A record 71 percent of organizations were impacted by successful ransomware attacks last year, according to the 2022 Cyberthreat Defense Report (CDR) from CyberEdge Group, up from 55 percent in 2017.

Of those that fell victim, almost two-thirds (63 percent) paid the requested ransom, up from 39 percent in 2017.

Continue reading →

It has been a very long time coming, but Microsoft appears to have finally understood the value and importance of HTTPS. For reasons best known to the company, anyone looking to download updates from the Microsoft Update Catalog have had to do so via HTTP links -- but no longer.

In the last few days, Microsoft made a server-side change that means Microsoft Update Catalog downloads now use HTTPS connections. The switch to HTTPS affects everything from Windows 11 to Office, and everything in between.

Continue reading →

It's now over three months since the Log4Shell vulnerability, affecting the Log4j logging framework, first appeared.

But new research from Randori shows that it's still giving headaches to enterprises and identifies the top 10 attackable targets.

Continue reading →

With the COVID-19 pandemic and drive for digital transformation the shift to a new distributed workforce model continues at pace.

But this can also leave businesses vulnerable as attack vectors have become more sophisticated -- resulting in a continued shortage of security experts.

Continue reading →

A new study commissioned by Imperva from Forrester Research finds 58 percent of sensitive data security incidents are caused by insider threats.

And yet 31 percent of firms don't believe insiders are a substantial threat. Indeed only 37 percent of participants report having dedicated insider threat teams, and 70 percent of organizations in the EMEA region don't have a strategy for stopping insider threats.

Continue reading →

Credential phishing continues to be the top threat facing organizations, increasing 10 percentage points since 2020, accounting for 67 percent of all phishing emails now observed.

The latest Annual State of Phishing Report from Cofense also reveals that 52 percent of all credential phishing attempts observed by the Cofense Phishing Defense Center (PDC) were branded as Microsoft.

Continue reading →

Microsoft is giving Windows users an easy way to avoid drivers that are known to contain vulnerabilities, helping to improve security.

The company is adding a vulnerable driver blocklist option to Windows Defender Application Control (WDAC) which will help to ensure that only trusted drivers can be installed. The new security measure is available to users of Windows 10, Windows 11 and Windows Server 2016 on systems with hypervisor-protected code integrity (HVCI) enabled, and Windows 10 in S Mode.

Continue reading →

A new study carried out by the Ponemon Institute and sponsored by passwordless authentication platform company Nok Nok Labs, shows the significant costs to businesses that result from authentication failures and weaknesses.

According to the study, which surveyed 1,007 IT staff, IT security leaders, and line of business leaders, the average business losses across all types of authentication weaknesses range from $39 million to $42 million.

Continue reading →

In the light of President Biden's new legislation requiring critical infrastructure organizations to disclose cyber incidents to the government within 72 hours, new research from BitSight shows how unprepared many are to meet the strict disclosure requirements.

Based on analysis of more than 12,000 publicly disclosed cyber incidents between 2019 and 2022, the research finds it takes the average organization 105 days to discover and disclose an incident from the date it occurred.

Continue reading →

The public sector has the highest proportion of security flaws in its applications along with some of the lowest and slowest fix rates compared to other industry sectors.

A new report from application security testing company Veracode finds 82 percent of public sector applications have security flaws and that 60 percent of flaws in third-party libraries in the public sector remain unfixed after two years.

Continue reading →

We all make mistakes from time to time, but a cybersecurity error could cost you your job according to a new report.

The study from email security company Tessian finds almost one in four respondents (21 percent) lost their job as a result of a security mistake that compromised their company’s security -- up from 12 percent in 2020.

Continue reading →

The average time to known exploitation of vulnerabilities is 12 days, down from 42 days last year, according to the latest Rapid7 Annual Vulnerability Intelligence report.

Of 50 2021 vulnerabilities looked at in the report, 43 were exploited in the wild and 52 percent of the known exploited vulnerabilities in this report came under attack within one week of public disclosure.

Continue reading →

Google has released an emergency patch for the Windows, macOS and Linux versions of Chrome after the discovery of a zero-day vulnerability that the company says is being actively exploited.

The security fix comes as Microsoft releases a patch of its own for the same vulnerability (CVE-2022-1096) in Edge, its Chromium-based browser. While neither company has given much detail about the problem, Google describes it as being of high severity.

Continue reading →

The Federal Communications Commission has added Kaspersky to its blacklist in a move that has been branded as political. The FCC says that the Russian security firm has been "deemed to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons".

What this means in practice is that Kaspersky is ineligible to receive FCC funding, joining companies such as Huawei and ZTE. Kaspersky has also been sanctioned by HackerOne, with its bug bounty program being indefinitely suspended.

Continue reading →

Security is always a hot topic, but recent world events have made it more critical than ever to review -- and potentially change -- the security you use to protect your PC. With governments worldwide reiterating their warnings about using Russian-made antivirus tools, now is the time to look for a trusted alternative, and we’ve got just the tool to protect your entire household for the next two years.

Developed in Europe, Avast Ultimate 2022 is designed to protect up to 10 devices across Windows, Mac, iOS and Android. It’s a suite of four products: Avast Premium Security 2022, Avast SecureLine VPN 2022, Avast Cleanup Premium 2022, and Avast AntiTrack Premium 2022. Combined, you get comprehensive protection from all kinds of threats, not just against malware.

Continue reading →