Security

Cybercriminals are using more sophisticated ransomware tactics and more dangerous variants, like Ryuk, to earn an easy payday. This has seen a 62 percent increase globally and a 158 percent spike in North America since 2019.

The latest Cyber Threat Report from SonicWall highlights how COVID-19 has provided threat actors with opportunities for more powerful, aggressive and numerous attacks, thriving on the fear and uncertainty of remote and mobile work forces navigating corporate networks from home.

Microsoft Active Directory (AD) is used by 90 percent of enterprises as the primary source of trust for identity and access, but it's also exploited in many cyberattacks.

Since AD is rarely safeguarded effectively, attackers have come to depend on weak configurations to identify attack paths, access privileged credentials and get a foothold in target networks.

The latest Quarterly Threat Insights Report from HP shows that 29 percent of malware captured between October and December 2020 was previously unknown, due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection.

In addition 88 percent of malware was delivered by email into users' inboxes, in many cases having bypassed gateway filters. It took 8.8 days, on average, for threats to become known by hash to antivirus engines, giving hackers over a week’s head-start on their campaigns.

German cybersecurity company Avira is launching a new security for Mac product with free as well as premium versions, developed from the ground up on Apple’s latest tech stack.

The all-in-one solution blocks and removes threats, enables worry-free browsing, shopping and payment through real-time protection, and protects data with VPN encryption.

Public key infrastructure (PKI) and digital certificates are essential to achieving zero trust architecture according to 96 percent of North American enterprises.

However, only 39 percent use PKI as part of their zero trust security strategy today according to a survey from Pulse Research and PKI as-a-Service (PKIaaS) company Keyfactor.

Technology providers that are transparent and proactive in helping organizations manage their cybersecurity risk are more likely to win business according to a new study from Intel.

The results show 73 percent of respondents say their organization is more likely to purchase technologies and services from technology providers that are proactive about finding, mitigating and communicating security vulnerabilities, while 48 percent say their technology providers don’t offer this capability.

Developers are under increasing pressure to create real-time products that make the most of a wide range of digital resources.

This means that DevOps teams have to cope with information drawn from all sorts of different sources. But how can they ensure they are getting an accurate picture?

Linux-based operating systems are generally recognized as being far more secure than the likes of Windows and macOS -- but that's not to say they're without their flaws. Illustrating precisely this is the discovery of no fewer than three vulnerabilities in the Linux kernel that could be exploited to gain root access to a system.

That researchers from cybersecurity firm GRIMM managed to find so many vulnerabilities in the Linux kernel is one thing, the fact that they have lain there undetected for 15 years is quite another.

One of the frameworks that has received greater attention since the acceleration of digital transformation is Secure Access Services Edge (SASE).

But what does its adoption mean for the security industry and how can enterprises best take advantage of SASE? We spoke to Mary Blackowiak, senior product marketing manager at AT&T Cybersecurity, to discover more.

In a new report into DNS security, Cisco Umbrella, which processes 620 billion DNS requests daily, finds that from January to December 2020 cryptomining generated the most DNS traffic out of any individual threat category with 69 percent of organizations discovering cryptomining connections.

In addition nearly 90 percent of organizations had at least one user attempt to connect to a phishing site, peaking drastically in the second half of the year.

As mobile device usage continues to grow within enterprises the security risk increases too. Mobile browsers get patched less often and other threats come from phishing and malicious document downloads.

To combat these problems Menlo Security is extending its cloud-based Secure Web Gateway (SWG) to include web isolation for mobile devices.

New research from Tenable's Security Response Team finds that third-party attacks accounted for over a quarter of breaches disclosed over the past year.

More worrying is that a breach of a single company linked back to 61 healthcare customers. The research reveals the impact of third-party attacks, how hard the healthcare sector has been hit by cyberattacks and just how rampant ransomware has been during Covid-19.

A new report from Akamai looks at the technology shifts and usage patterns of 2020 noting a 30 percent jump in internet traffic thanks to COVID-19 lockdowns.

It also highlights criminals taking advantage worldwide, targeting all business sectors and industries, including information technology and security.

Apple has issued a couple of important security updates for its desktop and mobile operating systems. The company has released iOS 14.4.1 and macOS 11.2.3, both of which are described as being "recommended for all users".

The reason for this is simple -- these are important updates that patch a memory corruption bug that could be exploited by malicious websites. This is in addition to the vulnerabilities that have already been patched in another iOS update last month.

A new report looking at the long-tail impact data breaches have on a brand's value shows that the world's 100 most valuable brands could lose as much as $223 billion from a data breach.

The study from IT consulting firm Infosys and brand consultancy Interbrand looks at the brand factors most impacted when a company suffers a data breach -- presence, affinity, and trust -- and simulates the resulting brand value at risk in the event of a breach.