Articles about cybersecurity

The overall threat landscape facing organizations is expanding, yet many of the threats such as phishing remain the old favorites. What's more, AI is making them more effective by eliminating many of the old tell-tale signs.

With the evolving challenges and risks facing them, how can CISOs effectively network internally and externally to gather support of the broader team and build an appropriate security posture? We spoke to Robin Bell, CISO at Egress, to find out.

Continue reading →

We've all become used to completing tests to prove we're not robots, but a new report from HP Wolf Security highlights the rising use of fake CAPTCHA verification tests which allow threat actors to trick users into infecting themselves.

The technique shows attackers are capitalizing on people's increasing familiarity with completing multiple authentication steps online -- a trend HP describes as 'click tolerance'.

Continue reading →

Analysis of almost 93,000 threats detected within more than 308 petabytes of security telemetry by Red Canary shows infostealer malware infections on the rise across both Windows and macOS platforms.

Used to gather identity information and other data at scale, in 2024 LummaC2 was the most prevalent stealer detected in 2024, operating under a malware-as-a-service model, and selling for anywhere from $250 per month to a one-time payment of $20,000.

Continue reading →

The latest Global Threat Intelligence Report (GTIR) from Flashpoint finds that threat actors compromised over 3.2 billion credentials in 2024, a 33 percent increase from the year before.

Of these 75 percent or 2.1 billion, were sourced from information stealing malware, a dangerous new twist on an older threat that has infected over 23 million devices worldwide.

Continue reading →

A new report finds 78 percent of organizations report being challenged by administering and maintaining existing data loss prevention technology solutions and policies, and 94 percent report using at least two tools and, on average, more than three tools with DLP capabilities, resulting in significant man-hours to administer and maintain multiple solutions.

The study from DLP specialist MIND and Enterprise Strategy Group also shows 91 percent of organizations say it's important to reduce alert noise produced by their current DLP controls due to simple, poor and outdated classification schemes.

Continue reading →

A new survey of over 14,000 consumers across 14 countries finds that most industries experienced a decline in consumer trust compared to last year.

The latest Digital Trust Index from Thales shows banking tops the index for the second year in a row, but levels of trust have fallen among Gen Z customers.

Continue reading →

Passwords are an essential part of our digital lives, yet many people still use weak or simple combinations of letters and numbers that can be cracked in just a few seconds.

A new report from Safety Detectives, based on analysis of a 2.5TB database containing passwords compromised through data breaches and malware attacks across 44 countries, looks at the current state of password habits, to highlight how these practices have evolved over time.

Continue reading →

Increasing amounts of regulation are creating an issue for businesses as they seek to ensure compliance whilst still delivering on their core activities. This is leading many to boost the size of their security teams.

We spoke to Jay Trinckes, CISO of Thoropass, who believes that using AI, with its ability to analyze vast amounts of data quickly and accurately, will be key to bridging this gap without the need for massively expanded staffing.

Continue reading →

A new survey of over 900 security decision makers across the US, Europe and Australia, finds 60 percent of security teams are small, with fewer than 10 members. But despite their size, 72 percent report taking on more work over the past year, and an impressive 88 percent are meeting or exceeding their goals.

The study, carried out by IDC for AI-powered workflow company Tines, also finds security leaders are bullish about AI with 98 percent embracing it and a mere five percent believing AI will replace their job outright.

Continue reading →

Are you ready to welcome our new machine overlords? Okay, that might be a bit drastic, but the latest report from Sysdig reveals that there are now 40,000x more machine identities than human identities.

This has led to a greatly expanded attack surface as machine IDs are 7.5 times more risky, a dangerous liability given that nearly 40 percent of breaches start with credential exploitation.

Continue reading →

The shift to hybrid working means that managing enterprise networks has become more complicated, but legacy remote access solutions fall short in meeting the needs of supporting both managed and unmanaged users and devices.

Unmanaged users don't want to install heavyweight clients designed for managed use, such as VPN or ZTNA clients. Plus, in the case of contractors or consultants who service multiple customers, it's just not possible or practical to install multiple clients.

Continue reading →

Protecting critical national infrastructure (CNI) against attack is a huge undertaking for governments and for those organizations that deliver CNI services.

New regulation in Europe -- the NIS2 Directive -- includes an increased focus on resilience for CNI, covering traditional critical services like banking, utilities, transport and public safety as well as new provisions for digital service providers. In 2025, the Digital Operational Resilience Act (DORA) will enforce more stringent resilience and security requirements on the financial sector. And in the UK, the forthcoming Cyber Security and Resilience Bill will demand more investment in security too.

Continue reading →

A new report shows 70 percent of secrets leaked in 2022 remain active today, creating an expanding attack surface that grows more dangerous with each passing day.

The study from GitGuardian also reveals a 25 percent increase in leaked secrets year-on-year, with 23.8 million new credentials detected on public GitHub in 2024 alone.

Continue reading →

You might not often feel sorry for executives and entrepreneurs but research from Deloitte shows that their 'family offices' are prime targets for cybercriminals looking to exploit their personal networks, private data, and home devices which represent a weak security link.

This is why BlackCloak is launching Digital Executive Protection, an enhanced family office cybersecurity bundle designed to protect high-net-worth individuals, and corporate leaders.

Continue reading →

A new report from cyber insurance provider Coalition shows 58 percent of ransomware claims in 2024 started with threat actors compromising perimeter security appliances like virtual private networks (VPNs) or firewalls.

Remote desktop products are the second-most exploited for ransomware attacks at 18 percent. The most common initial access vectors (IAVs) being stolen credentials (47 percent) and software exploits (29 percent). Vendors including Fortinet, Cisco, SonicWall, Palo Alto Networks, and Microsoft build the most commonly compromised products.

Continue reading →