Articles about Security

Paying off a bad actor for successfully implementing ransomware into an organization is the enterprise equivalent of rewarding a bad child who vandalized a home with candy -- but unfortunately, many organizations often have no choice but to pay… and pay a lot.

Technology has enabled asymmetric attacks. In other words, one attacker can federate an attack across many organizations. The attacker needs to get the attack right once -- while the defenders (corporations, governments, hospitals, etc.) need to get their defense right every… single… time!

Continue reading →

New account fraud based on ID verification declined by 23.2 percent worldwide, year-on-year in 2020 according to a new report from AI-powered identity verification specialist Jumio.

Although selfie-based fraud rates were five times higher than ID-based fraud, this shows the growing number of stolen ID documents available on the dark web and, more importantly, the growing need to determine if an ID is authentic and belongs to the user.

Continue reading →

Among the many things that have changed in 2020 it's proved to be a record year for crowdsourced cybersecurity adoption, according to Bugcrowd.

Enterprises across all industries have been implementing crowdsourced cybersecurity programs to keep up with the evolving threat landscape. Bugcrowd has seen a 50 percent increase in submissions on its platform in the last 12 months, including a 65 percent increase in Priority One (P1) submissions, which refer to the most critical security vulnerabilities.

Continue reading →

A lockdown increase in online gaming activity has inevitably attracted attention from attackers, resulting in nearly 77 percent of cyberattacks targeting the online gaming and gambling industries in Q3 of 2020.

The latest DDoS Threat Report from Nexusguard also reveals a huge 287 percent increase in total DDoS attacks in the third quarter compared to the same period last year.

Continue reading →

With many large enterprises using Active Directory (AD) and Azure Active Directory (AAD) to control user permissions and access, this has become one of first places attackers look for weakness.

Add to this an acceleration of digital transformation projects due to the pandemic and more and more companies are looking to implement zero trust to stay secure. But a new report from One Identity suggests this transition may prove challenging.

Continue reading →

The analyst team at digital risk protection firm CybelAngel has discovered that more than 45 million medical imaging files, including X-rays and CT scans, are freely accessible on unprotected servers.

The findings are the result of a six-month investigation into Network Attached Storage (NAS) and Digital Imaging and Communications in Medicine (DICOM), the de facto standard used by healthcare professionals to send and receive medical data.

Continue reading →

The Christmas shopping season is in full swing. This year, online retailers pushed the boundaries with "Black November" in the hopes of improving their online sales, thanks to the uncertainty around in-store shopping due to COVID-19, leading many customers to make their purchases from the safety of their own homes.

As a result, e-commerce merchants have witnessed a significant uptick in users and devices connecting to websites than in recent years.

Continue reading →

Cybersecurity company Sophos is announcing four new open artificial intelligence developments with the aim of improving defenses and making the use of AI in cybersecurity more transparent.

Although in other industries it's become common to share AI methodologies and findings, cybersecurity has lagged which doesn't help understanding of how AI can protect against cyberthreats.

Continue reading →

The consumer Internet of Things (IoT) has exploded into the connected world, making domestic life richer, easier and more entertaining. Consumer IoT comprises a set of connected devices that have a discrete function, enabled or supplemented by a data-gathering capability through on-board sensors. In any home or office environment an individual may come into contact with 'smart' appliances or devices such as coffee machines, cameras, heating systems, locks, lights, health trackers, refrigerators and TV’s, to name a few.

Criticism of IoT security, or lack-thereof, has highlighted serious deficiencies in both design and implementation of IoT devices. Unfortunately, consumers are critically dependent on device manufacturers for the security of their devices. With a rushed and greater rate of adoption, a number of risks have been introduced, attracting close attention from threat actors aiming to steal valuable information and disrupt services. However, all hope is not lost -- at a consumer level, there are still a few basic techniques that can be used to protect IoT devices from attacks.

Continue reading →

There are likely to be around 31 billion IoT devices by the end of this year and we already know that they can be vulnerable to attacks.

Israeli company Karamba Security is launching its XGuard Monitor platform aimed at managing the security of large numbers of IoT devices.

Continue reading →

As always, spammers and cybercriminals seek to take advantage of the peak online shopping season covering Black Friday and the Christmas holidays.

The Bitdefender Antispam Lab has identified a series of campaigns impersonating online banking and financial organizations. In October six in 10 emails (58.84 percent) relating to the banking industry were fraudulent.

Continue reading →

With more people shopping online than ever before, 78 percent of cybersecurity professionals say they expect to see an increase in DNS-related security threats over the next month.

This is according to a new report from information services and technology company Neustar's International Security Council which also finds that 59 percent have altered their DNS security methods in the run up to the holiday season.

Continue reading →

The latest report from Risk Based Security reveals that the number of vulnerability disclosures this year is back on track to reach or surpass 2019 after a decline in the first quarter.

Earlier in the year there had been a sharp decline of 19.2 percent in the number of vulnerabilities disclosed. But on the latest figures Risk Based Security's VulnDB team aggregated 17,129 vulnerabilities disclosed during the first three quarters of 2020, marking a mere 4.6 percent gap when compared to last year.

Continue reading →

A new report from Netwrix shows that cybersecurity risks related to insiders are now more common than external threat actors.

In fact, since organizations have increased remote working, four of the top six types of cybersecurity incidents they experienced have been caused by internal users. These are: accidental mistakes by admins (27 percent), accidental improper sharing of data by employees (26 percent), misconfiguration of cloud services (16 percent) and data theft by employees (14 percent).

Continue reading →

Verifying digital identity is fundamental to building trust in online security and conducting commercial and personal transactions safely. But it can also prove a performance headache for businesses.

Non-profit organization, The Linux Foundation, is today announcing the launch of the Janssen Project, a cloud native identity and access management software platform that prioritizes security and performance.

Continue reading →