Articles about cybersecurity

Cyber-attacks are becoming increasingly sophisticated and targeted, with the average number of weekly attacks per organization soaring to 1,673 in 2024 -- a 44 percent increase from 2023. In response, researchers and defenders are harnessing AI-powered analytics, anomaly detection and correlation engines to bolster security efforts. It’s an ongoing cat-and-mouse game that makes cyber compromise a question of when rather than if.

Effective defense hinges on resilience and minimizing the attack surface. However, many businesses are finding that traditional point-based solutions are leaving them with gaps in their security posture due to limited tools, skills or resources. There are five key factors that are leading organizations to look for a more sustainable and comprehensive platform-based approach.  

Continue reading →

Popular cloud collaboration and file sharing platforms like Adobe, DocuSign, Dropbox, Canva, and Zoho are being misused in phishing attacks due to their widespread adoption by businesses and individuals.

Research by Cofense finds 8.8 percent of all credential phishing campaigns in 2024 used these websites. Among campaigns exploiting these online document sites 79 percent of all cases containing the domains were credential phishing attacks.

Continue reading →

A new report from Claroty finds that 89 percent of healthcare organizations have medical devices vulnerable to ransomware-linked exploits and insecure internet connectivity.

Based on analysis of more than 2.25 million Internet of Medical Things (IoMT) devices and 647,000-plus OT devices across 351 healthcare organizations, the report finds 99 percent have at least one known exploited vulnerability (KEV) in their networks, while 78 percent of hospitals have OT devices with KEVs, including building management systems, power supplies, and temperature controls.

Continue reading →

With deepfakes getting more sophisticated and harder to detect both organizations and individuals are at risk of falling victim to fraud and phishing attempts.

We spoke to SURF Security CTO, Ziv Yankovitz, to learn more about the increasing threat of deepfakes and best practices that can be used to for combat attacks.

Continue reading →

The latest threat intelligence report from Ontinue finds a 132 percent surge in ransomware attacks, although ransom payments have declined by 35 percent, suggesting a shift in attacker strategies to double down on ransomware efforts.

Among other key trends, the report highlights the rapid rise of Adversary-in-the-Middle (AiTM) attacks, which have become a dominant method for stealing authentication tokens and bypassing multi-factor authentication (MFA).

Continue reading →

Research from VikingCloud finds that a successful cyberattack would force nearly one in five small- and medium-sized businesses to close down.

For nearly a third of SMBs, a cyberattack with relatively small financial impact -- less than $10,000 -- would cause them to shut down, according to the report.

Continue reading →

A new study finds 83 percent of executives now rank supply chain resilience as being as critical as cybersecurity, and many are turning to technology to strengthen their operations.

The research from Cleo shows that to bolster resilience, 47 percent are considering artificial intelligence (AI), recognizing its potential to automate processes, predict disruptions, and enhance decision-making.

Continue reading →

When getting a new smartphone most people focus on features and pricing, while security tends to be overlooked. But as we access the internet more using mobile devices, protecting users' personal information, transactions, and digital identities is vital.

We talked to Tom Tovar, CEO of Appdome, to discuss why mobile security should be at the forefront of consumer and media conversations and why it's currently being neglected.

Continue reading →

A new report from Zscaler reveals a 3,000 percent year-on-year growth in enterprise use of AI/ML tools, highlighting the rapid adoption of AI technologies across industries to unlock new levels of productivity, efficiency, and innovation.

This surge in adoption also brings heightened security concerns though. According to the study enterprises blocked 59.9 percent of all AI/ML transactions, indicating awareness around the potential risks associated with AI/ML tools, including data leakage, unauthorized access, and compliance violations.

Continue reading →

Ransomware attacks are increasingly targeting organizations across industries, with the potential to cause devastating financial, operational, and reputational damage.

We spoke to James Eason, practice lead for cyber risk and compliance at Integrity360, to get his insights into how executive boards can effectively prepare for such incidents.

Continue reading →

Rooting (on Android) and jailbreaking (on iOS) were once widespread for enabling deeper customization and removing OS limitations on mobile devices. It's a practice that's become less common in recent years but still represents a serious security threat, not just to the user, but to enterprises who enable employees to access sensitive corporate apps and data from their devices.

Research from Zimperium's zLabs shows rooted Android devices experience 3.5 times more malware attacks, and system compromises have surged by 250 times compared to non-rooted devices.

Continue reading →

As organizations race to deliver apps at an unprecedented pace, the rise of freely available AI tools with sophisticated capabilities has made it easier than ever for threat actors to effortlessly reverse-engineer, analyze, and exploit applications at an alarming scale.

A new report from Digital.ai shows that 83 percent of applications are under constant attack, a nearly 20 percent increase from last year, with attack rates surging across all industries.

Continue reading →

Trust management platform Vanta has announced a series of new features and capabilities to help security and GRC teams seamlessly collaborate across their organization and extended network.

With 65 percent of businesses reporting that customers, investors and suppliers increasingly require proof of compliance, maintaining a strong security posture is essential for growth and unlocking new market entry. Vanta's new features simplify delegation, improve contextual communication and ensure accountability, allowing businesses to use their network of employees, vendors, auditors and customers to maintain continuous compliance.

Continue reading →

A new report from SpyCloud highlights a 22 percent increase in stolen identity records since 2023.

These identity records, consisting of harvested employee, consumer, and supply chain data, are the fuel that power cyberattacks like ransomware, account takeover, and fraud with nearly 80 percent of breaches last year involving the use of stolen credentials.

Continue reading →

New research from Menlo Security, based on analysis of more than 750,000 browser-based phishing attacks, shows a startling 140 percent increase compared to 2023, and a 130 percent increase specifically in zero-hour phishing attacks.

Microsoft, Facebook, and Netflix are the brands most commonly impersonated in browser-based phishing attempts. However, generative AI services are also increasingly impersonated with nearly 600 incidents of GenAI fraud identified, in which imposter sites used GenAI platform names to manipulate and exploit unsuspecting victims.

Continue reading →