Articles about Security

2020 has been a boom year for eCommerce, with average daily transaction volumes equal to 88 percent of the volume achieved during Black Friday weekend 2019 according to digital trust and safety specialist Sift.

It also finds the average attempted fraudulent purchase value has risen to over $700 from October through November 2020, a 70 percent year-on-year increase compared to the same period in 2019.

Continue reading →

The MITRE ATT&CK framework is now used by many organizations to help them understand and counter threats. Less well known is the latest addition, MITRE Shield.

We spoke to Carolyn Crandall, chief deception officer and CMO at Attivo Networks to find out more about how this can be used along with MITRE ATT&CK to better address adversaries.

Continue reading →

IBM Security is launching a new service that allows companies to experiment with fully homomorphic encryption (FHE) -- an emerging technology that allows data to remain encrypted while being processed or analyzed in cloud or third-party environments.

IBM Security Homomorphic Encryption Services provide companies with education, expert support, and a testing environment to develop prototype applications that can take advantage of FHE.

Continue reading →

For many organizations, the immediate shift to remote work meant IT pros had to manage a hyper-accelerated, mass cloud migration coupled with large-scale SaaS platform rollouts. Daily users of Microsoft Teams, for example, rose from 75 million to 115 million in less than six months. Now that the first tidal wave of digital transformation has passed, IT and security teams should recalibrate and reprioritize application security and data governance in 2021 and beyond.

And while the pandemic has underscored major SaaS platform security concerns, including a rise in sophisticated cyber threats, research indicates many organizations still struggle with the fundamental tasks needed to secure the workforce -- both remote and on-prem. Here are three common mistakes and how to avoid them.

Continue reading →

The move towards zero trust has been one of the big security stories of 2020, driven by a switch to remote work, but so far it has been largely the preserve of bigger organizations.

Now though JumpCloud has added Conditional Access policies to its Directory Platform, enabling IT admins to adopt zero trust security from the same cloud platform that they use to manage and securely connect users to IT resources.

Continue reading →

Researchers at mobile device security company Lookout have uncovered a new strain of spyware targeting iOS and Android users in multiple Asian countries.

Called Goontact, it targets users lured to illicit sites and steals personal information stored on their mobile devices in order to carry out sextortion scams.

Continue reading →

Paying off a bad actor for successfully implementing ransomware into an organization is the enterprise equivalent of rewarding a bad child who vandalized a home with candy -- but unfortunately, many organizations often have no choice but to pay… and pay a lot.

Technology has enabled asymmetric attacks. In other words, one attacker can federate an attack across many organizations. The attacker needs to get the attack right once -- while the defenders (corporations, governments, hospitals, etc.) need to get their defense right every… single… time!

Continue reading →

New account fraud based on ID verification declined by 23.2 percent worldwide, year-on-year in 2020 according to a new report from AI-powered identity verification specialist Jumio.

Although selfie-based fraud rates were five times higher than ID-based fraud, this shows the growing number of stolen ID documents available on the dark web and, more importantly, the growing need to determine if an ID is authentic and belongs to the user.

Continue reading →

Among the many things that have changed in 2020 it's proved to be a record year for crowdsourced cybersecurity adoption, according to Bugcrowd.

Enterprises across all industries have been implementing crowdsourced cybersecurity programs to keep up with the evolving threat landscape. Bugcrowd has seen a 50 percent increase in submissions on its platform in the last 12 months, including a 65 percent increase in Priority One (P1) submissions, which refer to the most critical security vulnerabilities.

Continue reading →

A lockdown increase in online gaming activity has inevitably attracted attention from attackers, resulting in nearly 77 percent of cyberattacks targeting the online gaming and gambling industries in Q3 of 2020.

The latest DDoS Threat Report from Nexusguard also reveals a huge 287 percent increase in total DDoS attacks in the third quarter compared to the same period last year.

Continue reading →

With many large enterprises using Active Directory (AD) and Azure Active Directory (AAD) to control user permissions and access, this has become one of first places attackers look for weakness.

Add to this an acceleration of digital transformation projects due to the pandemic and more and more companies are looking to implement zero trust to stay secure. But a new report from One Identity suggests this transition may prove challenging.

Continue reading →

The analyst team at digital risk protection firm CybelAngel has discovered that more than 45 million medical imaging files, including X-rays and CT scans, are freely accessible on unprotected servers.

The findings are the result of a six-month investigation into Network Attached Storage (NAS) and Digital Imaging and Communications in Medicine (DICOM), the de facto standard used by healthcare professionals to send and receive medical data.

Continue reading →

The Christmas shopping season is in full swing. This year, online retailers pushed the boundaries with "Black November" in the hopes of improving their online sales, thanks to the uncertainty around in-store shopping due to COVID-19, leading many customers to make their purchases from the safety of their own homes.

As a result, e-commerce merchants have witnessed a significant uptick in users and devices connecting to websites than in recent years.

Continue reading →

Cybersecurity company Sophos is announcing four new open artificial intelligence developments with the aim of improving defenses and making the use of AI in cybersecurity more transparent.

Although in other industries it's become common to share AI methodologies and findings, cybersecurity has lagged which doesn't help understanding of how AI can protect against cyberthreats.

Continue reading →

The consumer Internet of Things (IoT) has exploded into the connected world, making domestic life richer, easier and more entertaining. Consumer IoT comprises a set of connected devices that have a discrete function, enabled or supplemented by a data-gathering capability through on-board sensors. In any home or office environment an individual may come into contact with 'smart' appliances or devices such as coffee machines, cameras, heating systems, locks, lights, health trackers, refrigerators and TV’s, to name a few.

Criticism of IoT security, or lack-thereof, has highlighted serious deficiencies in both design and implementation of IoT devices. Unfortunately, consumers are critically dependent on device manufacturers for the security of their devices. With a rushed and greater rate of adoption, a number of risks have been introduced, attracting close attention from threat actors aiming to steal valuable information and disrupt services. However, all hope is not lost -- at a consumer level, there are still a few basic techniques that can be used to protect IoT devices from attacks.

Continue reading →