Security

A new study from Check Point looks at how organizations have managed their cyber-security during the recent lockdowns and also their security priorities and concerns over the coming months as they move to the 'new normal.'

Over 86 percent of respondents say their biggest IT challenge during the pandemic was moving to mass remote working, and the biggest security concern (62 percent) was maintaining VPN capacity for staff.

The move to cloud applications is leading many businesses to slow down investment in their in-house networks. This combined with a surge in home working is putting a strain on network security and infrastructures.

A new study from technology services company NTT Ltd finds 45.6 percent of organizations' network assets in Europe are aging or obsolete, as a weighted average, representing a huge surge on 2017, when this figure was just 12 percent.

Kaspersky has announced that it's launching a series of online talks, created to present knowledge and the latest cybersecurity findings, freely accessible to anyone with an internet connection.

Titled 'GReAT Ideas. Powered by SAS' the events will be hosted by Kaspersky's Global Research and Analysis Team (GReAT), which works to uncover APTs, cyber-espionage campaigns, major malware, ransomware, and underground cybercriminal trends around the world.

Open source code allows developers to quickly integrate new capabilities into applications without having to reinvent the wheel, but it doesn't come without hazards.

A new report from RiskSense provides in-depth findings on vulnerabilities in leading open source software (OSS), including the most weaponized weaknesses, which software is most at risk, and the top types of attacks.

Apple has launched a new open source project designed to promote collaboration between the  developers of password management software to help improve security for users.

The Password Manager Resources project has been created to make it easier for the developers of password managers to work together to ensure interoperability with websites, and to create a better experience for users. The aim is to integrate the strong password generating capabilities of the iCloud Keychain platform into password management apps.

Zoom's meteoric rise in popularity due to COVID-19 forcing more people to work from home led to a great deal of interest in the video conferencing tool's security and privacy. The lack of end-to-end encryption was a major concern for many users, but following the recent acquisition of Keybase, Zoom CEO Eric S Yuan said it would "help us build end-to-end encryption that can reach current Zoom scalability".

Well, end-to-end encryption is here. But only if you're a paying Zoom customer. Anyone using a free account is being left out in the cold. Why? Because, Yuan explains, "we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose". Yuan is apparently of the impression that paying customers could not possibly be potential criminals.

When organizations suffer a cyberattack it's often described by them as 'advanced'. But just how good does an attack need to be to breach defenses?

We spoke to Matt Walmsley, head of EMEA marketing at threat detection and response platform Vectra to find out about the attack landscape, how most attacks aren't all that advanced at all, and how companies can better defend themselves.

Requested amounts in ransomware attacks rose nearly 200 percent from 2018 to 2019, averaging $115,123 per attack last year.

A report from incident response, risk management and digital forensics firm Crypsis Group reveals that threat actors across a range of cyberattack types have significantly escalated their tactical approaches, becoming more targeted, conducting victim research and employing techniques that enable them to be more successful and extract higher payouts for their efforts.

During May, researchers at Check Point have seen a doubling in the number of malicious files sent by email claiming to be resumes or CVs from individuals, as hackers exploit the unemployment and remuneration schemes resulting from the COVID-19 pandemic.

In addition they have noted that seven percent of domains registered containing the word 'employment' are malicious. There has also been a 16 percent increase in malware attacks overall, compared to March and April.

The current shift to remote working looks likely to have a long-term impact on the way businesses operate in future. But this raises issues over security and ensuring that misconfigurations don't lead to data being exposed.

How big is the risk and what are the key issues enterprises face? We spoke to Brendan O'Connor, CEO of cloud security specialist AppOmni to find out.

Cybercriminals exposed more than five billion records in 2019, costing over $1.2 trillion to US organizations. Added to the 2.8 billion records that were exposed in 2018, this means breaches over the last two years have cost US organizations over $1.8 trillion.

This is one of the findings of the latest Consumer Identity Breach Report from ForgeRock, which shows a dramatic increase in the number of breaches.

A new survey finds that 79 percent of companies experienced at least one cloud data breach in the past 18 months, and close to half (43 percent) reported 10 or more breaches.

The study for cloud access risk security company Ermetic conducted by IDC  covered 300 CISOs and finds that security misconfiguration (67 percent), lack of adequate visibility into access settings and activities (64 percent) and identity and access management (IAM) permission errors (61 percent) are the top concerns associated with cloud production environments.

Privileged access management (PAM) specialist Thycotic is expanding its portfolio with the announcement of three new products.

It's launching Thycotic Remote Access Controller, Thycotic Cloud Access Controller and Thycotic Database Access Controller, following its acquisition of cloud security company Onion ID.

According to the latest study from mobile security company Lookout, the first quarter of this year saw the enterprise mobile phishing encounter rate increase by 37.1 percent globally .

This includes regional increases of 66.3 percent in North America, 25.5 percent in EMEA and 27.7 percent in the Asia Pacific region.

The COVID-19 pandemic has led to a tide of cybercriminal activity seeking to exploit things like government payments.

We spoke to Michael Magrath, director, global regulations and standards at anti-fraud and digital identity solutions company OneSpan to find out how governments and enterprises can use technology to guard against the threat.