Security

Enterprises are able to put considerable resources into securing their networks, which has led hackers to target executives via their personal accounts on social media and elsewhere outside the organization.

A survey by Influential Executive shows that in 2020, 94 percent of Fortune 500 CEOs were on LinkedIn and 62 percent on Facebook, YouTube, or Twitter, up from 39 percent five years before.

The NewProfilePic app has been taking Facebook by storm in recent days, allowing users to upload a photograph and have it turned into a piece of digital artwork.

However, it's sparked concern in the cybersecurity community because it collects data and sends it to Russia. Linerock Investments, the company behind the app, is based in Moscow alongside Russia's defense ministry.

Several older botnets have seen a resurgence in activity in the first quarter of 2022, including Mirai, STRRAT and Emotet, according to the latest threat report from Nuspire.

Mirai, known for co-opting IoT devices to launch DDoS attacks and first seen in 2016, showed a spike in activity in February of this year. This corresponded with the discovery of Spring4Shell, a zero-day attack on popular Java web application framework, Spring Core. The attack allows for unauthenticated remote code execution, and data show Mirai exploited this vulnerability to its botnet.

A new report has identified over 687 million exposed credentials and PII tied to Fortune 1000 employees, a 26 percent increase over last year's analysis.

The study from SpyCloud, based on its database of over 200 billion recaptured assets, also shows a 64 percent password reuse rate, widespread use of easy-to-guess passwords, and a spike in malware-infected devices.

The war in Ukraine has highlighted the role that the cyber world has to play in modern conflict and a new survey from NordVPN finds that 93 percent of Americans believe that another country could launch cyberwarfare against the US.

What's more, of over 1,000 consumers surveyed only 19 percent feel 100 percent confident in the government's ability to protect them, despite the fact that 70 percent rank the US as the most secure country for cyber war attacks.

With the changes to working patterns brought about by the pandemic and increasing levels of cyberattacks, the role of the Chief Security Officer (CSO) in businesses has become more challenging.

These things have also led to a boost in the status of CSOs within their organizations. We spoke to Chaim Mazal, CISO and SVP of engineering for Apple device management platform Kandji to find out more about how things have changed and how CSOs can make the most of their new influence to drive security strategy.

In recent years, organizations all over the world have been hit by increasingly sophisticated ransomware attacks. For some, the impact is so severe that normal business operations experience major disruption with a knock-on effect on customers and revenue. For others, the impact can last weeks or even months as they seek to restore IT services and access to vital data.

Since the start of last year, for example, organizations across a huge range of sectors -- from oil and gas to food -- have seen their services impacted by ransomware. KP Snacks suffered an incident that brought its supply chain to a halt, with the company unable to process orders and dispatch products. And most recently of all, The Works, a retailer with over 500 stores across the UK, was forced to close some outlets after an employee reportedly fell victim to a phishing email that introduced ransomware to their infrastructure.

A new study commissioned by email security company Cyren from Osterman Research seeks to understand how businesses using Microsoft 365 for email are being impacted by email-borne security threats, such as phishing, business email compromise (BEC), and ransomware attacks.

It shows security team managers are most concerned that current email security solutions do not block serious inbound threats -- particularly ransomware. Fewer than half of organizations surveyed rank their currently deployed email security solutions as effective.

A new study into third-party risk management shows that 45 percent of organizations experienced a third-party security incident in the last year.

But the report from Prevalent also also reveals that eight percent of companies don't have a third-party incident response program in place, while 23 percent take a passive approach to third-party incident response.

GitHub has announced plans that will require call code contributors to enable at least one form of two-factor authentication (2FA) as a security measure.

Although the requirement for the extra protection will not kick in immediately, it is something that developers need to be aware of if they want to continue to use the platform.

I reuse passwords regularly. But, here’s the thing -- I only do so on websites where that doesn’t matter. Sites that I don’t need to revisit regularly, or at all, and which don’t hold any personal information on me. Those passwords tend to be short and easy to guess, and get leaked in breaches all the time. It’s no big deal.

What is a big deal, however, is when one of my carefully curated, long, complicated and never reused passwords gets leaked. And that can, and does, happen. There are a number of ways to find out if your passwords have been compromised, including using HaveIBeenPwned. But for this article I’m going to show you the best and easiest ways to find out what passwords have been leaked. I will warn you now, you may be in for a very nasty surprise.

The death of the password is something that has been predicted for a very long time. But the venerable means of securing our accounts still clings tenaciously to life.

Today's World Password Day is designed to raise awareness of the continued importance of passwords and the need -- where we do still use them -- to change them and to choose strong words that are not easy to hack.

More and more workloads are being shifted to the cloud and a new report from Tigera shows that 75 percent of companies are focusing development on cloud-native applications.

But this increased development and deployment of cloud-native applications also creates the need for more advanced observability and security capabilities.

One of the frequent complaints people make about security software is that it slows the performance of your system.

But how much difference does it really make? Independent testing organization AV-Comparatives has been carrying out some research to find out.

Heitor Tome is the man behind a new tool called Tweakeze which is designed to prevent unwanted changes to your computer.

But he also has a long history as the chief architect and software engineer behind popular cleanup program CCleaner -- indeed for several years he was its sole developer.