Articles about cybersecurity

In 2022, the number of DDoS attacks grew 150 percent globally compared to the previous year, while the number of attacks in the Americas rose even faster, increasing 212 percent compared to 2021.

These figures are from the 2022 Global Threat Analysis Report released today by Radware which also shows the frequency of DDoS attacks saw a significant uptick. Globally, organizations mitigated an average of 29.3 attacks per day during the fourth quarter of 2022, 3.5 times more compared to 8.4 attacks per day at the end of 2021.

Continue reading →

More and more connected systems are being used to deliver the essentials of our everyday lives. From the water and power that comes into our homes to the medical treatment we receive, the 'Extended Internet of Things' (XIoT) is involved.

A new report on the state of XIoT security from Claroty's Team82 researchers shows vulnerabilities in these cyber-physical systems disclosed in the second half of 2022 declined by 14 percent since hitting a peak in 2021. At the same time vulnerabilities found by internal research and product security teams have increased by 80 percent over the same period, indicating that vendors are taking the risk seriously.

Continue reading →

Privileged access management (PAM) solutions are too complex, with 68 percent of organizations paying for features they don't need, according to a new report.

The report from Keeper Security finds 91 percent of organizations employ PAM and 84 percent of global IT leaders say they want to simplify their PAM solutions in 2023.

Continue reading →

The latest report from JFrog looks at the most prevalent vulnerabilities in 2022 with an in-depth analysis of open source security vulnerabilities that have most impact for DevOps and DevSecOps teams.

The report shows that the severity of six of the top 10 CVEs was overrated, meaning they scored higher in the NVD rating than in JFrog's own analysis. In addition the CVEs appearing within enterprises most frequently are low-severity issues that were simply never fixed.

Continue reading →

Traditionally used by intelligence agencies and the military, the OSINT technique is used to gather information about people, organisations or companies from freely accessible sources, then analyse the data obtained and draw useful conclusions and information from it.

But IT security experts can also benefit from the technique to discover potential vulnerabilities and remediate them before they're exploited by attackers.

Continue reading →

We’ve already had the first major API-related cybersecurity incident for 2023, and the year has barely started. The T-Mobile API breach exposed the personally identifiable information (PII) of 37 million customers. The API attack had been going on since November but was not discovered and disclosed until January 19, illustrating the threat of the "low and slow" approach of API attacks, which are increasing at a steady pace. Following research by Sam Curry that uncovered hundreds of API vulnerabilities in the automotive industry -- from Mercedes-Benz to Nissan to Kia to Ferrari and more -- it’s not surprising that 2023 has been dubbed "The Year of API Security."

Unfortunately, threats do not stop at API security. Today’s organizations -- and the world -- face inordinate security risks. What other threats and trends can we expect to see in the coming year?

Continue reading →

Developers need access to many devices and internal services in order to build software. But many of these devices and services are exposed to the public web, creating gaps in security.

Add in the challenges of securing remote working and it's clear that there's a tricky balancing act needed to enable development while keeping the organization secure. We spoke to Avery Pennarun, CEO and co-founder of VPN service Tailscale, to find out how this can be achieved.

Continue reading →

Phishing emails usually try to trick the user into opening an attachment or visiting a website. Often this is by instilling a sense of urgency -- telling you your account is about to expire, for example.

Researchers at NordVPN have uncovered a new tactic involving email birthday cards. After all, if it's your birthday and you've opened several eCards already you're not going to think there's anything phishy about another one.

Continue reading →

Phishing volumes increased 36 percent, with 278.3M unique phishing emails in the fourth quarter of 2022, while malware volumes increased 12 percent QoQ, accounting for 58.9M emails, in the same period.

The latest Phishing and Malware Report from Vade shows the company detected 278.3 million unique phishing emails in Q4, surpassing the previous quarter’s total by 74.4 million. December saw the biggest jump in phishing emails, up 260 percent, as threat actors tried to cash in on the holiday period, this echoes a similar pattern at the end of 2021.

Continue reading →

Since Microsoft began the default blocking of macros in documents sent over the internet there's been an increase in the use of HTML files to deliver malware.

Research by Trustwave Spiderlabs reveals a rise in so called 'HTML smuggling' using HTML5 attributes that can work offline by storing a binary in an immutable blob of data within JavaScript code. The embedded payload then gets decoded into a file object when opened via a web browser.

Continue reading →

The number of CVEs reported via ICS advisories has increased each year, with 2020-2021 seeing a 67.3 percent increase in CISA ICS CVEs, while 2021-2022 saw a two percent increase, according to a new report from SynSaber.

The growing volume of vulnerabilities highlights continued efforts to secure the ICS systems critical to a nation's energy, manufacturing, water, and transportation infrastructure. There's also a growing focus on regulation which means operators in critical infrastructure are under more pressure to analyze, mitigate, and report on new and existing vulnerabilities

Continue reading →

Unmanaged device usage continues to increase, with only 43 percent of respondents to a new survey claiming to be actively monitoring 75 percent or more of their endpoints. For organizations with 1,000-4,999 devices, 34 percent are unmanaged, and more than half report experiencing several cyberattacks as a result of poorly managed endpoint devices.

The study, from Syxsense, of more than 380 IT and cybersecurity professionals shows that despite these blind spots most survey respondents believe endpoint security (56 percent) and management (58 percent) are getting easier compared to two years ago.

Continue reading →

New research released today by Barracuda shows 75 percent of organizations surveyed have experienced a successful email-borne attack in the last 12 months.

What's more the study, carried out by Vanson Bourne, finds recovering from an email-borne security attack costs victims more than $1 million on average and 69 percent of those hit by ransomware say the attack started with an email.

Continue reading →

ChatGPT is very much flavor of the month at the moment, with many companies looking to add the AI technology into their products and Google launching its own alternative, Bard.

The latest to embrace the potential is Logpoint which is launching ChatGPT integration for its Security Orchestration, Automation and Response (SOAR) product.

Continue reading →

While technology to secure devices has been widely adopted, more progress is needed to protect identity, networks and applications, according to the first-ever Cybersecurity Readiness Index from Cisco.

Respondents rank identity and device management as two of the three top cybersecurity threats. With the widespread adoption of technology like multi-factor authentication (MFA), criminals are increasingly targeting the solutions employed to protect users and devices.

Continue reading →