider Kinly, shows that 27 percent of AV professionals believe that customer trust in their organization has been weakened by remote work.

The research surveyed 150 UK-based AV professionals working across 'high trust' industries like banking, finance, healthcare, energy, and the public sector, and reveals that communication via open Wi-Fi networks (89 percent) is the top security concern with hybrid work.

Continue reading →

Many organizations need help gaining visibility into the IP addresses across their whole environment in order to understand their attack surface.

New enhancements to the Detectify platform include an IP Addresses view, this lets users gain seamless access to a comprehensive list of all IPs associated with their domains.

Continue reading →

Critical infrastructure protection specialist OPSWAT has released its latest Threat Intelligence Trends survey looking at organizations to manage the current threat landscape and how to prepare for future challenges.

It finds that 62 percent of organizations recognize the need for additional investments in tools and processes to enhance their threat intelligence capabilities. Only 22 percent have fully matured threat intelligence programs in place though, with most indicating that they are only in the early stages or need to make additional investments in tools and processes.

Continue reading →

According to a new report, 84 percent of CISOs say that they are called into sales engagements related to closing sales of their company's products and services, highlighting the connection between AppSec and business growth.

The study from Checkmarx also reveals that 96 percent of CISOs say their prospects consider the level of application security of their organizations when making purchase decisions.

Continue reading →

Systems at the Electoral Commission, the body which oversees elections in the UK, have suffered a breach exposing electoral registers which hold the data of anyone registered to vote between 2014 and 2022. The Commission’s email system was also exposed in the breach.

In a statement on its website the Commission says it identified the incident in October last year but that systems were accessed as long ago as August 2021.

Continue reading →

Navigating the complexities of today’s digital landscape, it's clear that cyber security can no longer be the sole accountability and responsibility of one person -- the CISO. As cyber threats evolve, becoming more frequent and sophisticated, a single individual can't feasibly manage it all. As a result, and at some point in the future, we may dare to consider that the traditional CISO role might eventually become obsolete as business units become secure-by-design.

We need to pivot. Rather than placing the weight of managing an organization's entire security on the shoulders of one person, we need to integrate cyber security throughout every layer of our operations. This means moving towards a world where every business unit and every employee in an organization understands and owns their role in maintaining cyber security.

Continue reading →

Researchers at British universities have demonstrated a technique that allows an AI model to work out what you’re typing simply by listening to the keystrokes.

Known as an acoustic side channel attack (ASCA) it involves recording the sound of a keyboard, either by using a nearby smartphone or via a remote conferencing session such as Zoom. Researchers used a standard iPhone 13 to record the sound of the Apple MacBook Pro 16-inch laptop keyboard at standard 44.1kHz quality.

Continue reading →

Cybersecurity benefits from being able to share information about threats in order to speed detection. In pursuit of this the Open Cybersecurity Schema Framework (OCSF) was launched last year by Splunk, Amazon Web Services (AWS), IBM and 15 other cybersecurity firms.

Today OCSF becomes generally available, delivering an open and extensible framework that organizations can integrate into any environment, application or solution to complement existing security standards and processes.

Continue reading →