Security

The idea that organizations should have a trusted internal network and an untrusted external one is rapidly giving way to a posture of zero trust across the board.

A new survey of 500 IT security leaders by identity specialist Okta finds a massive 275 percent year-on-year growth in the number of North American organizations that have or plan to have a defined zero trust initiative on the books in the next 12-18 months.

The first quarter of this year has seen a massive growth in phishing and counterfeit pages, with around a third of them related to COVID-19.

A new report from fraud prevention company Bolster shows that it detected 854,441 confirmed phishing and counterfeit pages and four million suspicious pages, with more than a quarter of a million devoted to COVID-19.

New research released today from Sepio Systems, a rogue device mitigation firm, reveals a 42 percent jump in the number of devices connected to corporate networks, compared with the pre-COVID-19 period.

Not only has the number of connected devices increased, there are also almost three times the number of different device vendors. This means many unbranded or budget makes of equipment being used that are not commonly found in the enterprise environment.

While high profile attacks like phishing scams targeting stimulus payments make the headlines, a new report shows they are actually on the decline.

The annual security report from website security specialist SiteLock finds that quiet attack methods, like backdoor files, are more favored among hackers as they become increasingly sophisticated and turn to methods that can go undetected and deliver the biggest payout.

Researchers at email protection company Armorblox have uncovered a targeted email phishing attack designed to get past Microsoft 365 security.

The attack is a variant of 'PerSwaysion', a recent spate of credential phishing attacks that utilize compromised accounts and leverage Microsoft file-sharing services to lull victims into a false sense of security.

Security researcher Björn Ruytenberg has revealed details of a vulnerability in the Thunderbolt 3 standard. The security flaw means that it is possible for a hacker with physical access to a computer to copy data even if the files are encrypted and the computer is locked.

The vulnerability affects all systems with Thunderbolt ports that shipped between 2011 and 2020, but some systems that shipped since 2019 have Kernel DMA Protection which means they are only partly at risk. Testing tools are available for both Windows and Linux so you can check to see if your computer is vulnerable.

The total number of publicly reported breaches in Q1 2020 has decreased by 58 percent compared to the same period last year according to a new report from Risk Based Security.

Despite the number of breaches being down though, the number of records exposed for this quarter soared to 8.4 billion -- a 273 percent increase compared to Q1 2019, and a record for the same period since at least 2005, when detailed reporting began.

Social engineering is one of the most common approaches taken by cybercriminals in order to steal data or get users to install malware.

But a new generation of payload-less attacks is now starting to emerge. How can businesses protect themselves from these threats? We spoke to Evan Reiser, CEO and co-founder of email security specialist Abnormal Security to find out.

Santander, the fifth largest bank in Europe and the 16th largest in the world, has been leaking sensitive company data due to a misconfiguration on one of its websites.

Security analysts at CyberNews discovered that Santander's Belgian branch, Santander Consumer Bank, had a misconfiguration in its blog domain that allowed for its files to be indexed.

As part of its 90-day security focus, Zoom has announced that it has acquired Keybase, an app that features end-to-end encryption to secure chats and file sharing. The Keybase team will help to bring the same security to Zoom.

The lack of end-to-end encryption has been one of the many criticisms of Zoom in recent months, and the company is keen to address this. However, Zoom says that it will only be bringing an end-to-end encrypted meeting mode to paid accounts and points out that this "privacy over compatibility" option will mean missing out on some features.

Despite the fact that credential stuffing using stolen passwords is one of the most common ways of breaching systems, new research from Balbix for this year's World Password Day finds that over 99 percent of employees reuse passwords across work accounts, or between work and personal accounts.

In addition the average password is reused not just once, but 2.7 times, and the average user is sharing eight passwords between all their accounts with 7.5 passwords shared between work and personal accounts.

Researchers at Check Point have uncovered a China-based hacker group that has been targeting multiple national Governments in the APAC region over the past five years, to gather political intelligence and conduct espionage.

Targets include Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei. After infiltrating one government body, the hacker group uses that body’s contacts, documents and servers to launch targeted phishing attacks against new government targets.

Organizations using software to help their IT and information security teams collaborate and align are three times more confident in the effectiveness of their information security efforts according to a new study.

The report from security automation specialist SaltStack shows that 54 percent of InfoSec leaders say they communicate effectively with IT professionals, but only 45 percent of IT professionals agree.

New research from VPNpro has found that two of the top 20 premium VPN apps have crucial vulnerabilities that can allow hackers to push fake updates and install malicious programs or steal user data.

The vulnerabilities in PrivateVPN and Betternet, can allow hackers to intercept communications and force the apps to download a fake update. The update may be automatically installed or the user prompted to install it.

Women are better at cybersecurity and protecting themselves online, new research by password manager app NordPass suggests.

The survey shows that women are more concerned about the potential harm of their personal online accounts being hacked. They also tend to use unique passwords more often than men.