Security

According to a new study analyzing more than 55 million emails, 25 percent of phishing emails bypass Office 365 security, using malicious links and attachments as the main vectors.

Other findings of the report from cloud-native security firm Avanan include that 33 percent of emails contain a link to a site hosted on WordPress and 98 percent of emails containing a crypto wallet address are phishing attacks.

The cloud-skills shortage has made security a major challenge for enterprises. In fact, virtually every data breach in the cloud today is due to human error, rather than brilliant hacking. Hackers don't even bother launching attacks in the public cloud; they simply look for misconfigured systems that leave data exposed.

Against this backdrop, a whole new cloud model is taking hold -- serverless computing. In a world where cloud certifications and security skills are already in short supply and causing chaos in the cloud, what will serverless computing do to compound that problem for enterprises? Is it possible for organizations to avoid making the same mistakes with this new paradigm that they are making in traditional cloud environments?

Mozilla has added new protective features to the nightly and beta versions of Firefox. Through a partnership with Disconnect, the browser is now able to block cryptocurrency mining and fingerprinting scripts.

The new features mean that users are protected against scripts that can be used to track them online, as well as those that use CPU cycles to mine for cryptocurrency. Mozilla says it is part of its mission to protect people from "threats and annoyances on the web".

Cybersecurity company BullGuard is launching its own VPN for Windows, Mac, Android and iOS, intended to make it simple for users to ensure their online privacy.

Designed to be easily used across multiple devices, BullGuard VPN features a simplified user interface and quick connect functionality, enabling consumers to fly under the radar and surf the internet in stealth mode while retaining complete anonymity via military-grade encryption.

Last month Aluminum manufacturer Norsk Hydro was hit by a large scale ransomware attack that affected its systems across the globe and caused severe disruption to its operations with an estimated impact of more than $35 million..

The attack used the LockerGoga ransomware and the threat research team at Securonix has been monitoring the malware, which also caused problems for a number of other companies.

The entertainment industry and in particular streaming services is among the biggest targets of credential stuffing attacks according to a new report.

The study from digital delivery platform Akamai, unveiled at the NAB Cybersecurity and Content Protection Summit in Las Vegas this week, focuses on credential abuse attacks against online video and music streaming services.

Concerns about Huawei's "very, very shoddy" security could mean that the Chinese company's technology is barred from key parts of the UK's 5G mobile network.

A UK watchdog has already said that Huawei poses a national security risk, but a statement from the technical director of GCHQ's National Cyber Security Centre has stepped things up. Dr Ian Levy says that "the security in Huawei is like nothing else -- it's engineering like it's back in the year 2000 -- it's very, very shoddy".

Emsisoft has released a free decrypter tool for anyone who has been struck by the Planetary Ransomware, eliminating the need to pay a fee to the attackers.

Before using the tool you are advised to ensure that you have removed the malware from your computer -- something you can do with the free version of Emsisoft Anti-Malware. You also need to ensure that you don't delete the ransom note ("!!!READ_IT!!!.txt") or the decrypter won't work.

A new survey of professionals in industries using industrial control systems (ICS) and operational technology (OT) finds 90 percent of respondents say their environment has been damaged by at least one cyberattack over the past two years, with 62 percent experiencing two or more attacks.

The study commissioned by Tenable from the Ponemon Institute also finds 80 percent of respondents cite lack of visibility into the attack surface, knowing what systems are part of their IT environments, as the number one issue in their inability to prevent business-impacting cyberattacks.

Payday should be a pleasurable time of the month, but thanks to a new spear phishing campaign, some employees are losing their pay checks to cybercriminals.

Email defense specialist Vade Secure uncovered the attack in which criminals initiate an email conversation with HR staff to get them to change bank details for receiving direct payroll payments.

A vulnerability that could allow man-in-the-middle attacks and the injection of malicious code has been found in a pre-installed app on devices manufactured by Xiaomi, one of the biggest mobile vendors.

The flaw, uncovered by researchers at Check Point is -- somewhat ironically -- in the pre-installed security app, 'Guard Provider', which is meant to protect the phone from malware.

It is only a couple of weeks since we learned that Facebook has been storing user passwords in searchable plain text, and now there is -- yet another -- privacy scandal. This time, the private data of over half a billion Facebook users was left exposed on publicly-accessible Amazon servers.

Security firm UpGuard discovered that the private data of 540 million Facebook users was exposed in Amazon Web Services S3 buckets. Now removed, the data included identification numbers, comments, reactions and account names. In some instances, names, passwords and email addresses were also exposed.

We all know that cybersecurity is a major issue, but it can sometimes be hard to grasp the scale of the problem and who is at risk.

Software reviews site TechJury has created an infographic to vizualize what is happening in the cybersecurity field as well as the top threats to look out for.

Many organizations work with hundreds of third parties, creating new risks that must be actively managed. The financial industry, in particular, has a massive business ecosystem made up of legal organizations, accounting and human resources firms, management consulting and outsourcing firms, and information technology and software providers.

A new study into the financial services sector from security ratings company BitSight finds that 97 percent of respondents say cyber risk affecting third parties is a major issue.

A new study into how enterprises manage sensitive data reveals overconfidence in knowing where private data resides, and the use of inadequate tools such as spreadsheets to track it.

The research from Integris Software shows 40 percent are 'very' or 'extremely' confident in knowing exactly where sensitive data resides, despite only taking inventory once a year or less. Yet a mere 17 percent of respondents are able to access sensitive data across five common data source types.