Businesses plan to use more AI and machine learning in cybersecurity this year -- even though they don't understand it
The use of more artificial intelligence to improve security has been touted for a while. New research from Webroot reveals that a majority of business are now actively exploring the technology.
It finds 71 percent of businesses surveyed in the United States plan to use more artificial intelligence and machine learning in their cybersecurity tools this year. However, a worrying 58 percent say that aren't sure what that technology really does.
Remote Access Trojans (RATs) are often used to steal information from enterprise networks. By looking at network metadata, analysts at threat intelligence firm Recorded Future have been able to identify RAT command-and-control (C2) servers, and more crucially, which corporate networks are communicating to those controllers.
This offers insight about third-party organizations that Recorded Future clients can use to get a better understanding of potential third-party risk to their own data.
Cybercrime and hacking has overtaken flying, dogs and clowns in the top 10 list of things the British are most scared of, but still only ranks in sixth place behind spiders, heights, snakes, dentists and small spaces.
Arachnids top the list despite there being less than a one-in-a-million chance of being bitten by a spider badly enough to warrant going to hospital in the UK.
From September this year the second Payment Services Directive (PSD2) comes into force across the EU. This will require payment service providers to offer strong customer authentication (SCA) and third-party access to bank accounts or risk losing their their payment provider license.
But a new report today from fraud prevention company iovation suggests that stricter requirements for fraud prevention in Europe will drive fraud to other regions such as the US.
Check Point Research has uncovered two massive mobile adware and data stealing campaigns, which have already had a combined total of over 250 million downloads globally.
Both target mobiles using Android, and exploit the mobile app development supply chain to infect devices and perform malicious actions.
In one of the biggest tests of Android antivirus software ever conducted, out of 250 apps tested the majority proved to be dubious, unsafe or ineffective.
Independent testing organization AV-Comparatives put the apps to the test against an array of common threats and found that some are not properly protecting users.
While Windows 10 enjoys a significant and growing userbase, there are still many Windows 7 users out there. This includes a large number of enterprise users, and for these customers security is of paramount importance.
Last month we learned about the pricing for Windows 7 Extended Security Updates (ESU) which will be available when support for the aging operating system ends in 2020. Now we know that ESU will go on sale from the beginning of next month.
In February, the two most prevalent malware variants were cryptominers, followed by the Emotet banking Trojan. Coinhive has seen a downward trend in its global impact, from 18 percent of organizations in October 2018 to 12 percent in January 2019 and with a further two percent drop in February.
Bring your own device (whereby employees work from personal devices like their mobile phones) is quickly becoming the norm in today’s business environment. Companies that embrace BYOD are able to give employees more freedom to work remotely, resulting in increased productivity, cost savings and talent retention. In fact, 85 percent of organizations now allow BYOD for at least some of their stakeholders, including employees, contractors, partners, customers and suppliers.
It is important to note that BYOD does change an organization’s threat landscape and requires security tools that are different than those that are used to protect managed devices. Unfortunately, a widespread misunderstanding about this point has contributed to an unfounded assumption that BYOD is inherently riskier than the traditional way of doing things. In reality, this is a myth fueled by companies that fail to implement proper security tools and processes for protecting data in BYOD environments. Consider the following findings from a recent report on BYOD and security:
Google recommends upgrading to Windows 10 to avoid unpatched Windows 7 zero-day that's being actively exploited
Google is warning users of Windows 7 that they are at risk from a privilege escalation zero-day bug -- and the advice is to upgrade to Windows 10 as there is no patch currently available for the actively exploited vulnerability.
The problem stems from two vulnerabilities being exploited in combination -- one in Chrome, and one in Windows. Having pushed out a patch to its Chrome web browser, Google is warning that Windows 7 users are still exposed until such a time as Microsoft develops a patch.
Attacks using banking Trojans are among the most popular with cybercriminals as they are focused directly on financial gain.
According to a new report from Kaspersky Lab, 889,452 users of Kaspersky Lab solutions were attacked by banking Trojans last year, an increase of 15.9 percent compared to 2017.
It's been a while since we heard much about Spectre, the speculative execution exploit that sent the security world into a frenzy. Cast your mind back a little while and you'll probably remember that the various fixes that were produced to mitigate against the exploits all had one thing in common -- they resulted in a performance hit.
To help address the reduced performance experienced on older AMD and Intel systems, a new mitigation technique called Retpoline was developed. This new Spectre patch is currently included in Insider builds of Windows 10, but you can install it and enable it right now -- regardless of whether you are signed up for the Insider program -- and enjoy a speed boost for your computer.
There is an acknowledged shortage of security talent in the West, but at the same time a lack of opportunity in many developing nations such as South America and India is leading to fledgling talent utilising its expertise for nefarious acts rather than for legal activity.
But a new approach to threat detection and prevention could help address the skills shortage while giving cybersecurity talent in developing countries the chance to earn an honest wage. We spoke to Steve Bassi, CEO of PolySwarm to find out more.
Researchers at Kaspersky Lab have uncovered a new strain of malware spreading via The Pirate Bay torrent tracker site.
Named after the classic Russian doll, PirateMatryoshka aims to infect users' computers with adware and tools that spreads further malware onto the device. It carries a Trojan-downloader disguised as a hacked version of legitimate software used in everyday PC activity.
Researchers at email and data security company Mimecast have uncovered a bug in Microsoft Word that can be used to bypass security systems.
The bug incorrectly handles integer overflows and can be used to circumvent security systems and fool parsers to deliver remote code that can take complete control over a compromised machine.