Security

Research from Coalfire Labs based on over 800 penetration tests finds that company size has a direct bearing on how effectively a business is able to fend off would-be attackers.

The study shows large and small companies see more than three times the year-on-year improvement of medium-sized companies. Although mid-size companies hit the cybersecurity sweet spot in 2018, they scrambled to keep up last year, and in 2020, improving only four percent year-on-year in fending off attackers compared to their bigger and smaller counterparts.

We're all familiar with the menace of phishing but, particularly following the recent Twitter attack, other methods of stealing credentials have been on the rise.

These include 'smishing' (phishing via SMS) and 'vishing' (phishing by voice call). We spoke to Ed Bishop, CTO at email security company Tessian to find out how businesses can identify vishing and smishing attacks, how the attacks work, and how companies can protect their employees.

People like to be individuals, and in the computing arena one way to be a little different is to change the look of Windows by using themes. But a security researcher has warned of a technique that could be exploited by hackers to trick users into divulging their Windows login details when applying a theme.

Malicious theme packs can be used to execute a "pass-the-hash" attack which sends passwords to a remote server. The specially designed themes are easy to create, andthe way the credential stealing attack works will fool many people -- but there are protective measures that can be put in place.

The COVID-19 pandemic has seen a spike in scams, phishing and malware across all platforms and attack vectors. The latest mid-year threat landscape report from Bitdefender shows that in May and June, an average of 60 percent of all received emails were fraudulent.

In addition there’s been a five-fold increase in the number of coronavirus-themed attacks and a 46 percent increase in attacks aimed at home IoT devices.

Smaller businesses are having to do more with less in terms of security, a situation made worse by the coronavirus pandemic.

The annual SMB IT Security Report from Untangle shows that 38 percent of SMBs are allocating $1,000 or less to their IT security budget, compared to 29 percent in 2019 and 27 percent in 2018.

Earlier in the year, Intel announced that it had completed software validations on fixes for a series of security flaws affecting many of its processors discovered a couple of years ago. Now Microsoft, in conjunction with the chip-maker, released microcode updates for Windows 10 to fix these issues.

The four problems are connected to the now-infamous Spectre and Meltdown flaws from 2018. They relate to problems with the speculative execution function of many chips, and could allow for sensitive data to leak.

The shortcomings of password security are well known. Indeed the death of passwords has been predicted for a long time but they still cling on.

There are a number of alternative authentication methods available, but confusion still reigns about the pros and cons of different approaches. To help cut through the mass of information, identity management company Beyond Identity has put together an infographic looking at alternative authentication methods and the security each provides.

Concern about deepfakes is on the rise and earlier this week Microsoft announced its own video authentication tool ahead of the US elections.

To help counter the threat from increasingly sophisticated cyber attacks, including the use of deepfakes, biometric authentication company iProov is also launching its own Security Operations Centre (iSOC).

Cybercriminals in 2019 managed to expose more than 165 million records of confidential data across 1,365 known breaches.

But how do they get in, how long do they stay and what are they there for? The answers to these questions are in the 2020 Compromise Flashcard produced by compromise assessment company Lumu.

During the pandemic, video conferencing app Zoom found itself at the center of several security and privacy issues. In response it has boosted its security program, including aggregating reports from Bugcrowd.

But what's driving organizations like Zoom choose crowdsourced security approaches? We spoke to Ashish Gupta, CEO of Bugcrowd to find out.

New research finds that 33 percent of companies within the digital supply chain expose common network services such as data storage, remote access and network administration to the internet.

The study from RiskRecon and the Cyentia Institute also finds that organizations that expose unsafe services to the internet exhibit more critical security findings.

A new survey from Bitglass reveals that 61 percent of organizations reported at least one insider attack over the last 12 months, with 22 percent reporting at least six separate attacks.

With a whole range of changes happening at the moment securing against insider threats has become increasingly challenging. Most organizations say they can't guarantee that they can detect insider threats from personal devices (82 percent) or the cloud (50 percent), while 81 percent find it difficult to assess the impact of insider attacks.

As of September 1st, all publicly trusted TLS certificates must have a lifespan of 398 days or less -- roughly half the previous life.

According to security experts from Venafi, a provider of machine identity management, this latest change is an indication that machine identity lifetimes will continue to shrink.

In yet another example of cybercriminals exploiting world events, the frequency of phishing threats has risen considerably since the start of the pandemic, with companies experiencing an average of 1,185 attacks every month.

New research from GreatHorn reveals that more than half (53 percent) of over 300 IT professionals surveyed by Cybersecurity Insiders say they had witnessed an increase in phishing activity since the start of the COVID-19 pandemic.

Account takeover attacks and online fraud of all types have skyrocketed during the pandemic as consumers have shifted almost all of their most important transactions to digital channels.

We spoke to David Vergara, senior director of security product marketing anti-fraud and digital identity solutions company OneSpan, to discover more about the emerging technologies that banks are beginning to use in the fight against fraud, including artificial intelligence, real-time risk analytics and behavioral biometrics.