Articles about cybersecurity

A new study of 1,000 office workers across the US and UK shows half of us already use AI tools at work, one-third weekly and 12 percent daily.

But the report from Cybsafe finds 38 percent of users of generative AI in the US admit to sharing data they wouldn't casually reveal in a bar to a friend.

Continue reading →

As workers take time off for summer holidays it means greater risk that personal devices and public Wi-Fi will be used to access sensitive corporate data.

Vulnerability management specialist Hackuity warns that this is a time when organizations are at their most vulnerable and cybercriminals are well aware of the fact.

Continue reading →

As growing businesses rush to upgrade their hardware, many are simply throwing old computers, routers, and other IT assets into the trash, leading to security and environmental concerns.

A new study from Capterra of 500 IT professionals at US small and midsize businesses (SMBs) reveals that nearly a third (29 percent) indulge in improper IT hardware disposal practices.

Continue reading →

We've already seen how generative AI can be used in cyberattacks but now it seems there's an AI model aimed just a cybercriminals.

Every hero has a nemesis and it looks like ChatGPT's could be FraudGPT. Research from security and operations analytics company Netenrich shows recent activities on the Dark Web Forum reveal evidence of the emergence of FraudGPT, which has been circulating on Telegram Channels since July 22nd.

Continue reading →

Data centers are increasingly faced with more sophisticated attack techniques, putting the information they hold at risk.

Specific vulnerabilities such as misconfigurations may pass under the radar of traditional security scans. We spoke to Daniel dos Santos, head of security research at Forescout, to discuss the potential impact of these vulnerabilities and why data centers need to strengthen their risk management.

Continue reading →

Cloud security company Sysdig is launching a new generative AI assistant specifically designed to help with cloud security.

Whereas standard AI chatbots are designed to answer a specific question using a single large language model (LLM) and stateless analysis, Sysdig Sage uses a unique human-to-AI controller that mediates user interactions with LLMs to provide more advanced, tailored recommendations.

Continue reading →

Artificial intelligence (AI) chatbots like ChatGPT have become a tool for cybercriminals to enhance their phishing email attacks. These chatbots use large datasets of natural language and reinforcement learning to create typo-free and grammatically correct emails, giving the appearance of legitimacy to unsuspecting targets. This has raised concerns among cybersecurity leaders, with 72 percent admitting to being worried about AI being used to craft better phishing emails and campaigns.

Chatbots can help cybercriminals scale the production of advanced social engineering attacks, such as CEO fraud or business email compromise (BEC) attacks. Additionally, cybercriminals may use AI-powered chatbots to scrape personal or financial data from social media, create brand impersonation emails and websites, or even generate code for malware such as ransomware. In particular, without AI, creating malware is a specialized task that requires skilled cybercriminals. However, the use of chatbots could make it easier for non-specialists to do this, and we can also expect AI-generated outputs to improve over time.

Continue reading →

Researchers at Checkmarx have detected several open-source software supply chain attacks that specifically target the banking sector.

These attacks use advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to them. The attackers employed deceptive tactics such as creating fake LinkedIn profiles to appear credible and customized command and control centers for each target, exploiting legitimate services for illicit activities.

Continue reading →

A new report from GuidePoint Security shows a startling 100 percent increase in publicly posted ransomware victims from Q2 2022 to the last quarter.

The study from the GuidePoint Research and Intelligence Team (GRIT) also shows a 38 percent increase in public victims compared to Q1 of this year.

Continue reading →

New research from security behavior change specialist Hoxhunt shows that 66 percent of active participants in security behavior training programs at critical infrastructure organizations detect and report at least one real malicious email attack within a year.

The report -- based on analysis of over 15 million phishing simulations and real email attacks reported in 2022 by 1.6 million people participating in security behavior change programs -- shows the effectiveness of training in making staff more engaged in organizational security.

Continue reading →

Cybersecurity Threats, Malware Trends, and Strategies, Second Edition builds upon the success of the first edition that has helped so many aspiring CISOs, and cybersecurity professionals understand and develop effective data-driven cybersecurity strategies for their organizations.

In this edition, you’ll examine long-term trends in vulnerability disclosures and exploitation, regional differences in malware infections and the socio-economic factors that underpin them, and how ransomware evolved from an obscure threat to the most feared threat in cybersecurity.

Continue reading →

A new survey of over 2,000 IT security analysts finds that 71 percent admit their organization may have been compromised and they don't know about it yet.

The study, from Vectra AI, details how analysts are being overwhelmed, as they receive 4,484 alerts on average per day, but can't cope with 67 percent of them. This leads 97 percent to worry that they'll miss important security events.

Continue reading →

When you're creating a new password in a hurry it's tempting to choose keys that are adjacent to each other on the keyboard. In security circles this is known as a 'walk pattern'.

Of course this is horribly insecure but it's also worryingly common. New research from Specops has analyzed an 800 million password subset of its larger Breached Password Protection database to find the top keyboard walk patterns in compromised password data.

Continue reading →

Security Operations Centers (SOCs) aim to detect, investigate, remediate, and restore organizational systems to a fully functional, secure state, whether it's defending against insider threats, data exfiltration attempts, or malware attacks.

However, examining the daily issues faced by many SOCs reveals a concerning array of challenges that place increasing pressure on the work of SOCs and the dedicated professionals who manage them.

Continue reading →

Serious gaps in digital rights management could expose private and public sector organizations to security and compliance risks.

A new 'Sensitive Content Communications Privacy and Compliance' report from Kiteworks finds many organizations lack unified tracking, control, and security of private data that is sent, shared, and transferred with third parties, which creates significant risk of unauthorized access, both malicious and accidental.

Continue reading →