Articles about cybersecurity

As organizations embrace cloud-native development, they are building new types of applications and microservices that are easier to scale and add more business value.

But the growing adoption of microservices has introduced new security risks because microservices and modern applications contain more 'pieces' that increase the attack surface.

Continue reading →

Just 15 percent of organizations globally have the 'Mature' level of readiness needed to be resilient against today's modern cybersecurity risks, according to Cisco's first-ever Cybersecurity Readiness Index.

More than half (55 percent) of companies globally fall into the Beginner (eight percent) or Formative (47 percent) stages, meaning they are performing below average on cybersecurity readiness.

Continue reading →

Ransomware and extortion actors are utilizing more aggressive tactics to pressure organizations, with harassment being involved 20 times more often than in 2021, according to a new report.

The study, from Palo Alto Networks' Unit 42 threat intelligence team, finds harassment is typically carried out via phone calls and emails targeting a specific individual, often in the C-suite, to pressure them into paying a ransom demand.

Continue reading →

People have been predicting the end of the password for a very long time, yet they still remain key to securing access to many systems.

Maybe the end is edging just a bit closer though as ForgeRock announces Enterprise Connect Passwordless, a new passwordless authentication solution that eliminates the need for users to interact with passwords inside large organizations.

Continue reading →

Cyberattacks are expected to reach historic levels this year, in both volume and sophistication, yet many organizations are reducing their 2023 cybersecurity budgets.

We spoke to Steve Benton, VP of threat research at intelligence-driven cybersecurity specialist Anomali, to discover how a different approach might offer strong protection without breaking the bank.

Continue reading →

The default blocking of macros in MS Office is forcing threat actors to be more creative with their attack methods, according to the latest report from HP Wolf Security.

There have been increases in the levels of malware delivered in PDFs and zip files, as well as a rise in 'scan scams' using QR codes to trick users into opening links on mobile devices.

Continue reading →

UK government departments are losing hundreds of devices each year according to Freedom of Information (FoI) requests submitted by encrypted drive manufacturer Apricorn.

The Home Office declared 469 lost and stolen devices between September 2021 and September 2022, with the Ministry of Defence not far behind with 467 mobiles, tablets and USB devices unaccounted for.

Continue reading →

The Lockbit ransomware group claimed 129 victims in February, more than double the 50 that was reported in January.

The latest ransomware report from GuidePoint Security shows that another RaaS group, AlphV, also significantly increased its reported monthly victim count from 20 to 31.

Continue reading →

There's been a fair bit of hype recently surrounding the potential for ChatGPT and similar tools to be used for creating phishing campaigns, eliminating the typos and other errors that are the giveaways of a scam.

However, new research from Hoxhunt suggests that AI might not be quite so good at going phishing after all.

Continue reading →

A new study reveals that 61 percent of mid-sized businesses don't have dedicated cybersecurity experts in their organization.

The research from managed security platform Huntress also shows 24 percent of mid-sized businesses have suffered a cyber attack or are unsure if they have suffered a cyber attack in the past year.

Continue reading →

Growing numbers of cyberattacks have highlighted the shortcomings of passwords and legacy multi-factor authentication systems.

Beyond Identity today launches Zero Trust Authentication, which has been developed in response to the failure of traditional authentication methods. It includes components such as Beyond Identity's risk scoring and continuous authentication capabilities to significantly enhance the level of protection offered.

Continue reading →

Technology continues to advance at an unprecedented rate. The development and use of Application Programming Interfaces (APIs) being a particularly notable example.

The latest Salt Labs State of API Security report found that overall API traffic increased 168 percent over 12 months, with API attack traffic increasing by 117 percent in the same time period. Perhaps understandably, many CISOs are struggling to keep up.

Continue reading →

Complex software today includes components that rely on digital authentication credentials commonly referred to as secrets, which include tools such as login credentials, API tokens, and encryption keys. While critical for the software to function, managing secrets across every component of code is a challenge that can result in secrets being left vulnerable.

Supply chain security company ReversingLabs is launching a new secrets detection feature within its Software Supply Chain Security (SSCS) platform.

Continue reading →

People are struggling to recall an ever-growing number of passwords, with 51 percent of respondents to a new study by Entrust saying they reset a password at least once a month because they can't remember it.

Even more alarming, 15 percent of users who responded reset passwords at least once a week. It's no surprise then that given the option between biometrics or a password, 74 percent of respondents will choose biometrics half the time or more and a third will always choose biometrics when available.

Continue reading →

The latest Identity Exposure Report from SpyCloud shows that last year its researchers recaptured 721.5 million exposed credentials from the criminal underground, and found over 22 million unique devices infected by malware.

Of the exposed credentials recovered by SpyCloud, roughly 50 percent came from botnets, tools commonly used to deploy highly accurate information-stealing malware. These infostealers enable cybercriminals to work at scale, stealing valid credentials, cookies, auto-fill data, and other valuable information to use in targeted attacks or sell on the darknet.

Continue reading →