Articles about cybersecurity

Today, 1Password shared some news about a hacking attempt that happened in late September 2023. The company saw some suspicious activity on a software tool they use called Okta, which helps manage apps for their employees. This strange activity was later found to be connected to a known security issue with Okta’s support system.

On September 29, someone from 1Password’s tech team got a surprising email that helped them find this weird activity in their Okta software. They traced this activity back to a suspicious computer address. Someone unauthorized had got into the Okta software with high-level access. This situation looked a lot like known hacking attempts where bad actors get into high-level accounts to mess with security settings and pretend to be users within the company being targeted.

Continue reading →

A new anti-fraud tool from Jumio uses predictive analytics and AI to look at billions of data points across the company's cross-industry network to identify patterns based on behavioral similarities and other indicators.

Jumio's analysis shows that 25 percent of fraud is interconnected, either being perpetrated by fraud rings or by individuals using the same information or credentials to open new accounts on banking sites, eCommerce platforms, sharing economy sites, etc.

Continue reading →

The cybersecurity landscape is experiencing an unprecedented surge in vulnerabilities. In 2022 alone, a staggering 25,096 new vulnerabilities were added to the National Vulnerability Database (NVD). This number represents the highest count of vulnerabilities ever recorded within a single year and reflects a 25 percent increase compared to the 20,196 new vulnerabilities reported in 2021.

This escalating trend indicates that cybersecurity threats are not only on the rise but are also accelerating at an alarming pace. The reasons behind this surge in vulnerabilities are multifaceted, stemming from factors such as the increasing complexity of software and technology systems, the rapid pace of digital transformation, and the growing sophistication of cyber attackers.

Continue reading →

IT security breaches are becoming more frequent and costly. According to IBM Security’s Cost of a Data Breach Report 2023 UK organizations shell out an average of £3.4m for data breach incidents. There isn't a CISO around that doesn't wish they had that kind of budget to spend on IT security. The tools to help security teams do their job more effectively are out there, but getting them approved in the annual budget is not guaranteed and investment can sometimes be too late.

So what can UK IT leaders do to make sure they continue to improve their IT security without blowing their budget? Here are eight ways to bolster cybersecurity resources: 

Continue reading →

As QR codes have become popular, they're used for all kinds of things from mobile payments to access control and even document sharing. The problem is that they can also hide risks so it's no surprise that they're becoming a popular vehicle for phishing.

New analysis from Hoxhunt finds the use of QR codes in 22 percent of attacks on its 'global human risk network' in the first weeks of October 2023.

Continue reading →

A new report from GuidePoint Security's Research and Intelligence Team (GRIT) shows a total of 3,385 publicly posted ransomware victims in the first three quarters of this year, claimed by 57 different threat groups, representing an 83 percent year-on-year increase.

Attacks directed against US-based organizations decreased, but there has been a marked increase in attacks impacting other nations. Other countries consistently affected, like the UK, saw an approximate 41 percent increase in attacks in Q3.

Continue reading →

The power that quantum computing makes available offers benefits in many areas, but it also means cracking encryption becomes much easier, which poses an enormous threat to data and user security.

At its annual Trust Summit conference, DigiCert has released the results of a global study exploring how organizations are addressing the post-quantum computing threat and preparing for a safe post-quantum computing future.

Continue reading →

A new survey of 900 full-time security decision-makers and practitioners around the world finds that 55 percent of respondents say they're likely to switch jobs in the next year.

The Voice of the SOC report, from secure workflow specialist Tines, shows that 63 percent of the security decision-makers and practitioners surveyed are experiencing burnout amid relentless cyberattacks, internal pressures, and limited resources.

Continue reading →

Bad bots are designed perform various malicious activities. These range from basic scrapers that try to get some data off an application -- and are easily blocked -- to more advanced persistent bots that try to evade detection.

Barracuda researchers have been tracking bots for several years and have identified some interesting recent trends not least that, like King Louie in The Jungle Book, they 'wanna be like you'.

Continue reading →

Governments and data make for a complex relationship. In some cases, agencies are obligated to make information publicly accessible. In others, sensitive data is highly regulated and therefore needs to be protected to keep it out of the public domain.

With key information changing hands internally via various departments and externally via third parties, it's vital that government agencies can access systems and share data securely -- particularly given increases in cyberattacks.

Continue reading →

In the third quarter of this year, phishing attacks soared by 173 percent compared with the previous three months, and malware was up 110 percent over the same period.

Email security company Vade has released its quarterly Phishing and Malware Report which shows Q3 2023's malware volumes almost set a record for the highest total of any quarter, trailing only Q4 2016's mark of 126.8 million.

Continue reading →

Identity management company AU10TIX has released its latest Global Identity Fraud Report, based on insights from millions of transactions processed in 249 countries from April to June 2023.

It finds there has been a 44 percent increase in organized ID fraud in North America compared to preceding quarters. This upsurge is believed to be driven by the ongoing economic recovery and inflationary pressures, particularly in the US market, which are emboldening professional ID fraud syndicates.

Continue reading →

A new report from Netskope looks at the activities of cybercriminals based on the techniques and motivators that were most commonly detected among its customers in the first three quarters of 2023.

In news that will come as a surprise to precisely nobody it shows that the highest percentage of cybercriminal activity comes from Russia, while China accounts for most politically-motivated attacks.

Continue reading →

A new survey of over 500 security and IT operations leaders worldwide shows that 61 percent believe that data loss within the next 12 months due to increasingly sophisticated attacks is ‘likely’ or ‘very likely’.

The study from Commvault, with research carried out by IDC, reveals that in many cases, senior executives/line-of-business leaders are minimally engaged in their company's cyber preparedness initiatives -- just 33 percent of CEOs or managing directors and 21 percent of other senior leaders are heavily involved.

Continue reading →

With the increasing reliance on APIs, detecting suspicious API traffic has become crucial to ensure the security and integrity of these interactions. Suspicious API traffic poses a huge threat to the overall system and its data, the traffic can indicate malicious intent such as unauthorized access attempts, data breaches, or even potential attacks targeting vulnerabilities in the API infrastructure.

API traffic refers to the data and requests that are transmitted between different applications or systems using APIs. This allows software programs to communicate and exchange information, enabling seamless integration and interaction between various platforms. API traffic also involves the transfer of data, such as requests for data retrieval or updates, between the client application and the server hosting the API. 

Continue reading →