Articles about cybersecurity

Thankfully the days of organizations storing passwords in plain text are pretty much gone. Most are now hashed using algorithms that prevent hackers from reading the database easily.

But, as new research from Specops Software reveals, that doesn't necessarily make things safe. The quality of the password itself has a big impact on how long it will take to crack.

Continue reading →

A new report shows that 2022 saw a 300 percent increase in 'carpet bomb' DDoS attacks compared to 2021. Carpet bomb attacks, also known as spread-spectrum or spray attacks, distribute traffic across large IP address spaces.

Legacy technology, like standard victim-oriented detection and mitigation detection techniques, often fails to accurately identify these attacks, leading to incomplete mitigation or false positives. Legacy solutions can also simply be overwhelmed by the number of IP addresses involved.

Continue reading →

Security professionals all know that they should test their security hardware and software periodically to make sure it's working as intended. Many normal IT activities have unintended consequences that cause security configurations to 'drift' over time and make the organization more vulnerable.

But testing is frequently postponed or ignored because it never becomes a high enough priority. We spoke to Song Pang, SVP of engineering at NetBrain, to find out how automation can be used to detect when security products or network traffic are no longer behaving as intended.

Continue reading →

A new AI-based analysis and response engine designed to quickly address security gaps and resource limitations in mission critical operational infrastructure is being launched by Nozomi Networks.

Vantage IQ uses artificial intelligence (AI) and Machine Learning (ML) to help security teams by automating the time-consuming tasks associated with reviewing, correlating and prioritizing network, asset and alert data.

Continue reading →

Analysis of around a trillion API transactions spanning a range industries over the second half of 2022 by Cequence Security seeks to highlight the latest API threat trends plaguing organizations.

In the second half of 2022, approximately 45 billion search attempts were made for shadow APIs, marking a 900 percent increase from the five billion attempts made in the first half of the year.

Continue reading →

A new report from the Secureworks Counter Threat Unit (CTU) uncovers a thriving market in infostealer logs that serves as a key enabler for some of the most damaging forms of cybercrime such as ransomware attacks.

On the 'Russian Market' site alone, the number of logs for sale increased by 150 percent in less than nine months, from two million on a single day in June 2022 to over five million on a single day in late February 2023.

Continue reading →

It's human nature to have an, 'it can't happen to me' approach to life's mishaps, whether it's being involved in a traffic accident or falling victim to cybercrime.

But of course these things do happen to someone. When it comes to identity theft, Home Security Heroes has taken a more scientific approach to determining how likely you really are to become a victim.

Continue reading →

The number of deepfake videos online is increasing at an annual rate of 900 percent according to the World Economic Forum.

In the light of this Kaspersky researchers have revealed the top three fraud schemes using deepfakes that people should be aware of.

Continue reading →

Quantum computing is something that seems to have been hovering just out of reach for a decade or so -- in fact research into the concept first began back in the 1980s.

More recently quantum has come closer to a commercial reality, with big players like IBM publishing a road map with a clear, detailed plan to scale quantum processors and build the hardware necessary to take advantage of the technology and other big players like Google, Amazon, and Microsoft having since followed suit.

Continue reading →

Despite the fact that insecure password practices are regularly exploited in cyberattacks worldwide, 83 percent of cloud professionals surveyed at the recent Cloud Expo Europe event say they are confident about passwords' security effectiveness, with 34 percent 'very confident'.

But the study, of over 150 people, carried out by Beyond Identity also reveals frustrations. 60 percent find it frustrating to remember multiple passwords, 52 percent are frustrated by having to regularly change their passwords, and 52 percent by the requirement to choose long passwords containing numbers and symbols.

Continue reading →

As the world increasingly moves away from relying solely on passwords for identity verification, the focus is on alternative technologies. Whether that is passkeys, biometrics or other options, each has its own advantages and adherents.

Ricardo Amper, CEO and founder of next-generation identity verification solution provider Incode, sees biometrics as the key to eliminating discrimination and to creating a world of greater trust. We spoke to him to find out more.

Continue reading →

A new report from cyber insurance provider Cowbell shows that 90 percent of small business leaders underestimate the cost of a cyber incident.

The study of 500 SME leaders across the US shows that 50 percent of SMEs have experienced a significant cyber incident in the past 12 months and, of those, 90 percent say the attack cost more than they anticipated.

Continue reading →

A global analysis of automated bot traffic across the internet finds that in 2022, almost half (47.4 percent) of all internet traffic came from bots, a 5.1 percent increase over the previous year. At the same time the proportion of human traffic (52.6 percent) decreased to its lowest level in eight years.

The report from Imperva shows the volume of bad bot traffic has grown for the fourth year in a row, presenting a significant risk for businesses. The level of activity in 2022 is the highest since Imperva produced its first Bad Bot Report in 2013.

Continue reading →

The majority of cyberattacks are made possible by some degree of human error. Phishing emails and social engineering continue to dominate as the most common delivery systems for an attack.

We spoke to Mika Aalto, CEO and co-founder at Hoxhunt, about why a human-focused cyber-strategy is the key to success in combating attacks, about the initiatives that organizations can implement to establish this and how he expects human-related cyber-attacks to evolve.

Continue reading →

Like any new innovation, the metaverse is currently at the center of a 'risk versus reward' debate. Unsurprisingly, the 3D virtual world has received a lot of attention, with McKinsey confirming that more than $120 billion was invested in building out metaverse technology and infrastructure in the first five months of 2022.

Promises of extraordinary use cases, from teaching virtualized university lectures to performing surgeries for patients in other countries -- not to mention the potential cost saving and accessibility benefits -- have garnered curiosity. But while it could be some time until we see mass adoption of the metaverse, the security community is already apprehensive of the evolving security risks.

Continue reading →