Articles about cybersecurity

It is no secret that the web browser is becoming an increasingly popular target for cybercriminals looking to compromise an endpoint to gain entry to a network. The increased business use of the browser (remote work) on networks that lack the perimeter security infrastructure of traditional campus networks has made them easier to exploit. In recent months, we have seen an increase in cyberattacks and data leaks caused by browser-related security incidents, including a data breach caused by a phishing attack on Dropbox that gained the hacker access to over 100 of the company’s code repositories in November, and December’s CircleCi breach resulting from an infection of information-stealing malware.

Highly Evasive Adaptive Threats, or HEAT attacks, are a new spin on existing browser exploit techniques that make them much more dangerous. These attacks exploit browsers by leveraging features and tools to bypass traditional security controls and then attack from within, including compromising credentials or deploying ransomware. Comprised of known tactics such as phishing messages, HTML smuggling and dynamic drive-by downloads, these attacks frequently target SaaS applications and other web-based tools that are critical to productivity.

Continue reading →

A new survey shows respondents feel a reactive approach to security is problematic for their organizations. 90 percent of them say they struggle with challenges when they react to cyber security problems as they arise.

The study, conducted by Forrester Consulting for WithSecure, shows most organizations currently approach cyber security on a reactive basis, with 60 percent of respondents saying they react to individual cyber security problems as they arise.

Continue reading →

Insecure authentication is a primary cause of cyber breaches and cumbersome login methods take an unacceptable toll on employees and business productivity, according to a new report.

The 2023 State of Passwordless Security Report, released by HYPR and Vanson Bourne, shows that 60 percent of organizations have reported authentication breaches over the last 12 months and that three out of the top four attack vectors are connected to authentication.

Continue reading →

Of businesses with between 21 and 100 protected endpoints, only five percent encountered a malware infection in 2022. For smaller firms with one to 20 endpoints, the rate is 6.4 percent, but as companies grow so do infections.

For businesses between 101 and -500 endpoints the rate rises to 58.7 percent and over 500 it's 85.8 percent. These findings are from a new report by OpenText Cybersecurity which looks at the latest threats and risks to the small and medium business (SMB) and consumer segments.

Continue reading →

A new report shows that 2022 saw a 569 percent increase in malicious phishing emails and a 478 percent increase in credential phishing-related threat reports published.

The report from Cofense also looks at emails bypassing SEGs and hitting users' inboxes and highlights that delivery methods for carrying out phishing campaigns continue to keep up with the advancement of technology. Cofense has witnessed a continued blending of tactics to make detection and mitigation even more difficult for organizations.

Continue reading →

The latest State of API Security Report from Salt Security shows a 400 percent increase in unique attackers in the last six months.

In addition, around 80 percent of attacks happened over authenticated APIs. Not surprisingly, nearly half (48 percent) of respondents now say that API security has become a C-level discussion within their organization.

Continue reading →

Although more than 70 percent of companies say they have an insider risk management (IRM) program in place, the same companies experienced a year-on-year increase in data loss incidents of 32 percent, according to a new report from Code42 Software.

Based on a survey of 700 cybersecurity leaders, cybersecurity managers and cybersecurity practitioners in the US, conducted by Vanson Bourne, the report shows 71 percent expect data loss from insider events to increase in the next 12 months.

Continue reading →

Even as we move towards passwordless authentication methods, stolen credentials remain a major problem for businesses.

A new report from cyber risk management company Outpost24 highlights the increasing professionalization of the market for stolen credentials thanks to the rise of what are known as 'traffers'.

Continue reading →

Historically, security has been treated as something as an afterthought in the IT industry. In more recent years though there has been pressure to introduce 'security by design' to ensure that products are developed with best practices in mind.

We spoke to David Melamed CTO of Jit to find out about integrating security and how security tools can be used by developers not just security professionals.

Continue reading →

In the early days of computing, authentication was simple, but the approach grew in sophistication over time. For example, modern password-based authentication systems like Kerberos don’t actually transmit passwords anymore; they generate an authentication token that is submitted instead.

But even with these enhancements, a username-and-password based approach to authentication still has a key weakness: if someone learns another user’s password, they are indistinguishable from the true user. And although Bill Gates predicted the death of the password nearly 20 years ago, they remain the default method of authentication for a range of services at work and home.

Continue reading →

Ignore the hype: Artificial intelligence (AI) can improve your security posture now.

We’ve been waiting for AI to deliver benefits to cybersecurity for a long time. ChatGPT aside, AI has been a hot-and-cold topic for decades, with periods of overhyped promises interspersed with periods of cynical rejection after failure to deliver on all of those promises. No wonder plenty of security leaders are wary. Yet, despite the wariness, AI is helping to improve cybersecurity today and will increasingly provide substantial security benefits -- and challenges.

Continue reading →

According to a new report, at least 20 percent of enterprise endpoints remain unpatched after the remediation is completed, meaning that a fifth of machines still have a significant number of legacy vulnerabilities that could be exploited at any time.

The study of over 800 IT professionals from Action1 Corporation finds 10 percent of organizations suffered a breach over the past 12 months, with 47 percent of breaches resulting from known security vulnerabilities.

Continue reading →

Unless you’ve been on a retreat in some far-flung location with no internet access for the past few months, chances are you’re well aware of how much hype and fear there’s been around ChatGPT, the artificial intelligence (AI) chatbot developed by OpenAI. Maybe you’ve seen articles about academics and teachers worrying that it’ll make cheating easier than ever. On the other side of the coin, you might have seen the articles evangelizing all of ChatGPT’s potential applications.

Alternatively, you may have been tickled by some of the more esoteric examples of people using the tool. One user, for example, got it to write an instruction guide for removing peanut butter sandwiches from a VCR in the style of the King James Bible. Another asked it to write a song in the style of Nick Cave; the singer was less than enthused about the results.

Continue reading →

With more and more organizations turning to the cloud and cloud-native application development, AppSec teams face a mounting challenge to keep pace with their development counterparts.

To address this, Backslash Security is launching a new solution to provide unified code and cloud-native security by correlating cloud context to code risk, backed by automated threat modeling, code risk prioritization, and simplified remediation across applications and teams.

Continue reading →

A new survey of over a thousand CISOs from large enterprises in the US and UK, finds that 93 percent are concerned about dark web threats and 72 percent believe that intelligence on cybercriminals is critical to defending their organization.

The report from Searchlight Cyber looks at how CISOs are gathering data from the dark web to improve their security posture.

Continue reading →