Security

Concern about deepfakes is on the rise and earlier this week Microsoft announced its own video authentication tool ahead of the US elections.

To help counter the threat from increasingly sophisticated cyber attacks, including the use of deepfakes, biometric authentication company iProov is also launching its own Security Operations Centre (iSOC).

Cybercriminals in 2019 managed to expose more than 165 million records of confidential data across 1,365 known breaches.

But how do they get in, how long do they stay and what are they there for? The answers to these questions are in the 2020 Compromise Flashcard produced by compromise assessment company Lumu.

During the pandemic, video conferencing app Zoom found itself at the center of several security and privacy issues. In response it has boosted its security program, including aggregating reports from Bugcrowd.

But what's driving organizations like Zoom choose crowdsourced security approaches? We spoke to Ashish Gupta, CEO of Bugcrowd to find out.

New research finds that 33 percent of companies within the digital supply chain expose common network services such as data storage, remote access and network administration to the internet.

The study from RiskRecon and the Cyentia Institute also finds that organizations that expose unsafe services to the internet exhibit more critical security findings.

A new survey from Bitglass reveals that 61 percent of organizations reported at least one insider attack over the last 12 months, with 22 percent reporting at least six separate attacks.

With a whole range of changes happening at the moment securing against insider threats has become increasingly challenging. Most organizations say they can't guarantee that they can detect insider threats from personal devices (82 percent) or the cloud (50 percent), while 81 percent find it difficult to assess the impact of insider attacks.

As of September 1st, all publicly trusted TLS certificates must have a lifespan of 398 days or less -- roughly half the previous life.

According to security experts from Venafi, a provider of machine identity management, this latest change is an indication that machine identity lifetimes will continue to shrink.

In yet another example of cybercriminals exploiting world events, the frequency of phishing threats has risen considerably since the start of the pandemic, with companies experiencing an average of 1,185 attacks every month.

New research from GreatHorn reveals that more than half (53 percent) of over 300 IT professionals surveyed by Cybersecurity Insiders say they had witnessed an increase in phishing activity since the start of the COVID-19 pandemic.

Account takeover attacks and online fraud of all types have skyrocketed during the pandemic as consumers have shifted almost all of their most important transactions to digital channels.

We spoke to David Vergara, senior director of security product marketing anti-fraud and digital identity solutions company OneSpan, to discover more about the emerging technologies that banks are beginning to use in the fight against fraud, including artificial intelligence, real-time risk analytics and behavioral biometrics.

Many books discuss the technical underpinnings and complex configurations necessary for cybersecurity -- but they fail to address the everyday steps that boards, managers, and employees can take to prevent attacks. The Cybersecurity Playbook is the step-by-step guide to protecting your organization from unknown threats and integrating good security habits into everyday business situations.

This book provides clear guidance on how to identify weaknesses, assess possible threats, and implement effective policies. Recognizing that an organization’s security is only as strong as its weakest link, this book offers specific strategies for employees at every level.

With 11,121 vulnerabilities disclosed during the first half of 2020, as the year progresses the total is expected to exceed that of 2019.

Although the number of vulnerabilities disclosed in the first half of 2020 decreased by 8.2 percent compared to the same period in 2019 due to the impact of COVID-19, but the Q2 vulnerability report from Risk Based Security does suggest some signs of a return to 'normal' levels.

The Qbot trojan first appeared in 2008 as banking and credential theft malware, evolving over the years to deliver ransomware attacks, making it something of a Swiss Army knife of the malware world.

Researchers at Check Point have now uncovered a further evolution that allows Qbot to hijack legitimate email conversations from an infected user's Outlook email client, and then spam itself out using those hijacked emails to increase its chances of tricking other users into getting infected.

Personal data management software specialist Dataguise is launching a new system that enables organizations to report the impact of a data breach faster and more accurately than ever before.

GDPR requires reporting of breaches within 72 hours of becoming aware, and notifying affected individuals without delay. Dataguise is able to extrapolate the number of unique data elements in a data set quickly, with greater than 90 percent accuracy, using a patent-pending approach based on neural network technologies.

Researchers at cloud security platform Armorblox have uncovered a phishing attack that seeks to steal Office 365 login credentials.

So far, so predictable. The clever twist here though is that the initial page victims are taken to via the email link is hosted on cloud file sharing service Box, followed by a credential phishing page that resembles the Office 365 login portal.

Phishing is a problem that shows no signs of going away and indeed the COVID-19 pandemic has seen a new raft of malware and fraudulent emails seeking to trick the unwary.

Edison Software is launching a new AI-based email security subscription plan that can be added to the Edison Mail iOS app to help combat the threat.

Researchers at F-Secure have uncovered a targeted, advanced attack on a cryptocurrency organization which they have linked to the Lazarus Group, and believe is part of a global, and financially motivated, hacking campaign.

Lazarus has been linked to the now infamous WannaCry attacks of 2017. This latest report identifies the tactics, techniques, and procedures (TTPs) used during the attack, such as spearphishing via a service (in this case, using LinkedIn to send a fake job offer tailored to the recipient’s profile).