Articles about Security

The past holiday season saw an unusually high level of malicious bot activity in the retail and commerce industries according to new data from Akamai and RH-ISAC (Retail and Hospitality Information Sharing and Analysis Center).

Attacks included credential stuffing and account takeover (ATO) attacks unleashed by malicious bot operators, as well as Log4j exploitation attempts and web application firewall (WAF) assaults, all of which have been about bad actors setting their sights and pointing their tools at eCommerce players.

Continue reading →

Many data breaches have unmanaged, misconfigured or exposed identity details at their core. Yet despite this, businesses continue to lack visibility into their identity risk.

A new study from Illusive reveals as many as one in six enterprise endpoints it analyzed had some form of identity risk.

Continue reading →

Windows users are familiar with Microsoft Defender running on their computers offering local protection, but there is also a cloud-based version of the security tool. Microsoft Defender for Cloud is the result of the unification of Azure Security Center and Azure Defender.

Having already added support for Amazon Web Services (AWS), Microsoft has now added protection for Google Cloud Platform. The latest addition comes as Microsoft recognizes the fact that 92 percent of organizations now embrace a multi-cloud strategy.

Continue reading →

The use of electronic signatures has become commonplace for many business transactions, cutting out the need for face-to-face meetings and couriering documents.

This though makes the signing process an attractive target for cybercriminals. Researchers at Armorblox have uncovered a sophisticated credential phishing attack impersonating e-signature leader DocuSign.

Continue reading →

Ransomware itself is bad enough, but 83 percent of successful ransomware attacks now include alternative extortion methods according to a survey by machine identity company Venafi.

Popular techniques include using the stolen data to extort customers (38 percent), exposing data on the dark web (35 percent), and informing customers that their data has been stolen (32 percent).

Continue reading →

A new survey reveals that 80 percent of companies have experienced a ransomware attack, despite spending an average of $6 million annually on ransomware mitigation.

The study, from cyber advisory and solutions firm CBI, based on research by the Ponemon Institute and co-sponsored by Check Point, finds Companies are spending $170,000 per ransomware incident on staffing alone, with an average of 14 staff members each spending 190 hours on containment and remediation activities.

Continue reading →

The number of major data leak incidents as a result of exposed credentials rose by 50 percent in 2021 according to a new report.

The 2021 industry report from CybelAngel finds data leaks are the most common digital risk faced by enterprise customers, with leaks overall showing a 63 percent year-on-year growth.

Continue reading →

One of the more significant good news security stories of last year was the culmination of an international effort in January to take down the Emotet botnet.

Sadly it seems that you can't keep a bad botnet down for long. The latest Q4 and Year in Review Threat Report from Nuspire shows Emotet bouncing back, with steadily increasing levels of activity throughout December.

Continue reading →

APIs power many of today's digital experiences, connecting consumers to businesses and businesses to one another while enabling cross-platform services.

But as APIs spread so do the risks, they have quickly become the attack vector of choice for threat actors who exploit insecure APIs for malicious purposes. A new report from ThreatX takes a detailed look at how API use impacts on consumers.

Continue reading →

New research from Hornetsecurity finds that 40 percent of all inbound emails pose a potential threat, including spam, phishing and advanced threats such as CEO fraud and any type of malware.

Phishing, malicious links, and ransomware are among the most popular attack tactics used by hackers with brand impersonation being especially popular.

Continue reading →

Security researchers have managed to use the encryption algorithm used by the Hive ransomware to determine the master key needed to decrypt files for free.

Ordinarily, victims of a Hive ransomware attack would have to pay up to receive their individual decryption key. But a team of researchers from the Department of Financial Information Security, at Korea's Kookmin University, have been able to calculate the master key. This has then been used in what is believed to be the "first successful attempt at decrypting Hive ransomware"

Continue reading →

Cloud is an enabler of productivity and provides the infrastructure which supports modern distributed workforces. But it also poses a serious security risk to businesses that are unprepared to cope with modern threats. Figures from 451 Research show that 40 percent of organizations have experienced a cloud-based data breach in the past 12 months.

Organizations are spending millions on firewalls, endpoint protection and other security measures. What these organizations are missing, however, is visibility and control of security policies that govern 'what can talk to what' and 'who can talk to who' across the entire organizational infrastructure, including on-premise, cloud-native, and hybrid cloud. This creates security blind spots and misconfigurations.

Continue reading →

Data breaches not only lead to a loss of reputation and drive customers elsewhere, they also have a significant financial cost.

A new study from Surfshark applies IBM's 'Cost of a Data Breach' calculations to the largest data breaches of the last two years in order to find the estimated cost of some of the biggest data breaches.

Continue reading →

Whether Linux distributions are more secure than Windows or macOS is the source of on-going debate, but Google's Project Zero has some interesting findings relating to the patching of security holes.

The security research program at Google has published information relating to security flaws found in software over the course of two years. Between January 2019 and December 2021 the Project Zero team found that Linux developers addresses problems far faster than Apple, Microsoft or Google itself.

Continue reading →

Patching is an essential part of keeping systems secure and it has been for almost as long as computers have existed.

Why then is it something that many organizations still seem to struggle with? We talked to Tom Bridge, principal product manager at JumpCloud to find out and to learn how companies can get to grips with patch management.

Continue reading →