Articles about Security

Every year, thousands of code vulnerabilities are discovered, patched and publicly disclosed to improve security for current and potential users.

But many of these vulnerabilities share common features, so what can developers do to write better code that prevents vulnerabilities from entering their apps and services in the first place? We talked to Johannes Dahse, head of R&D at clean code specialist SonarSource, to find out. 

Continue reading →

Phishing is one of the most common methods of launching a cyberattack, yet new research from Red Sift shows that only a small percentage of publicly traded companies have fully adopted the latest email standards that could protect them and their customers.

DMARC (Domain-based Message Authentication, Reporting and Conformance) and BIMI (Brand Indicators for Message Identification) help prevent spoofing and allow businesses to display their logo on authenticated emails.

Continue reading →

Revenue loss from bot-driven account fraud and web scraping continues to increase according to a new report, with 69 percent of companies that have a bot management solution report losing more than six percent of their revenue due to account fraud this year.

Account fraud includes account takeovers and new account fraud, where fraudsters create fake accounts to gain access to loyalty programs and take advantage of promotional discounts.

Continue reading →

A new study of 3,000 individuals across the US, UK and Canada finds that although 58 percent of tech users that had access to cybersecurity training or education say they are better at recognizing phishing messages and related attacks, 34 percent still fell victim to at least one type of cybercrime.

The research from The National Cybersecurity Alliance and CybSafe shows that of more than 1,700 incidents of cybercrime that were disclosed by participants, 36 percent were phishing attacks that led to a loss of money or data, while 24 percent report falling victim to identity theft.

Continue reading →

According to a new report 81 percent of organizations have experienced a cloud-related security incident over the last 12 months, with almost half (45 percent) suffering at least four incidents.

The findings, from machine identity management specialist Venafi, reveal that the underlying issue for these security incidents is a dramatic increase in security and operational complexity connected with cloud deployments.

Continue reading →

According to a new report from Sysdig, the unified container and cloud security company, it costs $430,000 in cloud bills for an attacker to generate $8,100 in cryptocurrency revenue. This works out at a $53 cost to the victim for every $1 the cryptojacker makes.

The report takes an extensive look at TeamTNT, a notorious cloud-targeting threat actor that generates the majority of its criminal profits through cryptojacking. TeamTNT is best known for its crypto‐jacking worm activity, which began in 2019, exploiting vulnerable instances of popular key‐value store Redis.

Continue reading →

US companies are the most affected by ransomware, with 46 percent of all ransomware attacks happening there, according to new research by cybersecurity company NordLocker.

But just who is being targeted? The research finds that out of 18 industries identified, construction accounts for 12 percent of all attacks. Next most likely to be hit are manufacturing (9.6 percent), transportation (8.2 percent), healthcare (7.8 percent), and tech/IT (7.6 percent).

Continue reading →

Cybercriminals have become more adept at bypassing defenses with new DDoS attack vectors and successful methodologies, according to the latest DDoS Threat Intelligence Report from NETSCOUT.

The report is based on intelligence on attacks occurring in over 190 countries, 550 industries, and 50,000 autonomous system numbers (ASNs). It finds there were over six million DDoS attacks in first half of 2022, with TCP-based flood attacks (SYN, ACK, RST) still the most used attack vector, accounting for around 46 percent.

Continue reading →

Nearly eight out of ten (79 percent) of UK and Irish IT decision makers and professionals say there are gaps between their data dependency, backup frequency, SLAs and ability to get back to productive business.

The results of the Data protection Trends Report from Veeam Software also show that 76 percent of respondents admit falling prey to at least one ransomware attack in the past year, with 65 percent now using cloud services as part of their data protection strategy to increase resiliency.

Continue reading →

While software-based password managers are incredibly popular these days, it is still terrifyingly common to find that people store passwords on sticky notes attached to their monitor. A slightly more up to date means of recording passwords is to type them into a text document, and this is something Microsoft is seeking to discourage with the latest update to Windows 11.

With Window 11 2022 Update, the company added a new enhanced phishing protection feature of Microsoft Defender Smartscreen. This security feature can, among other things, issue a warning if it detects that you are entering one of your passwords into a document or, for that matter, a potentially insecure website. The feature is not enabled by default, so here's how to bolster your security.

Continue reading →

In late August, the UK government introduced new cybersecurity rules aimed at protecting telecommunication networks against cyber attacks. The rules, which allow the government to boost the security standards of the UK’s mobile and broadband networks, come at a time when attacks on critical infrastructure are becoming more frequent and more dangerous.

Earlier this year, for example, Costa Rica was thrown into crisis after a ransomware attack affected 30 government institutions, including critical ministries and its social security fund. The group behind the attack, known as Conti, threatened to overthrow the government unless the US$10 million ransom was paid. With the help of international partners -- including the United States, Israel, Spain, and Microsoft -- it was able to get all its systems back online, but it took weeks. Montenegro, meanwhile, also saw critical digital infrastructure crippled following a cyber attack blamed on state-sponsored actors. The attack effectively sent some government departments back to the analogue era and was still being wrestled with more than three weeks after it was first detected.    

Continue reading →

Almost half of respondents to a new survey say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. 46 percent are relying on primary backup and recovery infrastructure that was designed in, or before, 2010.

The study commissioned by Cohesity from Censuswide also finds 62 percent expressed some level of concern over whether their IT and security teams would be able to mobilize efficiently to respond to an attack.

Continue reading →

We've already seen that cyberattacks have played a role in the war in Ukraine. But what about the prospect of more widespread cyber warfare. Could Ukraine be just a testing ground?

Education advice site Security Degree Hub has produced an infographic looking at the prospects of a cyber war and what it might look like.

Continue reading →

With the decline of the traditional enterprise network perimeter, more and more organizations are turning to a zero trust approach to securing their systems.

This not only reduces the attack surface, it ensures that if an attack does succeed it's much less likely to spread laterally within the network. We talked to Tim Silverline, VP of security at network automation specialist Gluware, to find out more about what implementing zero trust means.

Continue reading →

The desire for software supply chain integrity and transparency has left many organizations struggling to build in software security measures like signatures, provenance, and SBOMs to legacy systems and existing Linux distributions.

This has prompted Chainguard to produce Wolfi, a new Linux '(un)distribution' and build toolchain, that's been designed from the ground up to produce container images that meet the requirements of a secure software supply chain.

Continue reading →