Articles about Security

Every year, threat actors will continue to evolve their current tactics, techniques, and procedures (TTPs) that they use in order to exfiltrate customer, company and partner data, interrupt business operations, implant ransomware, and more. In fact, cybercrime damage costs are predicted to hit $6 trillion annually by 2021, according to research from Cybersecurity Ventures. In 2020, as cybercriminals refine their methods, we will continue to see a plethora of breaches occur due to a common vulnerability: misconfigurations.

Despite organizations running an average of 40 percent of their workloads in the public cloud, most companies fail to be able to accurately identify the risk of misconfiguration in public cloud as higher than the risk in traditional IT environments. In the new year we will also see a greater focus placed on identity in cloud security -- a challenge that’s easier said than done, since approaches that worked in traditional data center environments do not translate to the cloud.

Continue reading →

Chief information security officers (CISO) are regularly being summoned by the board of directors to provide recommendations for the business, but this doesn’t mean cybersecurity is being prioritized.

A new study of over 300 cybersecurity executives by 451 Research for Kaspersky finds 60 percent of respondents say business leaders need input from their CISO most often when an internal cybersecurity incident happens, while 57 percent schedule meetings with the board on a regular basis, and 56 percent are requested to provide their expert opinions on future IT projects.

Continue reading →

Fraudulent browser push notifications as a means of delivering phishing and advertising are becoming more common, up from 1.7 million in January to 5.5 million in September this year according to the latest Kaspersky research.

Push notifications were introduced several years ago as a useful tool to keep site visitors informed with regular updates, but today are often used to bombard people with unsolicited advertisements or encourage them to download malicious software.

Continue reading →

We hear a lot about the use of AI in improving security products, but in most cases the assumption is that it will in some way mimic human intelligence.

Finnish company F-Secure is challenging that assumption with an initiative it calls Project Blackfin. This aims to use collective intelligence techniques, such as swarm intelligence, to create adaptive, autonomous AI agents that collaborate with each other to achieve common goals.

Continue reading →

There's a lot to be said for enhancing account security with two-factor authentication (2FA) but Twitter has long-insisted that this be done by handing over your phone number -- not something everyone is happy with.

But now the company has announced a change of heart. With immediate effect, Twitter says "you can Starting today, you can enroll in 2FA without a phone number". The move comes after Jack Dorsey's account was hijacked and used to send racist tweets, and just two months after Twitter revealed that 2FA data had 'inadvertently been used for advertising purposes'.

Continue reading →

OnePlus has issued a security notice to customers that have used its online store, informing them that their order information has been accessed by an unnamed third party in a security breach.

The company is giving away very little in the way of details about the incident. It is not clear when the data breach happened, who may be responsible, or how many customers are affected. OnePlus says that information such as names, phone numbers, email addresses and shipping addresses have been exposed.

Continue reading →

Ethical human hackers supported by machine learning and artificial intelligence are 73 percent more efficient at identifying and evaluating cyber risks and threats according to a new report.

The study from crowdsourced security platform Synack also finds this combination of cybersecurity talent and AI results in 20 times more effective attack surface coverage than traditional methods.

Continue reading →

When major cybersecurity incidents make the headlines it's easy to assume that defenders are fighting a losing battle, but in fact a new report from threat intelligence company DomainTools shows that in breaches are down and confidence in security programs is up.

More than 500 cybersecurity professionals were surveyed and the results show 30 percent of respondents gave their program an 'A' grade this year, doubling over two years from 15 percent in 2017. Less than four percent reported a 'D' or 'F'.

Continue reading →

A new report from attack surface management company RiskIQ shows attackers will leverage popular brands and unsafe consumer shopping habits in the run up to the peak holiday shopping period.

Of all apps that can be found by searching for terms related to holiday shopping, 951, or two percent, are blacklisted as malicious -- a 20 percent increase.

Continue reading →

A survey of more than 1,000 IT security professionals exposes shortcomings in organizations' approach to managing third-party user identity and access that could leave them vulnerable to compromise.

The study by Dimensional Research for One Identity finds that while 94 percent of organizations grant third-party users access to their network, 61 percent admit they are unsure if those users attempted to or successfully accessed files or data they are not authorized to see.

Continue reading →

Organizations are being targeted by a mixture of simple, low effort and low-cost attacks along with more sophisticated, targeted campaigns, according to the latest quarterly Threat Intelligence Report from security and compliance specialist Mimecast.

Based on analysis of over 200 billion emails, the report looks at the four main categories of attack types discovered in the quarter: spam, impersonation, opportunistic, and targeted. This quarter's report finds that impersonation attacks are on this rise, accounting for 26 percent of total detections -- and now include voice phishing or 'vishing.'

Continue reading →

Migrating sensitive data to the cloud inevitably raises concerns surrounding compliance and security. Most turn to encryption as a solution, but that in itself raises issues over key management.

While many cloud service providers have allowed customers to bring their own keys (BYOK), Google Cloud Platform is linking up with the Fortanix Self-Defending Key Management Service (SDKMS) to become the first public cloud provider to enable customers to bring their own key management system (BYOKMS).

Continue reading →

Software bots are being used to automate repetitive processes in two thirds of businesses, but this can present risks depending on how properly their access to data is governed.

New research from SailPoint finds many organizations do not have the correct oversight into their day-to-day bot activities. Only five percent of respondents say they have 100 percent of bots, and their access, accounted for in their identity process.

Continue reading →

Ten organizations including Avira, the Electronic Frontier Foundation, Kaspersky, Malwarebytes and NortonLifeLock, have joined in a global initiative called the Coalition Against Stalkerware.

Stalkerware programs carry the possibility for intrusion into a person’s private life and are being used as a tool for abuse in cases of domestic violence and stalking. By installing these apps, abusers can get access to their victim's messages, photos, social media, geolocation, audio or camera recordings, and in some cases, this can be done in real-time.

Continue reading →

The camera applications within Google, Samsung and other Android smartphones could be vulnerable to attack, according to some new research.

Researchers at security platform Checkmarx found that in certain circumstances adversaries can take over smartphone camera apps to record videos, take photos, eavesdrop on conversations, and identify GPS coordinates, all without the user knowing.

Continue reading →