Security

Twitter has emailed an unknown number of users to warn them of a security incident that took place some time prior to May 20 this year.

The company says that personal and billing information of people who used the Ads or Analytics pages on the Twitter site may have been affected. Twitter says that the vulnerability has now been addressed, but has emailed users to explain the circumstances of the incident.

Endpoints are generally the weakest point of a corporate network and the problem is made more acute by the shift to remote working.

Illumio is launching a new endpoint protection solution that reduces the risk of ransomware and malware propagating laterally throughout an organization.

As technology continues to evolve, software development teams are bombarded with security alerts at an increasing rate, making it almost impossible to address every potential vulnerability.

New research from WhiteSource, an open source security and license compliance management specialist, and CYR3CON, which predicts cybersecurity attacks based on AI-gathered intelligence looks at how development teams prioritize fixing vulnerabilities and compares this to discussions in hacker communities.

Crowdsourced security platform Bugcrowd has released a new report which shows that 78 percent of hackers on its site say AI-powered cybersecurity solutions alone aren’t enough to outmaneuver cyber attacks over the next decade.

The 2020 Inside the Mind of a Hacker report also reveals that 87 percent say that scanners can’t find as many critical or unknown assets as humans.

Thanks to the COVID-19 pandemic and extended tax filing deadline for 2020 its likely that people will be submitting their returns over a longer period this year.

New research from information security company Shred-it shows that most Americans file their tax returns online, even though many believe this puts them at greater risk of fraud.

Very rarely in life is certainty guaranteed. Almost every decision we make is made imperfectly, without complete knowledge and based on a gut-checked risk assessment. When it comes to protecting your organization from phishing attacks, this still rings true. Yet, most email security providers still see through a black-and-white lens and act in terms of absolute certainty. As a result, they effectively protect against the known bad, but let unfamiliar threats slip right through.

Employees at every level of your company are making hundreds of email decisions every day -- open this, delete that, respond to this, leave that for tomorrow. With so much inbox noise, a potential phishing email can infiltrate easily -- and can impact an entire organization profoundly.

Australia's Prime Minister, Scott Morrison says the country's government and institutions are being targeted by sophisticated cyber attacks.

The attacks are said to be against all levels of governments as well as services and businesses. Although identified as a state-based attack there is no official comment on who might be behind it. Morrison says it's believed to be a state attack, "...because of the scale and nature of the targeting and the trade craft used."

Smaller and medium sized companies are more likely to spend on cyber insurance than their larger competitors according to a new report.

The study from US cyber insurance specialist Cowbell Cyber finds 65 percent of SMEs are planning to spend more on cyber insurance as part of their resilience plan in the next two years, compared to 58 percent of large companies.

Breach and attack simulation solutions company AttackIQ is offering advanced cybersecurity training with a modularized curriculum and cyber range labs to security practitioners, free of charge.

Learners at the AttackIQ Academy get realistic, hands-on experience via cyber range labs and exercises that are based on scalable, cloud-hosted infrastructure. All Academy participants are eligible for (ISC)2 Continuing Professional Education (CPE) credits.

As cloud environments become more and more common the extra risks are mostly well understood but a new blog from Orca Security shows that businesses could be leaving their networks open via common configuration errors.

The use of external CI/CD (continuous integration/continuous delivery) services means access control lists (ACLs) are often changed but this can inadvertently leave internal services open to the world argues Avi Shua, CEO and co-founder of Orca Security.

In yet another sign that cybercriminals are keen to exploit the current world situation, in the second and third weeks of March business email compromise (BEC) attacks increased more than 430 percent according to email security specialist Abnormal Security.

In the early part of the year attacks on C-Suite executives decreased by 37 percent from Q4 2019 to Q1 2020, while the focus shifted to finance employees, attacks targeting them increasing 87 percent in Q1 2020 against Q4 2019.

The increase in remote and home working in recent months has shone a spotlight on the unreliability of many domestic internet connections.

The Speedify VPN service is updating its offering which allows users to link and seamlessly switch between multiple connections including home internet, mobile data and public Wi-Fi networks to provide a more reliable connection.

New research from Bitdefender shows that half of information security professionals didn't have a contingency plan in place -- or didn't know if they did -- for a situation like COVID-19 or similar.

Yet 86 percent admit that attacks in the most common vectors have been rising during this period. Cyberwarfare and IoT as an attack vector were reported to be up by 38 percent, and APTs, cyberespionage IP theft and social media threats/chatbots by 37 percent -- all of which could turn 2020 into a bumper year for breaches.

Tools like checkers and brute forcers freely available on the dark web are helping unskilled criminals launch automated attacks against organizations' websites.

A new report by Recorded Future also reveals the industries most affected by these tools are software, media and entertainment, eCommerce, finance, and telecommunications.

A new report shows that 82 percent of security operations centers are confident in their ability to detect cyberthreats.

This is despite just 22 percent of front line workers tracking mean time to detection (MTTD), which helps determine hacker dwell time, and 40 percent of organizations still struggling with SOC staff shortages and finding qualified people.