Articles about Security

Nowadays there are apps for almost everything. As users they clutter up our phones and tablets, but they present problems for businesses too, in particular the storing and analysis of the data they create.

Data is often tied to a specific app and each app needs its own copy, so enterprises can end up with lots of copies of the same information leading to issues with control, compliance and more.

Continue reading →

In the past six months, FortiGuard Labs has seen a total of 10,666 ransomware variants, compared to just 5,400 in the previous half year.

In addition ransomware-as-a-service (RaaS), with its popularity on the dark web, continues to fuel an industry of criminals forcing organizations to consider ransomware settlements.

Continue reading →

Only 22 percent of organizations have developed a formal DevSecOps strategy integrating security into software development lifecycle processes, according to a new report.

But the study from Mezmo shows an overwhelming percentage of those that do have a strategy report a positive impact on accelerating incident detection (95 percent) and response (96 percent) efforts.

Continue reading →

A successful cyberattack can have significant costs for a business, in terms of both reputation and finances. But what's the actual cost of an attack? And if you're looking at insurance how much should you be covered for?

To help answer those questions Safe Security is announcing two industry-first assessment tools to empower organizations to make financial decisions based on their actual cyber risk.

Continue reading →

On Monday, hacker group ClOp claimed to have gained access to 5TB of data from UK water supplier Thames Water and said it could change the chemical composition of the company's water supply.

Thames Water denied the reports and said it hadn't faced a cyber attack. Today it emerges that an attack has taken place but on a different company, South Staffordshire plc, the parent company of South Staffs Water and Cambridge Water.

Continue reading →

Monitoring of backups has long been a necessary chore for IT professionals, but a report out today shows that new issues are also impacting the category and creating greater challenges.

The study from Bocada, a company which specializes in the automation of backup reporting and monitoring, is based on a survey of over 260 IT professionals. Varied environments and growing data volumes are revealed as a major concern, with securing data across backup applications the most-cited backup management challenge, followed by protecting growing data volume.

Continue reading →

The IT infrastructure of a modern enterprise is made up of a complex architecture of dynamic networks, cloud deployments, software applications, and endpoint devices.

Each of these has its own set of security controls, which form a critical part of the technology ecosystem, but managing these systems can hinder efficient threat detection and response, which in turn compromises visibility, allowing vulnerabilities and gaps to flourish.

Continue reading →

Verizon recently released its 2022 Data Breach Investigations Report, giving businesses vital insights into the state of cybersecurity around the world. Containing an analysis of over 23,000 incidents and 5,200 confirmed breaches over 15 years, Verizon attributes the number-one motive of cyberattacks to financial gain. Almost four out of five breaches were attributable to organized crime seeking to extort businesses of hefty ransomware sums, backed by insurance pay-out.

Verizon has also estimated that there has been a 13 percent increase in ransomware breaches -- this is more than in the last 5 years combined. Additionally, 82 percent of cyber breaches involved a human element, namely through stolen credentials, phishing, misuse or simply an error.

Continue reading →

There has been a 90 percent increase in the number of healthcare organizations targeted by cyber-attacks, in comparison with the first quarter of 2022.

The latest cyber threat Landscape report from Kroll finds that while phishing continues to be the vector used for initial access, there has been a vast increase in external remote services (such as VPNs and RDP environments) being compromised, up 700 percent.

Continue reading →

As more and more devices that we might not conventionally think of as 'IT' become connected, the risks to enterprises increase.

To address this concern Claroty is launching xDome, a new cloud-based industrial cybersecurity platform that drives cyber and operational resilience for modern industrial businesses.

Continue reading →

New research from Accenture shows that data stolen in ransomware and other cyberattacks is being weaponized in order to carry out business email compromise (BEC) attacks.

Underground forums have sets of credentials for sale for as little as $10 that provide access to genuine corporate email accounts, making malicious emails seem genuine.

Continue reading →

Office macros have long been a favorite attack method for cybercriminals but now that Microsoft has started blocking them by default the bad guys have started to turn to other methods.

A new report from HP Wolf Security shows a shift to shortcut (LNK) files being used to deliver malware. Attackers often place shortcut files in ZIP email attachments, to help them evade email scanners.

Continue reading →

With more people working remotely, messaging and email have become even more essential tools, but the sharing of sensitive data via these routes also presents risks.

Concentric AI is using this week's Black Hat USA to launch an AI-based solution that protects sensitive data shared as text or attachments across today’s most popular business messaging platforms, including email, Slack, and Microsoft Teams.

Continue reading →

The US Cybersecurity and Infrastructure Security Agency has issued a warning about a security issue with the UnRAR tool for Linux-based systems.

The vulnerability is being tracked as CVE-2022-30333, and if successfully exploited, the flaw could allow an attacker to use the process of unpacking an archive to write data to an area of storage.

Continue reading →

In the second quarter of this year malware events increased over 25 percent, botnets doubled and exploit activity grew by nearly 150 percent, according to a new report.

The report from managed security services provider Nuspire, based on threat intelligence analyzed from Nuspire's trillion traffic logs from client sites and associated with thousands of devices from around the world, shows a substantial increase in botnet activity near the end of Q2, attributed to Torpig Mebroot botnet, a banking trojan designed to scrape and collect credit card and payment information from infected devices.

Continue reading →