Articles about Security

Without training, 21 percent of the workforce don't not know who to go to when faced with a cybersecurity threat.

A new report from security awareness training platform KnowBe4 shows that annual security training reduces that percentage to 17 percent.

Continue reading →

New data reveals a significant increase in activities to secure open source components and integrate security into developer toolchains in order to protect the software supply chain.

The 13th edition of the Building Security In Maturity Model (BSIMM) report from Synopsys analyzes the software security practices of 130 organizations -- including Adobe, PayPal and Lenovo -- in their efforts to secure more than 145,000 applications built and maintained by nearly 410,000 developers.

Continue reading →

Major cyberattacks invariably make the headlines, but it seems that rather than take a proactive approach, many CISOs wait for a new threat to emerge before protecting their business. They simply hope they won't be caught up in the first wave of a new attack.

Dave Mitchell, CTO of cybersecurity investigation specialist HYAS Infosec, believes there is a better approach, one that detects threats by monitoring the communications that form the foundations of internet architecture. We recently talked to him to learn more.

Continue reading →

Identity fraud is on the rise, with cybercriminals employing increasingly sophisticated techniques including realistic 2D/3D masks and deploying display attacks (e.g. showing a picture of a person on a screen) to try to spoof biometric verification systems.

Identity verification specialist Onfido is launching a new 'biometric liveness solution' called Motion which is aimed at increasing verification speed and ensuring that it’s seeing a real person.

Continue reading →

A new study from Deloitte shows 50.2 percent of professionals at organizations considering quantum computing benefits believe that their organizations are at risk from 'harvest now, decrypt later' (HNDL) cybersecurity attacks.

In HNDL attacks, threat actors harvest data from unsuspecting organizations, anticipating that data can be decrypted later when quantum computing gets sufficiently mature to render some existing cryptographic algorithms obsolete.

Continue reading →

Despite increased spending on cybersecurity, a new report reveals that 90 percent of organizations were affected by ransomware in some way over the past 12 months, up from last year's 72.5 percent.

The study from SpyCloud shows that security efforts are being stepped up, the number of organizations that have implemented or plan to implement multi-factor authentication jumped 71 percent, from 56 percent the previous year to 96 percent. Monitoring for compromised employee credentials also increased from 44 percent to 73 percent.

Continue reading →

Fintech firm Revolut has been hit by a cyberattack that resulted in personal data of tens of thousands of users being exposed.

Described as a "highly targeted" attack -- although it is not clear who was targeted or why -- the security incident took place on the night of September 11. The attack gave an unauthorized third-party access to a range of data including postal and email addresses, account information, and phone numbers.

Continue reading →

Privacy and security are something that all browser manufacturers like to brag about in relation to their products, with Google and Microsoft being no different to others in this regard. But if you are making use of the Enhanced Spellcheck in Chrome or Microsoft Editor in Edge, some highly sensitive information can be sent to the two software giants.

In addition to passwords, we are talking about personal information entered into online forms such as your social security number, date of birth, username and so on. The worrying discovery was made by security researchers from JavaScript security firm otto-js who warn that this is something that will be of particular concern to enterprise users.

Continue reading →

Last month, LastPass suffered a cyberattack and the company shared some details about what had happened shortly afterwards. Now, having conducted further investigations, more information has been revealed including the fact that the attacker had access to the LastPass development environment for four days.

The company concedes that it is not clear how the attacker was able to gain access but says: "the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication". LastPass has also revealed the impact of the four-day security incident in the name of providing "transparency and peace-of-mind to [its] consumer and business communities".

Continue reading →

Three quarters of C-suite executives responding to a new survey say that compliance challenges and security challenges limit their company's ability to innovate.

The study from software delivery platform CloudBees also shows executives overwhelmingly favor a shift left approach, a strategy of moving software testing and evaluation to earlier in the development lifecycle, placing the burden of compliance on development teams.

Continue reading →

Over three-quarters (76 percent) of respondents in a new survey have suffered an API security incident in the last 12 months, primarily caused by dormant/zombie APIs, authorization vulnerabilities, and web application firewalls.

The research from Noname Security also shows that 74 percent of cybersecurity professionals don’t have a complete API inventory or know which APIs return sensitive data.

Continue reading →

Researchers from cybersecurity firm Vectra have issued a warning that Microsoft Teams stores authentication tokens in an unprotected form that could easily be abused by hackers.

The desktop apps for Windows, macOS and Linux all store authentication tokens in cleartext, and this can be used by an attacker to steal an identity and log into accounts. This is clearly worrying, but what is more concerning is Microsoft's reaction; the company says that the issue does not require "immediate servicing".

Continue reading →

Uber is working with law enforcement after it became the latest company to fall victim to a cyber attack. Hackers were able to breach its internal systems and gain access to a range of data including emails, vulnerability reports, its HackerOne bug bounty program and more.

The attackers were also able to access Uber's Slack server, going as far as posting messaging to it. At the moment, it is not clear whether customer data has been exposed in the attack which seems to have come as the result of extracting passwords from an employee via social engineering.

Continue reading →

A new report from 1Password reveals that 43 percent of employees admit to risky online behaviors such as sharing logins, offloading tasks to others, or even abandoning certain tasks altogether to circumvent complicated login procedures.

Having to remember multiple logins heightens stress levels and strains mental health according to 41 percent of respondents. While 37 percent say that the onboarding process at their current job was time-consuming, confusing or challenging when it came to logging into work-related accounts.

Continue reading →

The average US business faces around three successful cyberattacks each year, and while most agree that attacks are set to increase, 32 percent still lack a management platform for IT secrets, like API keys, database passwords and privileged credentials, posing a significant risk to organizational security.

A new US Cybersecurity Census Report from Keeper Security shows most organizations think they're prepared to fend off cyberattacks, with 64 percent of respondents rating their preparedness at least an eight on a 10-point scale and 28 percent rating themselves as a 10/10.

Continue reading →