Hackers responsible for a large-scale phishing campaign unintentionally left over a thousand sets of stolen log-in credentials accessible to the public via a simple Google search.

The error was uncovered by researchers at Check Point. and Otorio. The stolen credentials were stored in designated web pages on compromised servers.

Continue reading →

We all know that following a data breach the stolen information is likely to turn up for sale on the dark web. But what's this information worth and how is its value arrived at?

Researchers at consumer website Comparitech have analyzed over 40 dark web marketplaces to find out how much credit card, Paypal, and SSN details are worth to cybercriminals.

Continue reading →

A side effect of the pandemic over the last year has been that online shopping has boomed. But a new study from Veracode reveals that 76 percent of apps in the retail and hospitality sector contain flaws, with 26 percent having high-severity issues that require urgent attention.

Compared to other industries, however, retail and hospitality ranks second-best for overall fix rate with half of flaws remediated in just 125 days, nearly one month faster than the next-fastest sector. While this may seem lengthy, half of flaws across all industries remain unfixed for much longer and some may never be fixed at all.

Continue reading →

As we move into 2021, CISOs continue to have to deal with securely connecting a remote workforce while addressing other pressing initiatives to protect their organization from an evolving range of threats.

Continuous compromise assessment company Lumu has produced an infographic based on a survey of cybersecurity leaders across North and Latin America looking at how they plan to prioritize their investments.

Continue reading →

Linux-based systems are generally touted for their high levels of security, but this does not mean that they are completely immune to threats. Illustrating this, security firm Check Point Software has shared details of a series of attacks based on the FreakOut malware.

The company says that the aim of the malware appears to be the creation of an IRC botnet which could be used to launch DDoS attacks, run crypto miners, and more. Linux users running certain products are being warned to get their systems patched as soon as possible to avoid problems.

Continue reading →

A security researcher has revealed details of a strange bug that could result in an NTFS hard drive becoming corrupt in Windows 10, as well as the unsupported Windows XP. What makes the bug so serious and unusual is that it can be triggered without the user having to open a file.

The bug -- which has been shown to have been around for three years or so -- can cause a hard drive to be corrupted if a user simply views the contents of a folder that includes a specially crafted file. Although Microsoft is aware of the issue affecting the $i30 NTFS attribute, a fix has yet to be produced.

Continue reading →

According to a new report from mobile security specialist Wandera 52 percent of organizations experienced a malware incident on a remote device in 2020, up from 37 percent in 2019.

The report is based on captured data from Wandera's global network of 425 million sensors across both corporate-owned and BYOD assets, making it the world’s largest and most insightful mobile data set.

Continue reading →

From January through October 2020 there have 730 publicly disclosed events resulting in over 22 billion records exposed worldwide according to a new report from Tenable's Security Response Team (SRT).

Of breaches analyzed 35 percent were linked to ransomware attacks, resulting in major financial cost, while 14 percent of breaches were the result of email compromises.

Continue reading →

Security testing has gained in visibility in recent years and can undoubtedly help improve the security posture of a business.

But cybercriminals frequently shift tactics and develop new ideas, so testers can’t afford to stand still and must keep up with and anticipate trends.

Continue reading →

One of the major challenges faced by IT and security teams is that they don't have a clear picture or understanding of all their assets -- laptops, servers, cloud, virtual, and IoT.

This leads to a lot of time and effort trying to identify what they have and decide whether it complies with security policies. Device security platform Armis is launching a new standalone asset management solution that's designed to deliver better visibility.

Continue reading →

The past year and the rapid changes it has brought have placed a good deal of pressure on security analysts and made their work vitally important.

A new report from Respond Software and the Ponemon Institute takes a look at the state of security operations centers (SOCs) and how they're coping.

Continue reading →

Over half (54 percent) of organizations that store customer data in the cloud had security incidents in 2020. As a result, as many as 62 percent plan to remove sensitive data from the cloud or have already done so to improve their data security.

These are the findings of a new report from Netwrix which shows the most common types of cloud security incidents in 2020 are phishing (reported by 40 percent of organizations), ransomware or other malware (24 percent), and accidental data leakage (17 percent).

Continue reading →

Microsoft Teams has been one of the winners of the pandemic, with usage in December 2020 estimated at 115 million daily users, growing from 32 million in early March.

But this success has also made Teams a tempting target for hackers. Cloud security specialist Avanan has released a new report, based on analysis of nearly 200 enterprise customers, looking at the risks of using teams and how to combat them.

Continue reading →

It's no secret that there is a huge talent gap in the cybersecurity industry. Everyone is talking about it including the prestigious Forbes Magazine, Tech Republic, CSO Online, DarkReading, and SC Magazine, among many others. Additionally, Fortune CEO's like Satya Nadella, McAfee's CEO Chris Young, Cisco's CIO Colin Seward along with organizations like ISSA, research firms like Gartner too shine light on it from time to time.

Cybersecurity: The Beginner's Guide puts together all the possible information with regards to cybersecurity; such as why you should choose it, the need for it, and how can you be part of it and fill the cybersecurity talent gap bit by bit.

Continue reading →

As noted in our 5G predictions roundup at the end of last year, one of the concerns about the rollout is that it introduces extra risks.

In order to provide a safer option Exium is launching its Secure 5G network as a service, based on emerging clean network standards being promoted by the US Department of State, the EU and others.

Continue reading →