Articles about Security

Pass the Hash (PtH) attacks which use stolen hashed administrator credentials to breach security are a major risk to businesses.

A new report from One Identity, based on a survey of over 1,000 IT professionals carried out by Dimensional Research, finds 95 percent of respondents say that PtH attacks have a direct impact on their organizations.

Continue reading →

Twitter has announced that email addresses and phone numbers provided by users for use with two-factor authentication (2FA) have been "inadvertently" used to deliver tailored ads.

The company says it does not know how many people are affected by the incident, but apologizes for letting private data be used in this way. The timing of the announcement is a little strange. Twitter says that the matter was under control as of September 17, and it is not quite clear why it took three weeks to go public about it -- even though it says "in an effort to be transparent, we wanted to make everyone aware".

Continue reading →

Small and medium sized businesses continue to be a prime target for cybercriminals according to a new study commissioned by password management company Keeper Security from the Ponemon Institute.

It shows that 76 percent of US companies have been attacked within the last 12 months, up from 55 percent in 2016. Globally, 66 percent of respondents report attacks in the same time frame.

Continue reading →

Despite growing adoption of DMARC technology, fewer than 10 percent of enterprise email domains are protected from impersonation according to a new report from Valimail.

Valimail found that 850,000 domains worldwide now have DMARC records, a five times increase since 2016. However, fewer than 17 percent of global DMARC records are at enforcement -- meaning fake emails that appear to come from those domains are still arriving in recipients’ inboxes.

Continue reading →

Poor privileged access management practices that lead to people having too much access continue to be a critical challenge for many organizations despite significant risks of data breaches and security incidents.

A new report from technology consulting company Sila and the Ponemon Institute surveyed more than 650 North American respondents and finds 70 percent think it likely that privileged users within their organizations are accessing sensitive or confidential data for no discernible business need.

Continue reading →

Nearly a quarter of malicious URLs are being hosted on trusted domains, as hackers know trusted domain URLs raise less suspicion among users and are more difficult for security measures to block.

This is one of the findings of the latest Webroot threat report which also shows 29 percent of detected phishing web pages use HTTPS as a method to trick users into believing they're on a trusted site via the padlock symbol.

Continue reading →

Despite the rise of cloud storage, 87 percent of organizations still use USB drives but they are struggling to manage their usage according to a new report.

The study from encrypted drive manufacturer Apricorn reveals that 58 percent don't use port control or whitelisting software to manage USB device usage and 26 percent don't use software-based encryption.

Continue reading →

Although most security professionals use key performance indicators to measure their efforts they struggle to reconcile these with business goals, according to a new report from Thycotic.

It finds that while 84 percent of respondents have KPIs, and an even higher proportion (92 percent) say they review security in terms of its impact on the business, nearly half (44 percent) say their organization struggles to align security initiatives with the business’s overall goals, while more 35 percent aren't clear what the business goals are.

Continue reading →

Email is now the preferred communication method for businesses, but this brings with it greater risk of employees leaking data due to errors or deliberate activity.

A survey from data security company Egress shows that of employees who had accidentally shared data almost half (48 percent) say they had been rushing, 30 percent blamed a high-pressure working environment and 29 percent said it happened because they were tired.

Continue reading →

Ransomware is a pervasive problem, and for victims it can be difficult to know whether paying up will help them to regain access to their maliciously encrypted files. So when ransomware decryption keys are released free of charge, it's always good news -- and this is exactly what has happened for HildaCrypt.

The developer of this particular strain of ransomware has released the decryption keys after a security researcher shared detailed of what was initially thought to be a new type of ransomware.

Continue reading →

Insider threats, caused by current and departing employees, expose companies to breaches and put corporate data at risk, but security solutions may not be effectively preventing them.

A new study from data loss solution company Code42 finds that 69 percent of organizations say they were breached due to an insider threat and confirm they had a prevention solution in place at the time of the breach.

Continue reading →

Yesterday marked the start of not just Cybersecurity Awareness Month but also Domestic Violence Awareness Month.

Domestic abusers often make use of stalkerware (commercial spyware used as a tool for domestic espionage) to leverage their partner's digital footprint for physical control.

Continue reading →

With nearly 151 million users worldwide, Netflix is the #1 streaming service in the world. It also has the distinction of being the most impersonated by hackers. For cybercriminals, Netflix phishing is a lucrative business. While other streaming services, including HBO NOW and Spotify, are also on the receiving end of phishing attacks, none comes close to Netflix.

Netflix’s 155 million subscriber base offers a lucrative supply of personal information, contributing to its favorability with phishers. In Vade Secure's quarterly Phisher’s Favorites report for Q2 2019, Netflix was the 4th most impersonated brand in phishing attacks, with 8.2 percent quarter-over-quarter growth in Q2 2019.

Continue reading →

According to a Harris Poll carried out for Google, 75 percent of Americans get frustrated trying to manage all their passwords.

This results in unsafe practices as 24 percent have used the following common passwords, or some variation: like 'abc123', 'Password', or '123456'. 59 percent of US adults have incorporated a name (their own, a family member's, a partner's, or a pet’s) into their password to an online account, 22 percent have used their own name and a third have used their pet's name or a variation as their password.

Continue reading →

New research from Kaspersky finds that the cost of enterprise data breaches has risen from $1.23 million last year to $1.41 million in 2019.

At the same time enterprise organizations have invested more in cybersecurity, with IT security budgets averaging $18.9 million compared to $8.9 million in 2018.

Continue reading →