Security

A new report shows that nation state cyberattacks are becoming more frequent, varied and open, moving us closer to a point of 'advanced cyberconflict' than at any time since the inception of the internet.

The report, sponsored by HP, is based on research conducted by Dr Mike McGuire, senior lecturer in criminology at the University of Surrey and finds that there's been a 100 percent rise in 'significant' nation state incidents between 2017 and 2020.

Protecting legacy systems usually means segmenting them from points of compromise in the network. But the traditional approach using a legacy firewall for each machine is ineffective and costly.

Microsegmentation specialist Guardicore is announcing new capabilities for its Guardicore Centra product extending zero trust policies and granular microsegmentation to legacy systems including IBM iSeries AS/400 servers.

Human error and poor security decisions are among the leading causes of data breaches, but it can be hard for security teams to know where to invest resources to address these risks and provide help to employees who need it most.

Tessian is introducing what it calls the Human Layer Risk Hub -- a solution that offers organizations full visibility into employees' risk levels and drivers on email, enabling security and risk management leaders to take a more tailored approach to employee security.

According to a new study, 57 percent of American employees are currently writing down work-related passwords on sticky notes, leading to significant cybersecurity risk.

In addition, the report from Keeper Security shows 66 percent have lost these sticky notes in the past, making it difficult to know who ultimately has access to sensitive company information.

Ransomware attacks grew by 485 percent in 2020 compared to 2019. Attacks in the first and second quarters accounting for 64 percent of all attacks or 19 percent higher than the first two quarters of 2019.

This is one of the findings of the latest Consumer Threat Landscape report from Bitdefender. which also shows that IoT devices with proprietary operating systems were responsible for 96 percent of vulnerabilities even though they account for only 34 percent of consumer devices.

Phishing attacks are getting more sophisticated and therefore harder to spot. However, there are still times when the phisherfolk don't do themselves any favors, making their attempts at deception amusingly obvious.

Email security company GreatHorn has launched a new blog series called Phishing Phails which looks at some of the less successful examples of phishing bait.

Organizations today face a major threat in terms of cybersecurity, from malicious URLs to credential reuse, and having robust security systems can make all the difference.

With Machine Learning for Cybersecurity Cookbook you'll learn how to use Python libraries such as TensorFlow and scikit-learn to implement the latest artificial intelligence (AI) techniques and handle challenges faced by cybersecurity researchers.

New research from Menlo Security reveals that numbers of fake login pages and forms looking to steal credential are on the increase.

The majority of attacks are serving Outlook and Office 365 logins, reflecting the widespread use of these services across corporate environments.

All industries have been affected by the COVID-19 pandemic and the need to shift to new ways of working. This change has also led to an expanded attack surface for cyber criminals.

The insurance sector has been particularly hit in the past year and we spoke to Ashish Gupta, CEO of crowdsourced security company Bugcrowd to find out how businesses have been affected and how they're responding to the challenge.

Even after a full year of remote work, many enterprises are still concerned about securing their off-site users according to a new study from cloud security company Bitglass.

The biggest remote work security concerns come from data leaking through endpoints (68 percent), users connecting with unmanaged devices (59 percent), and access from outside the perimeter (56 percent).

According to a report from Transmit Security, more than half of consumers have stopped using a website because of the login process and more than 87 percent have been locked out of an online account because of an error-ridden password process.

The survey of 600 US consumers finds organizations are losing potential customers and a substantial amount of revenue because of their dependency on traditional password systems and outdated customer authentication models.

A new study from the Cloud Security Alliance (CSA) and cloud security company AlgoSec finds that over half of organizations are running 41 percent or more of their workloads in public clouds, compared to just a quarter in 2019.

But 11 percent of respondents have reported a cloud security incident in the past year with the three most common causes being cloud provider issues (26 percent), security misconfigurations (22 percent), and attacks like denial of service exploits (20 percent).

A new report from Varonis reveals some startling statistics about healthcare data, with almost 20 percent of files open to all employees in an organization.

In addition the average healthcare organization has over 31,000 files -- including those that include HIPAA-protected information, financial data, and proprietary research -- open to everyone.

Historically ransomware has relied on encrypting data and then demanding money in order to release it.

But a new report from F-Secure shows that 2020 has seen an increase in ransomware that also steals data, giving the attackers more leverage over their victims. If organizations first refuse to pay a ransom to decrypt their data, attackers threaten to leak the stolen information, increasing pressure on victims.

The more reliant businesses become on technology the more risk they face from a range of cyberthreats. This is especially true when it comes to critical infrastructure as it's an attractive target for nation state and other attackers.

We spoke to James Carder, chief security officer and vice president of labs at SIEM platform LogRhythm to discover more about critical infrastructure threats and how to guard against them.