Security

As we have seen in another report today, the financial sector remains a prime target for cybercriminals. Phishing attacks and credential stuffing are the two most common forms of attack used against the industry according to another report from Akamai.

In the six months between December 2018 and May 2019, nearly 200,000 phishing domains were discovered by the research and 50 percent of all unique organizations impacted are from the financial services sector.

The finance industry is a prime target for cyberattacks and a new report from F-Secure shows that it's facing a wide range of threats that go far beyond traditional theft.

Attacks targeting banks, insurance companies, asset managers and similar organizations can range from common script-kiddies to organized criminals and state-sponsored actors. And these attackers have an equally diverse set of motivations for their actions, with many seeing the finance sector as a tempting target due to its importance in national economies.

A new report reveals that 32 percent of businesses still have Windows XP installed on at least one device on their network and 79 percent of businesses are running Windows 7, which will reach its end of service in January 2020, on one or more devices.

The study from IT industry marketplace Spiceworks also shows many businesses are turning to next-generation security solutions like AI-powered threat intelligence and security-as-a-service to face security threats and vulnerabilities including outdated operating systems, limited use of encryption, and a lack of in-house security expertise.

According to a new report, 53 percent of enterprise security leaders don't know if their security tools are working, despite massive spending.

The study carried out for continuous validation specialist AttackIQ by the Ponemon Institute shows companies surveyed are spending an average of $18.4 million annually on cybersecurity and 58 percent will be increasing their IT security budget by an average of 14 percent in the next year.

Containerization has seen rapid adoption in recent years, but a new study from container security specialist StackRox reveals organizations struggling with security issues.

The report shows that while two-thirds of organizations have more than 10 percent of their applications containerized, 40 percent of them remain concerned that their container strategy doesn't adequately invest in security. Another 34 percent say that their strategy lacks sufficient detail.

A hacker has been arrested following a massive data breach at Capital One. The attacker -- Paige A Thompson, also known as "erratic" -- was able to access the credit applications of 100 million Americans and 6 million Canadians after exploiting a "configuration vulnerability".

In most cases, personal details such as name, date of birth, address and phone number were exposed by Thompson, but for tens of thousands of individuals, she also gained access to credit scores, Social Security numbers and account balances.

Security and compliance specialist Qualys is announcing today that it's making its Global IT Asset Discovery and Inventory app available to all businesses for free.

With the app users can automatically create a continuous, real-time inventory of known and unknown assets across a global IT footprint. The assets can be anything from on-premises, endpoints, multi-cloud, mobile, containers, OT and IoT.

Working in a security operations center is stressful, so much so that 65 percent of analysts report having considered changing careers or quitting their jobs.

This is among the findings of a new study carried out by the Ponemon Institute for data analytics platform Devo Technology, which also finds that 49 percent say their SOC is not fully aligned with business needs.

Anyone using Office 365's webmail component to send emails is unwittingly sharing their IP address with the people they communicate with.

The web-based Outlook 365 inserts the sender's IP address into the header of an email, which makes it stand apart from other webmail services such as Gmail -- and even Microsoft's own Outlook.com. While the injected IP address serves something of a purpose, it's also a privacy and security risk that many users may not be aware of.

Most small and medium businesses are seriously underestimating their vulnerability to cyberattacks according to a new study.

The report from password manager company Keeper Security shows that 66 percent don't think they will fall victim to an attack. But this confidence is contradicted by a study last year that showed 67 percent of SMBs had been attacked in the past year.

The latest mid-year Cyber Attack Trends Report from Check Point shows mobile banking malware attacks are up 50 percent compared to the first half of 2018, while the number of organizations hit by cryptominers is down to 26 percent, from 41 percent last year.

Among the top banking malware variants are Ramnit (28 percent), a Trojan that steals banking credentials, FTP passwords, session cookies and personal data; Trickbot (21 percent), which first emerged in October 2016; and Ursnif (10 percent) a Trojan that targets the Windows platform.

Email attacks are causing major problems for IT professionals, with over a third (38 percent) blaming them for increased stress at work.

A survey of 660 IT professionals by Barracuda Networks reveals that 38 percent also admit to worrying about email attacks outside of work hours and 16 percent have canceled personal plans due to email attacks.

There has been a degree of confusion over the last few days after news spread of a supposed vulnerability in the media player VLC. Despite being labelled by security experts as "critical", VLC's developers, VideoLAN, denied there was a problem at all.

And they were right. While there is a vulnerability, it was in a third-party library, not VLC itself. On top of this, it is nowhere near as severe as first suggested. Oh -- and it was fixed over a year ago. An older version of Ubuntu Linux was to blame for the confusion.

Reports have emerged of a security bug in the Windows and Linux versions of VLC, making it vulnerable to remote-code execution via malicious videos. But although German and American security experts have branded the flaw as "critical", VLC-maker VideoLAN is downplaying things.

In fact, more than downplaying the vulnerability, VideoLAN is flat-out denying that it exists, with the software developer dismissing it as "fake news". [UPDATE: the vulnerability has now been pretty much debunked]

In the past three months 22 percent of businesses have suffered a data breach as a result of an email attack according to a new report.

The study released by email security platform GreatHorn spoke to more than 1,000 professionals to get a better understanding of the current state of enterprise email security.