Articles about Security

Worried about becoming a victim of cybercrime? A new study from Surfshark reveals the places where your fears are most likely to be justifed, the countries where cybercrime density -- the number of attacks per million of population -- is highest.

The UK tops the list with 3,409 victims per million internet users, almost twice as many as the US (1,724 per million). The number of victims in the UK also grew by 130 percent compared to 2019, which is the second-highest year-on-year growth worldwide after South Africa which faced the sharpest rise of 277 percent.

Continue reading →

Cloud take up is showing no signs of slowing down, with 97 percent of IT leaders in a new survey saying that their strategy includes the expansion of cloud deployments, however, 63 percent say that cyberthreats are the main obstacle to their cloud plans.

The study, from cloud security company Confluera, looks at how IT leaders detect, evaluate, and act against cybersecurity threats in today's cloud environment.

Continue reading →

Revenue generated by cybersecurity firms in the UK rose by 14 percent to £10.1 billion ($13.7 billion) last year according to the latest Annual Cyber Sector Report from the Department for Culture Media and Sport (DCMS).

The report, which tracks the growth and performance of the UK's cyber security industry, reveals the sector contributed around £5.3 billion to the UK economy in 2021, rising by a third on the previous year from £4 billion -- the largest increase since the report began in 2018.

Continue reading →

Over a quarter of businesses (28 percent) have critical vulnerabilities that could easily be exploited by cyberattack.

But even when these vulnerabilities are flagged by penetration testing, they are still being left unaddressed.

Continue reading →

The final quarter of 2021 saw a 356 percent growth in the number of attacks where the infection vectors were CVE or zero day vulnerabilities compared to Q3.

The latest Threat Landscape report from Kroll shows CVE/zero day exploitation accounted for 26.9 percent of initial access cases over the period, indicating that attackers are becoming more adept at exploiting vulnerabilities, in some cases leveraging them on the same day that the proof-of-concept exploit appears.

Continue reading →

Digital supply chain breaches are becoming more common, as supply chains increase in complexity so the attack surface grows and even smaller businesses can have complex webs of connections.

But how do supply chain breaches impact businesses? And what can they do to cut the risk? We spoke to Jeremy Hendy, CEO of digital risk protection specialist Skurio, to find out.

Continue reading →

New research from multi-factor authentication specialist Beyond Identity finds that 83 percent of employees admit to maintaining continued access to accounts from a previous employer.

More worrying is that over half of these employees (56 percent) say they have used this continued digital access with the specific intent of harming their former employer. This figure jumps to 70 percent among those who had been dismissed.

Continue reading →

The Internet Society (ISOC) is one of the oldest and most important international non-profit organizations related to the internet, but that doesn't make it immune to problems and it's revealed today that ISOC members' details have been exposed in a data security breach

Independent cybersecurity researcher Bob Diachenko, in collaboration with cybersecurity company Clario, discovered an open and unprotected Microsoft Azure blob repository containing millions of files with personal and login details of ISOC members.

Continue reading →

The 2021 threat landscape has become more crowded as new adversaries emerge according to the 2022 Global Threat Report released today by CrowdStrike.

CrowdStrike Intelligence is now tracking more than 170 adversaries in total with 21 added last year. Financially motivated eCrime activity continues to dominate with intrusions attributed to eCrime accounting for 49 percent of all observed activity.

Continue reading →

Risk Based Security (RBS) has today released its 2021 Year End Vulnerability QuickView Report showing that a total of 28,695 vulnerabilities were disclosed last year.

This the highest number recorded to date. Now that the vulnerability disclosure landscape has moved past the COVID-19 pandemic, RBS predicts that the number of vulnerabilities disclosed will continue to rise year-on-year in future.

Continue reading →

The timeliness of security checks during the software testing process is critical to more rapid and higher quality software development and yielding higher returns. Yet DevOps and security have historically struggled to integrate in the software development life cycle (SDLC). According to a Gartner study, through 2022, 90 percent  of software development projects plan to follow DevSecOps practices, up from 40 percent  in 2019.

With the increased risks of cyberattacks and pressure on DevOps teams to deliver software to faster timelines, the risks and consequences associated with flawed code and faulty infrastructure configurations cannot afford to be missed in the early development stages. So the pros of uniting these teams is clear, but the cons remain costly and their discord could hold organizations back by making software deployment faster but in doing so releasing security vulnerabilities.

Continue reading →

In theory, the fact that Google Chrome can warn you if any of your saved passwords have been involved in breaches is a good thing. In theory. In practice, it can be a different story. There may be a very good reason for no wanting to change a particular saved password, rendering warnings nothing more than irritating.

You could, of course, disable password warnings completely, but this is clearly something of a security risk. But if an experimental setting Google is working on in Chrome makes its way to the release version of the browser, you could soon have finer-grained control over password warnings -- meaning that you could stop Chrome pestering you about passwords you won't want to change or can't change.

Continue reading →

The CISA (US Cybersecurity and Infrastructure Security Agency) has published a list of 15 actively exploited software vulnerabilities, encouraging users of Windows and macOS to install the available patches.

Included in the list is the SeriousSAM vulnerability that is also known as HiveNightmare affects Windows 10 and 11. Tracked as CVE-2021-36934, this is a local privilege escalation vulnerability that makes it possible for an attacker to grab password hashes from the registry and gain admin privileges.

Continue reading →

Internet of Things devices are making their way into more and more areas of our lives. But while they offer many benefits they also present businesses with a problem when it comes to managing and securing them.

An ever widening range of devices now have connectivity that may be off the radar of company IT and cybersecurity teams. We spoke to Roy Dagan, CEO of SecuriThings, to discuss the issue and how enterprises can tackle it.

Continue reading →

Sending and receiving important, mission-critical, or time-sensitive documents -- whether as an email attachment, via a file-sharing app, or as a digital fax -- is today a critical component of business processes and communication.

Digital documents are now a primary form of business communication, and everything from contracts to proposals and RFQs should be considered data that is governed by compliance and security regulations. Let’s examine the four leading considerations for businesses when it comes to secure digital document transmission.

Continue reading →