Articles about Security

Only 24 percent of respondents to a new survey are fully confident that ex-employees no longer have access to their company's infrastructure, while almost half of organizations are less than 50 percent confident that former employees no longer have access.

The study from Teleport also finds infrastructure is becoming more complex, with organizations using on average 5.7 different tools to manage access policy, making it complicated and time-consuming to completely shut off access.

Continue reading →

New research into hundreds of insider threat investigations released by DTEX shows that 12 percent of employees take sensitive intellectual property with them when they leave an organization.

The DTEX i3 (Insider Intelligence and Investigations) team has produced an infographic of the results of the research.

Continue reading →

API security is a major challenge for IT teams, traditional solutions are often fragmented, leading to the need for multiple products and added complexity and cost.

Israeli cybersecurity startup Wib is launching a holistic API security platform to bring complete visibility and control across the entire API ecosystem from code right through to production.

Continue reading →

Cloud technology has been gaining momentum in the last couple of years.

It threw a lifeline to companies by making remote work at the start of the crisis possible, enabled scaling for a reduced cost, and made information that much more accessible. However, all of these benefits also come with security risks for organizations that haven’t adequately protected their new infrastructure.

Continue reading →

Financial fraud email attacks are increasing year-on-year at 73 percent, with 44 percent of these representing sophisticated, targeted attacks such as wire, invoice, or vendor fraud, according to a new report from Armorblox.

The research has uncovered two vendor fraud attacks targeting approximately 4,000 inboxes each. In these the attackers used 'Look-alike Domain' attack techniques to bypass Microsoft Office 365 email security and impersonate trusted vendors with emails that looked like legitimate requests for payments.

Continue reading →

Automated threats, ranging from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and DDoS attacks, are a persistent challenge for the eCommerce industry, according to a new report.

Cybersecurity company Imperva has conducted a 12-month analysis of threats targeting the retail industry. A continued barrage of attacks on retailers’ websites, applications, and APIs throughout the year and during peak holiday shopping times is a continued business risk for the retail industry.

Continue reading →

A Freedom of Information request by identity verification company ID-Pal reveals that complaints to the Financial Ombudsman Service in the UK regarding identity fraud soared over the COVID-19 pandemic, finishing 2020 at 44 percent higher than 2019.

Even as the pandemic came to an end numbers in 2021 were still over 18 percent higher than pre-pandemic levels in 2019. Figures so far this year suggest that if identity fraud continues at the same pace, 2022 will see a 10 percent increase in complaints compared to 2021.

Continue reading →

Privileged data and credentials are prime targets for attackers. Protecting this information is a challenge, particularly as systems have moved to the cloud and networks have become more diverse.

Larger organizations have often turned to things like privileged access workstations, but that means that access can only be made from a limited number of machines. HP Wolf Security has launched a new Sure Access Enterprise (SAE) product to protect users with rights to access sensitive data, systems, and applications but allow them to use a normal endpoint.

Continue reading →

Around the world governments are increasingly keen on introducing digital identity systems for their citizens. These are seen as a secure way for people to access government and other services as these move online.

We spoke with Philipp Pointner, chief of digital identity at Jumio, to find out more about digital ID and its implications for security and privacy.

Continue reading →

Dropbox has revealed details of a phishing attack to which it fell victim. In the attack, a threat actor was able to steal code from the company after gathering employee credentials to GitHub repositories.

The security breach took place in the middle of last month, with GitHub notifying Dropbox of suspicious account activity on October 14. The cloud storage company says that the code that was accessed "contained some credentials -- primarily, API keys -- used by Dropbox developers" but insists that "no one's content, passwords, or payment information was accessed", and that its core apps and infrastructure were unaffected.

Continue reading →

As global problems spill over into the digital realm and hybrid working has taken hold, businesses are increasingly looking beyond the password in order to secure accounts.

The latest Trusted Access Report from Cisco company Duo shows a 50 percent increase in the percentage of accounts allowing WebAuthn passwordless authentication and a fivefold increase in WebAuthn usage since April 2019.

Continue reading →

Why do people try to circumvent security controls -- for example to access an unapproved SaaS application or cloud service?

New research from Nudge Security suggests it may simply be down to poor user experience of the security process. "We now have evidence to suggest that improving the employee experience of security can actually lead to better security outcomes," says Russell Spitler, CEO and co-founder of Nudge Security.

Continue reading →

Enterprises investing ample time and money in secure email gateways are still seeing fraudulent messages being delivered to their users’ inboxes undetected. In fact, phishing attacks are the origin of most breaches today.

Many organizations have therefore turned towards user security awareness programs; training staff to recognize and avoid the threats that make it into their inboxes. Why then, despite these efforts, have the number of breaches originating from phishing attacks grown every year since 2017?

Continue reading →

It's safe to say that Hollywood and pop culture have not always been kind to the tech and cybersecurity industry.

Throughout the years, movies and TV shows have established a stereotype of how IT and security experts should look, with one of the biggest stereotypes being the representation of a hacker.

Continue reading →

Ransomware actors have been forming affiliate gangs and using new tactics in order to lure additional victims, according to a new report.

The latest 2022 Bi-Annual Cyber Threat Report from Deep Instinct reveals changes in the world of ransomware gangs, including LockBit, Hive, BlackCat, and Conti.

Continue reading →