Articles about Security

According to a new report 94 percent of companies have experienced security problems in production APIs in the past year, with 20 percent saying the organization suffered a data breach as a result.

The latest State of API Security Report from Salt Security also finds that found that API attack traffic has more than doubled in the past 12 months with a 117 percent increase. In the same period overall API traffic grew 168 percent, highlighting the continued explosion of enterprise API usage.

Continue reading →

The latest OT/IoT security report from Nozomi Networks shows that wiper malware and IoT botnets dominate threats to industrial control systems.

Researchers have observed the robust usage of wiper malware, and seen the emergence of an Industroyer variant, dubbed Industroyer2, developed to misuse the IEC-104 protocol, which is commonly used in industrial environments.

Continue reading →

Microsoft has launched two new security products, bolstering the capabilities of Microsoft Defender. The company says that the aim of the two tools is to help organizations lock down their infrastructure and reduce their overall attack surface.

The tools, Microsoft says, also provide "deeper context into threat actor activity" making it easier to predict malicious activity and secure resources. Microsoft Defender Threat Intelligence works by mapping the internet every day, so that security teams have the data needed to understand current attack techniques, while with Microsoft Defender External Attack Surface Management lets security teams see their system as attackers do.

Continue reading →

A new study reveals that 87 percent of the ransomware found on the dark web can be delivered via malicious macros in order to infect targeted systems.

The research from Venafi, in partnership with criminal intelligence provider, Forensic Pathways, looked at 35 million dark web URLs and forums to uncover a thriving ransomware community with highly damaging macro-enabled strains readily available.

Continue reading →

Phishing is one of the most common forms of cyberattack, fooling people into thinking they're dealing with a trusted organization in order to get them to part with credentials.

But what are the hallmarks of a phishing attack? Atlas VPN has collected some phishy statistics to find out.

Continue reading →

Governments, utilities and other key industries are prime targets for attack including from nation state actors and cybercriminals seeking to extract a ransom.

But David Anteliz, technical director at Skybox, believes that given the increase in tensions across the world threat actors will evolve their tactics with the use of a 'three-headed dragon approach' that goes beyond the probing we have seen so far.

Continue reading →

Securing endpoints used to be a simple matter of installing a firewall and antivirus solution and then keeping them updated.

But as threats have become more sophisticated, networks more complex and working patterns have shifted away from the office, securing and managing endpoints has become a much greater problem for enterprises.

Continue reading →

Despite the fact lateral movement has been a frequent factor in security breaches for years, attackers still use it in the vast majority of cyber-attacks. Moving across cloud and on-premises applications and services -- threat actors escalate their way to often unprotected core technical assets -- dropping ransomware, stealing data, poisoning the supply chain and more.

Organizations must start thinking more broadly and implementing solutions to proactively detect and prevent lateral movement attacks in real-time.

Continue reading →

The latest vulnerability intelligence report from Flashpoint finds that 52 percent of all vulnerabilities reported in the first half of 2022 that were scored 10.0 -- the most severe level -- on CVSS are likely scored incorrectly.

When scoring, CVSSv2 guidelines take a 'score for the worst' approach if details of some of the metrics used are unclear. But the report points out this has resulted in many vulnerabilities being scored a 10.0, even though they are actually less severe, simply due to vendors providing fewer details.

Continue reading →

In the past cybercriminals have tended to shun Linux in favor of more widely used operating systems, but new data indicates that this trend is starting to shift.

Statistics from the Atlas VPN team show new Linux malware reached record numbers in the first half of 2022, with nearly 1.7 million samples being discovered. This puts it in second spot for the number of new samples even though it has only one percent of the OS market (not counting Android).

Continue reading →

The latest quarterly report from NortonLifeLock's global research team, Norton Labs, looks at how cybercriminals are using social media phishing attacks to steal private information.

Based on analysis of a full year of phishing attacks on the top social media platforms, it finds plenty of fake login pages designed to trick victims into inputting their login credentials, but also a diversity and complexity of lures going far beyond that one technique.

Continue reading →

A new survey reveals that 60 percent of respondents believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind (20 percent), treading water (13 percent), or merely running to keep up (27 percent).

The study from privileged access management specialist Delinea also shows that 84 percent of organizations experienced an identity-related security breach in the last 18 months, despite 40 percent of respondents believing they have the right strategy in place.

Continue reading →

One in three employees doesn't understand the importance of cybersecurity at work according to new research from email security company Tessian.

In addition only 39 percent of employees say they're very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams. When asked why, 42 percent of employees say they wouldn't know if they had caused an incident in the first place, and 25 percent say they don't care enough about cybersecurity to mention it.

Continue reading →

Cyber threats are growing in volume and sophistication, but efforts to combat them are being hampered by a shortage of cybersecurity skills.

One way of meeting that shortage is to look at upskilling and retraining within the current workforce. We spoke to Apratim Purakayastha, chief technology officer at Skillsoft, to find out more about how using innovative learning solutions can deliver the skills businesses need.

Continue reading →

The threat landscape facing enterprises is changing constantly. In recent months, major vulnerabilities like Log4j and malware-based threats have demonstrated the need for organizations to move quickly in order to defend themselves.

Is the best way to stay on top of the most pressing threats to harness the power of the global cybersecurity community for defense in a sort of cyber NATO? We talked to SOC Prime CEO Andrii Bezverkhyi to find out.

Continue reading →