Articles about Security

Insecure authentication is a primary cause of cyber breaches and cumbersome login methods take an unacceptable toll on employees and business productivity, according to a new report.

The 2023 State of Passwordless Security Report, released by HYPR and Vanson Bourne, shows that 60 percent of organizations have reported authentication breaches over the last 12 months and that three out of the top four attack vectors are connected to authentication.

Continue reading →

Of businesses with between 21 and 100 protected endpoints, only five percent encountered a malware infection in 2022. For smaller firms with one to 20 endpoints, the rate is 6.4 percent, but as companies grow so do infections.

For businesses between 101 and -500 endpoints the rate rises to 58.7 percent and over 500 it's 85.8 percent. These findings are from a new report by OpenText Cybersecurity which looks at the latest threats and risks to the small and medium business (SMB) and consumer segments.

Continue reading →

A new report shows that 2022 saw a 569 percent increase in malicious phishing emails and a 478 percent increase in credential phishing-related threat reports published.

The report from Cofense also looks at emails bypassing SEGs and hitting users' inboxes and highlights that delivery methods for carrying out phishing campaigns continue to keep up with the advancement of technology. Cofense has witnessed a continued blending of tactics to make detection and mitigation even more difficult for organizations.

Continue reading →

The latest State of API Security Report from Salt Security shows a 400 percent increase in unique attackers in the last six months.

In addition, around 80 percent of attacks happened over authenticated APIs. Not surprisingly, nearly half (48 percent) of respondents now say that API security has become a C-level discussion within their organization.

Continue reading →

Although more than 70 percent of companies say they have an insider risk management (IRM) program in place, the same companies experienced a year-on-year increase in data loss incidents of 32 percent, according to a new report from Code42 Software.

Based on a survey of 700 cybersecurity leaders, cybersecurity managers and cybersecurity practitioners in the US, conducted by Vanson Bourne, the report shows 71 percent expect data loss from insider events to increase in the next 12 months.

Continue reading →

Even as we move towards passwordless authentication methods, stolen credentials remain a major problem for businesses.

A new report from cyber risk management company Outpost24 highlights the increasing professionalization of the market for stolen credentials thanks to the rise of what are known as 'traffers'.

Continue reading →

The past few years have seen massive growth in the number of SaaS applications used by enterprises, but new research from Spin AI shows that 75 percent of SaaS applications pose a high or medium risk to data stored in either Google Workspace or Microsoft 365.

On average, 35 percent of apps with OAuth permissions to Google Workspace or Microsoft 365 are classified as high risk. For large organizations (with more than 2,000 employees) 56.91 percent of apps pose a high risk.

Continue reading →

In 2022, the education sector experienced a 44 percent increase in cyberattacks. In the UK alone, six in ten higher education institutes reported experiencing ​​​at least ​weekly ​​​attacks or breaches​​​. This increasing number of threats to the sector is causing major disruptions to teaching and even forcing schools and universities to shut down. 

When it comes to prioritizing security and adopting latest technology, the education sector has always lagged behind other major industries. This lack of urgency is party the reason why education is such a vulnerable target. Many schools are still using outdated and unprotected technology that is easy to infiltrate. Despite not being a cash-rich target, these facilities hold a wealth of personal and financial data, which can be used in future attacks or sold on the dark web. 

Continue reading →

Many organizations have come to rely on Zoom as a means of connecting employees and customers in a hybrid environment.

But this comes with challenges when it comes to keeping meetings secure without harming productivity. Identity management platform Okta is launching a new identity verification feature that will authenticate Zoom meeting attendees in End-to-End Encryption (E2EE).

Continue reading →

Historically, security has been treated as something as an afterthought in the IT industry. In more recent years though there has been pressure to introduce 'security by design' to ensure that products are developed with best practices in mind.

We spoke to David Melamed CTO of Jit to find out about integrating security and how security tools can be used by developers not just security professionals.

Continue reading →

In the early days of computing, authentication was simple, but the approach grew in sophistication over time. For example, modern password-based authentication systems like Kerberos don’t actually transmit passwords anymore; they generate an authentication token that is submitted instead.

But even with these enhancements, a username-and-password based approach to authentication still has a key weakness: if someone learns another user’s password, they are indistinguishable from the true user. And although Bill Gates predicted the death of the password nearly 20 years ago, they remain the default method of authentication for a range of services at work and home.

Continue reading →

Following the discovery of serious vulnerabilities in the Snipping Tool app for Windows 11 and Snip & Sketch in Windows 10, Microsoft has released out-of-band updates to plug the security holes.

The flaws are similar to the recently discovered aCropalypse bug affecting Pixel mobiles, making it possible to "uncrop" cropped images and potentially expose sensitive information. Having briefly tested updates with Windows Insiders, Microsoft has now made fixes available to all Windows 10 and Windows 11 users.

Continue reading →

Ignore the hype: Artificial intelligence (AI) can improve your security posture now.

We’ve been waiting for AI to deliver benefits to cybersecurity for a long time. ChatGPT aside, AI has been a hot-and-cold topic for decades, with periods of overhyped promises interspersed with periods of cynical rejection after failure to deliver on all of those promises. No wonder plenty of security leaders are wary. Yet, despite the wariness, AI is helping to improve cybersecurity today and will increasingly provide substantial security benefits -- and challenges.

Continue reading →

The CISA has launched a new security tool designed to help protect various Microsoft cloud services. The open source Untitled Goose Tool is available for both Windows and macOS.

The utility was developed by the US Cybersecurity & Infrastructure Security Agency in conjunction with Sandia National Laboratories. The aim of the tool is to help to detect and respond to malicious activity in Microsoft Azure, Azure Active Directory (AAD) and Microsoft 365 (M365) environments.

Continue reading →

Earlier this week we learned about a worrying security and privacy flaw in Windows 11's Snipping Tool screen capture app. The way the software saves cropped screengrabs means that it is possible to "uncrop" images, potentially exposing sensitive information.

Acting quickly to address the problem, Microsoft has fixed the vulnerability with a new update. There is just one problem -- the update is not available to everyone, leaving unknown numbers of users at risk.

Continue reading →