A team of security researchers at ESET have unearthed a trio of vulnerabilities with Lenovo laptops. More than one hundred different models of laptop are affected, meaning that millions of owners are at risk.

Two of the vulnerabilities (CVE-2021-3971 and CVE-2021-3972) affect UEFI firmware drivers and are extremely worrying because of the potential implications of exploitation. CVE-2021-3970 is a slightly less serious memory corruption problem, but it remains concerning.

Continue reading →

A new report from compliance and risk management firm Kiteworks shows 51 percent of organizations are inadequately protected against third-party security and compliance risks related to sensitive content communications.

It also reveals that most organizations share sensitive content with a long list of third-party entities. Two-thirds do so with more than 1,000 third parties, while one-third have over 2,500.

Continue reading →

A new report from Enterprise Strategy Group (ESG), sponsored by Keepit, shows that granular and air-gapped backup are critical to data recovery when businesses are hit by ransomware.

Of more than 600 respondents to the survey, 79 percent have experienced a ransomware attack within the last year, with 17 percent experiencing attacks weekly and 13 percent daily.

Continue reading →

Millions of dollars are lost to online scams each year and the fraudsters are getting ever more sophisticated in the targeting of their attacks.

Much of today's fraud is executed using information about the consumer's habits and personal details, usually captured in phishing attacks or data breaches. The fact that we’re conducting more of our transactions online as a result of the pandemic has created even more opportunity for fraudsters.

Continue reading →

Traditional rule-based security techniques centered on malware signatures and perimeter protection are increasingly unable to cope with the latest, more sophisticated threats.

Taking a more behavior-based approach to spotting unusual or risky activity offers a solution, but what is required to make it work? We spoke to Sanjay Raja, VP of product marketing and solutions at cybersecurity specialist Gurucul, to find out.

Continue reading →

It's hard not to feel just a little bit sorry for the Russians at the moment. First the Ukrainians keep blowing up their tanks, and now it seems the country has topped the charts in terms of breached accounts from January to March this year.

A study by Surfshark shows that since the start of the invasion of Ukraine in March, 136 percent more Russian accounts have been breached than in February. Ukraine meanwhile appeared in 67 percent fewer breaches than in the quarter before the war.

Continue reading →

Phishing emails that mention holidays are most likely to entice employees to click, according to security awareness training company KnowBe4.

The Q1 2022 top-clicked phishing report finds successful subjects globally include: 'HR: Change in Holiday Schedule', 'St. Patrick's Day: Employee Behavior/Company Policies', and 'Starbucks: Happy Holidays! Have a drink on us'.

Continue reading →

Cyberattacks are something every organization fears. Perhaps those who should be most concerned, and which should scare us most, are the ones that control vital infrastructure -- nuclear power plants (recall Stuxnet in Iran?), banks, telephone carriers, healthcare and power grids. 

Today, security firm Trellix releases its latest report on the current state of affairs in the industry and, as expected, the news isn’t all rainbows and unicorns. 

Continue reading →

A new Risk Insights Index released today by Corvus Insurance reveals that the rate of ransomware claims reached in the final quarter of last year was just half of the peak seen in Q1.

At the same time the average ransom paid was around $167k, 44.2 percent less than the Q3 figure. Fewer ransoms are being paid compared to those demanded too. The percentage for the last quarter of 2021 held steady in the low twenties, down significantly from figures that once were over 50 percent. As recently as Q3 2020, the ratio was 44 percent.

Continue reading →

When the Log4Shell vulnerability first appeared at the end of last year it sent a shockwave through the cybersecurity community.

But just because it's no longer in the headlines doesn't mean it's gone away. There's still a lot that enterprises can learn from the vulnerability and the response to it. We spoke to Maninder Singh, corporate vice president and global head of cybersecurity and GRC services at HCL Technologies, to find out more.

Continue reading →

Windows 11 users have an important update to install. The KB5012592 update takes the operating system up to build 22000.613 and not only includes a number of important security fixes, but also introduces several significant changes.

Like the previously released KB5011563 update, the new KB5012592 update makes it possible to display up to three high-priority toast notifications simultaneously as well as fixing issues with OneDrive. The update also introduces a simpler way to change the default web browser in Windows 11, although it is a change that has been met with disdain from like likes of Mozilla and Vivaldi.

Continue reading →

A new survey finds 83 percent of 1,000 organizations surveyed experienced a certificate-related outage over the last year, with over a quarter (26 percent) saying critical systems were impacted.

The report from identity management firm Venafi shows that digital transformation is driving an average of 42 percent annual growth in the number of machine identities.

Continue reading →

A new survey of more than 1,200 security leaders reveals they've seen an increase in cyberattacks while their teams are facing widening talent gaps.

According to the latest State of Security report from Splunk 65 percent of respondents say they have seen an increase in attempted cyberattacks. In addition, many have been directly impacted by data breaches and costly ransomware attacks, which have left security teams exhausted.

Continue reading →

A new study reveals that 79 percent of cybersecurity professionals think that their organization prioritized maintaining business operations over ensuring robust cybersecurity in the last 12 months.

The CyberArk 2022 Identity Security Threat Landscape Report also points up how the rise of human and machine identities -- often running into the hundreds of thousands per organization -- has driven a build-up of identity-related cybersecurity 'debt', exposing organizations to greater risk.

Continue reading →

Early ransomware campaigns relied on sending out large volumes of emails in so called 'spray-and-pray' attacks.

But a new report released today by Cybereason highlights the rise of sophisticated RansomOps attacks that are allowing ransomware syndicates to reap the benefits of record profits.

Continue reading →