cybersecurity

New research from Lookout finds that 40 percent of security pros have no clue about the UK Cyber Essentials framework -- the government backed program that aims to help UK organizations improve their cyber resiliency against the most common cyberattacks.

The research, carried out at Infosecurity Europe, surveyed 246 security professionals and finds only 28 percent of organizations had fully implemented Cyber Essentials. Of those that had not implemented the scheme, 58 percent say a lack of awareness or understanding is the reason why they hadn't.

Cybersecurity has become one most crucial aspects of many organizations due to the speed at which cyber threats evolve. The "speed of cybersecurity" makes it vital to have timely and agile defense measures to detect, analyze, and mitigate cyber risks -- as it is the only way to stay ahead of attackers and protect assets in an increasingly dynamic and interconnected world. 

New technologies like cloud computing and automation have led to transformative changes in cybersecurity, though these changes weren’t immediate. The use of the cloud within other IT teams advanced much faster than it did in cybersecurity departments, as security teams were hesitant to cede control to technologies in the hands of others.  

On Wednesday the US Securities and Exchange Commission (SEC) approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a 'material' impact on their finances.

This marks a major shift in how data breaches are disclosed and industry figures have been quick to give their views on the effect the new rules will have.

A new study of 1,000 office workers across the US and UK shows half of us already use AI tools at work, one-third weekly and 12 percent daily.

But the report from Cybsafe finds 38 percent of users of generative AI in the US admit to sharing data they wouldn't casually reveal in a bar to a friend.

As workers take time off for summer holidays it means greater risk that personal devices and public Wi-Fi will be used to access sensitive corporate data.

Vulnerability management specialist Hackuity warns that this is a time when organizations are at their most vulnerable and cybercriminals are well aware of the fact.

As growing businesses rush to upgrade their hardware, many are simply throwing old computers, routers, and other IT assets into the trash, leading to security and environmental concerns.

A new study from Capterra of 500 IT professionals at US small and midsize businesses (SMBs) reveals that nearly a third (29 percent) indulge in improper IT hardware disposal practices.

We've already seen how generative AI can be used in cyberattacks but now it seems there's an AI model aimed just a cybercriminals.

Every hero has a nemesis and it looks like ChatGPT's could be FraudGPT. Research from security and operations analytics company Netenrich shows recent activities on the Dark Web Forum reveal evidence of the emergence of FraudGPT, which has been circulating on Telegram Channels since July 22nd.

Data centers are increasingly faced with more sophisticated attack techniques, putting the information they hold at risk.

Specific vulnerabilities such as misconfigurations may pass under the radar of traditional security scans. We spoke to Daniel dos Santos, head of security research at Forescout, to discuss the potential impact of these vulnerabilities and why data centers need to strengthen their risk management.

Cloud security company Sysdig is launching a new generative AI assistant specifically designed to help with cloud security.

Whereas standard AI chatbots are designed to answer a specific question using a single large language model (LLM) and stateless analysis, Sysdig Sage uses a unique human-to-AI controller that mediates user interactions with LLMs to provide more advanced, tailored recommendations.

Artificial intelligence (AI) chatbots like ChatGPT have become a tool for cybercriminals to enhance their phishing email attacks. These chatbots use large datasets of natural language and reinforcement learning to create typo-free and grammatically correct emails, giving the appearance of legitimacy to unsuspecting targets. This has raised concerns among cybersecurity leaders, with 72 percent admitting to being worried about AI being used to craft better phishing emails and campaigns.

Chatbots can help cybercriminals scale the production of advanced social engineering attacks, such as CEO fraud or business email compromise (BEC) attacks. Additionally, cybercriminals may use AI-powered chatbots to scrape personal or financial data from social media, create brand impersonation emails and websites, or even generate code for malware such as ransomware. In particular, without AI, creating malware is a specialized task that requires skilled cybercriminals. However, the use of chatbots could make it easier for non-specialists to do this, and we can also expect AI-generated outputs to improve over time.

Researchers at Checkmarx have detected several open-source software supply chain attacks that specifically target the banking sector.

These attacks use advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to them. The attackers employed deceptive tactics such as creating fake LinkedIn profiles to appear credible and customized command and control centers for each target, exploiting legitimate services for illicit activities.

A new report from GuidePoint Security shows a startling 100 percent increase in publicly posted ransomware victims from Q2 2022 to the last quarter.

The study from the GuidePoint Research and Intelligence Team (GRIT) also shows a 38 percent increase in public victims compared to Q1 of this year.

New research from security behavior change specialist Hoxhunt shows that 66 percent of active participants in security behavior training programs at critical infrastructure organizations detect and report at least one real malicious email attack within a year.

The report -- based on analysis of over 15 million phishing simulations and real email attacks reported in 2022 by 1.6 million people participating in security behavior change programs -- shows the effectiveness of training in making staff more engaged in organizational security.

Cybersecurity Threats, Malware Trends, and Strategies, Second Edition builds upon the success of the first edition that has helped so many aspiring CISOs, and cybersecurity professionals understand and develop effective data-driven cybersecurity strategies for their organizations.

In this edition, you’ll examine long-term trends in vulnerability disclosures and exploitation, regional differences in malware infections and the socio-economic factors that underpin them, and how ransomware evolved from an obscure threat to the most feared threat in cybersecurity.

A new survey of over 2,000 IT security analysts finds that 71 percent admit their organization may have been compromised and they don't know about it yet.

The study, from Vectra AI, details how analysts are being overwhelmed, as they receive 4,484 alerts on average per day, but can't cope with 67 percent of them. This leads 97 percent to worry that they'll miss important security events.