Some form of cybersecurity awareness training has been implemented in 97 percent of enterprises this year, according to a new survey of 1,900 security professionals from ThriveDX.

However, only 42 percent report involving their employees in security detection with the use of such measures as a Phishing Incident Button, while 65 percent agree that their training program needs expansion.

Continue reading →

A new study reveals that 47 percent of educational institutions have suffered a cyberattack on their cloud infrastructure within the last 12 months.

The research from Netwrix shows that for 27 percent of these incidents in the cloud were associated with unplanned expenses being incurred to fix security gaps.

Continue reading →

New data unveiled by the Atlas VPN team shows that cloud servers are now the number one way in for cyberattacks on businesses, with 41 percent of companies reporting them as the first point of entry.

The data, based on the Cyber Readiness Report 2022 by insurer Hiscox, also shows a 10 percent increase in cloud server attacks over the year before.

Continue reading →

Samsung has revealed limited details of a security incident that took place earlier in the year, exposing the personal data of customers in the US.

The technology giant says that the data breach took place back in July when "an unauthorized third party acquired information from some of Samsung's US systems". No details about who may have been responsible have been released, and Samsung has issued a warning for customers to exercise caution.

Continue reading →

Whether you are running Windows, macOS or a Linux distro, if you're a Chrome user there is an extremely important update to install right now.

Google has released Chrome 105.0.5195.102 for all three platforms to address the vulnerability which is tracked as CVE-2022-3075. The security flaw, which relates to data validation in the Mojo runtime libraries, is known to have been exploited in the wild, so users are advised to actively seek out the update rather than waiting for Google to roll it out to everyone.

Continue reading →

A record 59.1 million tonnes (53.6 million tons) of e-waste was generated by homes and businesses in 2019, but only 17.4 percent of it was correctly recycled, the rest ending up in landfill or other disposal routes.

With the amount of e-waste expected to grow further, it's still the case that many people simply don't know where or how to properly recycle their obsolete devices.

Continue reading →

A new study from Symantec's Threat Hunter team looks at how upstream supply chain issues can make their way into mobile apps, making them vulnerable.

Issues identified include mobile app developers unknowingly using vulnerable external software libraries and SDKs, as well as companies outsourcing the development of their mobile apps then ending up with vulnerabilities that put them at risk.

Continue reading →

Thousands of Android apps have hard-coded secrets which means that a malicious actor -- and not necessarily a very skilled one -- could gain access to API keys, Google Storage buckets and unprotected databases and more.

Research from Cybernews shows that over half of 30,000 investigated apps are leaking secrets that could have huge repercussions for both app developers and their customers.

Continue reading →

A new study of SaaS usage among enterprises across the US, UK and Europe shows 74 percent report more than half of their applications are now SaaS-based, and 66 percent are spending more on SaaS applications today than a year ago.

The study by cybersecurity asset management company Axonius shows the increase in SaaS applications has resulted in more complexity and increased security risk in 66 percent of organizations, but 60 percent rank SaaS security fourth or lower on their list of current security priorities, and only 34 percent say they're worried about the costs associated with rising SaaS-based app usage.

Continue reading →

According to a recent IBM report the average cost of a data breach is now $4.35 million. If enterprises don't take steps to protect personal data effectively they risk losing not just money but also the trust of their customers.

We spoke to Saswata Basu, founder and CEO of 0Chain, to discuss how decentralized storage can help to address the problem.

Continue reading →

Google is not alone in offering so-called bug bounty programs which give financial incentives to contributors to track down vulnerabilities and security issues in its software. Now the company has launched a new initiative called the Open Source Software Vulnerability Rewards Program (OSS VRP).

As the name suggests, this new program focuses on Google's open source projects. The company is offering rewards of between $100 and $31,337, depending on the severity of the vulnerability.

Continue reading →

Your friends may not be willing to tell you that you're looking older, but facial recognition systems have no such reservations.

Face-recognition algorithms might struggle to identify you as the same person after just five years, according to the New Scientist.

Continue reading →

Earlier this month, messaging service Twilio suffered a serious data breach following a "sophisticated social engineering attack". After using phishing attacks on company employees, hackers were able to access user data, but it seems that the impact of the hack was more widespread.

Twilio has now revealed that the attackers also compromised the accounts of some users of Authy, its two-factor authentication (2FA) app. Although the number of users affected by the breach is relatively small, the implications are very serious and will dent confidence in the company.

Continue reading →

Application security is becoming mainstream, and that's a good thing as it means that security testing is becoming an embedded aspect of the software development life cycle (SDLC). It also means that automated security testing tools are becoming faster, more sophisticated, and better integrated, so they're less likely to slow down developers or burden them with too many trivial findings or false positives.

But as good and necessary as AppSec testing tools are, it's not nearly enough simply to buy them and run them -- you need to buy the right ones and configure them correctly so that they help build security into your SDLC without bogging it down. It's important to implement a security strategy and a plan. It’s also important to employ developers with the skills to build trust into your software -- a concept known as 'holistic AppSec'.

Continue reading →

When an organization migrates its IT systems to the cloud -- and builds new applications in the cloud -- it relieves its security team of the responsibility of building and maintaining physical IT infrastructure. The shared security model of cloud dictates that cloud service providers (CSPs) such as Amazon Web Services (AWS), Google Cloud, and Microsoft Azure are responsible for the security of the physical infrastructure. Their customers are responsible for the secure use of cloud resources.

But embracing the cloud for building and managing new applications means security teams cannot deploy the traditional security technologies and processes they’ve long relied on to thwart cyberattacks. Cloud computing represents a paradigm shift in their roles and responsibilities and their approach to protecting sensitive data against falling into the wrong hands.

Continue reading →