Articles about cybersecurity

The Christmas holiday period is a peak time for phisherfolk. Research from Check Point shows 17 percent of all malicious files distributed by email in November were related to orders and shipping around the Black Friday period.

This is expected to be worse still this month as attackers seek to take advantage of shipping and package notifications and more.

Continue reading →

Research from Salt Labs has highlighted two API security vulnerabilities discovered within BrickLink, a digital resale platform owned by The LEGO Group.

BrickLink is the world's largest online marketplace to buy and sell second-hand LEGO. The API security flaws could have allowed for both large-scale account takeover (ATO) attacks on customers' accounts and server compromise to allow bad actors to take control of accounts and steal personal details.

Continue reading →

A new report finds that 78 percent of Americans indulge in risky online behaviors that open them up to cyber threats, such as reusing or sharing passwords, skipping software updates and more -- a 14 percent increase from just two years ago.

The Xfinity Cyber Health Report from Comcast combines data from a new consumer survey of 1,000 US adults, conducted by Wakefield Research, with national threat data collected by Xfinity's xFi Advanced Security platform.

Continue reading →

A new study from Splunk, in collaboration with Foundry, finds that 49 percent of public sector agencies struggle to leverage data to detect and prevent cybersecurity threats.

The report shows 50 percent of the sector has issues leveraging data to inform cybersecurity decisions, and 56 percent of public sector agencies have difficulties leveraging data to mitigate and recover from cybersecurity incidents.

Continue reading →

Cybercriminals know that backups are the last line of defense against ransomware, so it’s essential that they are properly protected.

In an ideal world they would be air-gapped but in the current era of hyperconnectivity that can prove somewhat impractical. We talked to Bret Piatt, CEO of CyberFortress, to discuss the need to protect backups and the strategies for doing so.

Continue reading →

In a year of international events that has been dubbed a 'permacrisis', 46 percent of tech industry workers say that distractions from world events make it hard to care about their jobs.

More worrying is that 36 percent of tech industry workers say they only do the bare minimum when it comes to security at work -- compared to 11 percent of employees in other industries.

Continue reading →

While 97 percent of business leaders and security professionals say their organization is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago, one in five wouldn't bet a chocolate bar that they could prevent a damaging breach.

Ivanti surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand their perception of today's cybersecurity threats and find out how companies are preparing for future threats.

Continue reading →

As cyber threats intensify and the human and financial resources available to deal with them remain limited, there is a growing need for automation in cybersecurity.

The intelligent automation of key cybersecurity processes can significantly improve an organization's posture and at the same time support under-pressure employees by reducing reliance on manual processes. But in what is a relatively new approach, how far have organizations progressed along the cybersecurity automation maturity curve and is everyone on the same journey?

Continue reading →

As cyberattacks become more sophisticated, so traditional security techniques may no longer be up to the task of protecting systems.

What's needed is an approach that can spot the routes an attacker may use and help close them down. We spoke to Todd Carroll, CISO at CybelAngel and with over 20 years previous experience in the FBI's cyber, counter intelligence, and counter terrorism branches, to discuss the need for a pre-emptive attitude to cybersecurity and how such an approach can work.

Continue reading →

This week marks the first anniversary of the Log4j/Log4Shell vulnerability affecting the Java logging library and as we noted recently many organizations are still vulnerable even though patched versions were quickly available.

Sonatype has produced a resource center to show the current state of the vulnerability, along with a tool to help businesses scan their open source code to see if it's affected.

Continue reading →

A new report reveals that 'less sophisticated' fraud -- in which doctored identity documents are readily spotted -- has jumped 37 percent in 2022.

The report from Onfido also shows that while in 2019 fraudsters tended to keep regular office hours, in 2022, fraud levels were consistent across 24 hours, seven days a week. Thanks to technology, fraudsters are more connected across the globe and are able to traverse regions and time zones, and can easily take advantage of businesses’ closed hours when staff are likely offline.

Continue reading →

The classic way of preventing critical systems, such as industrial controls, from attack is to air-gap them. That is to say ensure they don't have a connection to the internet.

But while they may not have a web connection they still often require DNS services in order to resolve a company's internal DNS records. New research from Pentera shows that this can provide a weak point to be exploited by attackers.

Continue reading →

New research from LogRhythm shows 67 percent of respondents say their company had lost a business deal due to the customer's lack of confidence in their security strategy.

The survey of 1,175 security professionals and executives across five continents, conducted by Dimensional Research, finds 91 percent report that their company's security strategy and practices must now align to customers' security policies and standards.

Continue reading →

Cybersecurity resilience is a top priority for companies as they look to defend against a rapidly evolving threat landscape, according to the latest annual Security Outcomes Report from Cisco.

The report reveals that 62 percent of organizations surveyed say they have experienced a security event that impacted business in the past two years. The leading types of incidents are network or data breaches (51.5 percent), network or system outages (51.1 percent), ransomware events (46.7 percent) and distributed denial of service attacks (46.4 percent).

Continue reading →

Ransomware accounts for 23 percent of cyber insurance claims, while while fraudulent funds transfer (FFT) accounts for 28 percent according to insurance specialist Corvus, which has released its latest Risk Insights Index.

The impact and consistency of FFT is growing, accounting for 36 percent of all claims in the last quarter (Q3 2022), an all-time high. Indeed this metric has not dropped below 25 percent for the past six quarters.

Continue reading →