Articles about Security

Though the overall number fell slightly, DDoS attacks became both bigger and more complicated in 2021 according to a new report from cloud-based managed security services platform F5 Silverline.

By the final quarter of last year the mean attack size recorded was above 21 Gbps, more than four times the level at the beginning of 2020. Last year also saw the record for the largest-ever attack broken on several occasions.

Continue reading →

The annual tax season is inevitably the cue for a spate of attacks impersonating official sites or popular accounting software.

In a new twist for this year researchers at email security firm Avanan have uncovered attacks spoofing fintech apps such as Stash and Public to steal credentials and give users a false sense of security that they've compiled the right tax documents.

Continue reading →

More than three-quarters (78 percent) of respondents to a new survey say managing user identities between multiple clouds is their number one challenge.

The study carried out by Forrester for Strata Identity finds 70 percent want to migrate to the cloud increase security and protect data. But at the same time 28 percent of companies are using four or more public/private clouds today and that's expected to more than double in two years to 65 percent.

Continue reading →

New research from Splunk's SURGe team looks at how quickly ten major ransomware strains, including Lockbit, Revil and Blackmatter, can encrypt 100,000 files.

The research shows that the median ransomware variant can encrypt nearly 100,000 files totaling 53.93GB in 42 minutes and 52 seconds. Encryption speeds vary between ransomware variants though with individual ransomware samples ranging from four minutes to three and a half hours to encrypt the same data.

Continue reading →

Almost a third (29 percent) of workers still use the same passwords for both personal and work accounts, potentially compromising their organisation if a personal account gets hacked.

A new study of 2,000 UK adults carried out by OnePoll for professional services company Gemserv also shows 39 percent of respondents access corporate accounts and content from their personal devices often or always, with another 24 percent doing so sometimes.

Continue reading →

A new report shows that 81 percent of organizations have experienced at least two or more disruptive outages caused by expired certificates in the past two years, up from 77 percent last year.

The report from machine identity platform Keyfactor, based on research by the Ponemon Institute, finds the cut in SSL/TLS certificate lifespans to one year in September 2020 has made it much more difficult to keep the pace with certificate issuance and management.

Continue reading →

Nearly 90 percent of device assets in the modern organization are cloud-based, meaning physical devices such as laptops, tablets, smartphones, routers, and IoT hardware represent less than 10 percent of total devices.

However, the latest State of Cyber Assets report from JupiterOne analyzed nearly 10 million security policies and finds that cloud-specific ones represent less than 30 percent of the total.

Continue reading →

Legitimate penetration testing tools like Cobalt Strike, Impacket and RMM, are being used by threat actors because it's more efficient to use existing tools that are proven to be successful than to create new software.

The latest Threat Detection Report from managed detection and response firm Red Canary shows Cobalt Strike in particular has never been more popular, impacting eight percent of its customers in 2021.

Continue reading →

Cybersecurity company F-Secure is rebranding its corporate security business under the new name WithSecure and with a snazzy new logo, above.

Previously known as F-Secure Business, WithSecure will focus on corporate security products and solutions, while consumer security products and services remain available under the existing F-Secure name.

Continue reading →

The COVID-19 pandemic sparked a shift towards work-from-home or telecommuting arrangements, which many companies are saying they are likely to retain even after the pandemic. This new way of working or doing business has raised the demand for collaboration platforms and virtual rooms, which in turn create new cyber security challenges.

One recent flaw is referred to as a cross-site leak or XS-Leak and is linked to Slack's file-sharing feature. If exploited, malicious actors can potentially identify users outside of the workforce messaging platform. It allows cybercriminals to circumvent the web browser security feature called "same-origin policy," which stops browser tabs and frames of different domains from accessing each other’s data.

Continue reading →

When the Log4Shell vulnerability appeared in December last year the effects rippled across the cybersecurity world with potentially millions of devices affected.

A new study from Qualys takes a look at how enterprises responded to the vulnerability and how successful their remediation efforts were.

Continue reading →

Businesses are investing more in site reliability engineering but are being held back by outdated and manual processes, according to a new report.

A study of 450 site reliability engineers carried out by software intelligence company Dynatrace finds 88 percent say there is now more understanding of the strategic importance of their role than there was three years ago.

Continue reading →

The threat landscape is becoming more challenging from every angle. Security teams are understaffed and overworked and are still catching up after the wide-ranging effects of the pandemic. There’s unfortunately no end in sight as the skills gap widens and the complexity around IT management continues to grow with remote work programs going from sticking plaster to get through the initial lockdown to 'business as usual.' Bad actors are becoming more sophisticated each day. It has never before been this hard to keep your organization secure.

It’s no wonder that many security professionals fall into the trap of adopting numerous security tools to help them cope with these problems. In the hope of using the latest and seemingly greatest technology, CISOs think adding another security layer will reduce their risk exposure. If only it were that easy. Adding more technology can solve some of the issues, but it can also dilute team attention spans further, leading to more problems over time.

Continue reading →

It never takes long for threat actors to jump on a bandwagon and the Ukraine conflict is the latest event to prompt a wave of cryptocurrency phishing emails.

A new report of February's attack vectors from managed detection and response company Expel shows attempts to impersonate legitimate aid organizations to exploit people's desire to support refugees and victims with donations.

Continue reading →

New research by Trustwave SpiderLabs has uncovered a phishing attack that is able to adapt itself to the user's email service in order to trick them into revealing their login credentials.

The attack acts like a chameleon, putting up a fake login page tailored for whatever email service the victim is using. So Gmail users for example will see a different page from Apple, Outlook or Yahoo! Mail users.

Continue reading →