Articles about Security

Kaspersky has been trying to distance itself from ties to the Russian state for several years, but the invasion of Ukraine has cast some doubt on its success.

The Cybernews site reports that Kaspersky Lab is protecting the resources of the Russian Ministry of Defense along with other high-profile Russian domains including Russia Today, TASS news agency, and Gazprom bank.

Continue reading →

In 2021, there was a surge of attacks targeting Active Directory domain controllers in order to gain the privileges that are needed to install backdoors, change security policies, and distribute ransomware or malware.

In recent days there have also been attacks targeting organizations in the Ukraine using the HermeticWiper malware which is implanted via Active Directory to destroy data on the machine.

Continue reading →

The latest Cyber Threat Landscape Report out this week from Deep Instinct reveals that bad actors are clearly investing in anti-AI and adversarial attack techniques and integrating these methods into their larger evasion strategy.

It also highlights a change in the way attacks are carried out and says we are now witnessing some groups opting to inflict maximum impact over a shorter time span. These short duration attacks are carried out with the goal of damaging data (its confidentiality and availability), destabilizing a business, and impairing business continuity.

Continue reading →

The financial, operational, and reputational risks of ransomware make it the top threat facing financial services organizations, a new report from F-Secure says.

The three most common routes used to spread ransomware are phishing, exposed remote desktop protocol (RDP) ports, and the exploitation of vulnerable software.

Continue reading →

Operational technology and industrial control systems saw a 110 percent increase in the number of vulnerabilities disclosed in the second half of last year.

The latest Biannual ICS Risk & Vulnerability Report from Claroty shows that remotely exploitable vulnerabilities are still causing problems, demonstrating the importance of securing remote connections.

Continue reading →

Malicious API traffic has increased 681 percent in the last year, set against a 321 percent increase in overall API traffic.

A new report from API security specialist Salt Security shows 95 percent of surveyed organizations have experienced an API security incident in the past 12 months.

Continue reading →

Only 23 percent of board of directors consider ransomware to be their top priority. Yet 59 percent of organizations have fallen victim to ransomware.

A new study from email security company Egress, independently conducted by Arlington Research, polled 500 IT leaders across the US and UK. It finds 52 percent of organizations allocate less than a quarter of their security budget to anti-phishing measures, yet 84 percent were hit by phishing and 42 percent had credentials stolen.

Continue reading →

According to a new report from SpyCloud, 70 percent of breached passwords are still in use and 64 percent of consumers repeat passwords across multiple accounts.

Researchers identified 1.7 billion exposed credentials, a 15 percent increase from 2020, and 13.8 billion recaptured personal identifiable information (PII) records obtained from breaches in 2021.

Continue reading →

Zero-day exploits are some of the most critical cybersecurity threats facing businesses today, but also one of the most difficult to address. Cybercriminals that exploit zero-day vulnerabilities take advantage of flaws within an organization's software and security systems before the victim itself discovers it. This can lead to potentially devastating consequences when bad actors are successful in  accessing critical data and networks undetected.

It is also much harder to defend against these attacks when the victim is fighting in the dark - how can an organization fix a vulnerability when they don’t know it is there? For this reason, there are thousands of organizations across the world operating with unknown gaps in their cybersecurity defenses that are vulnerable to zero-day threats

Continue reading →

With almost depressing regularity we see lists of commonly used and easily cracked passwords. The problem is that although we all know we should use strong passwords creating them is hard.

If you're struggling to come up with strong passwords don't worry, cybersecurity company F-Secure is riding to your rescue with the launch of a new, free online Strong Password Generator tool.

Continue reading →

Almost every organization is struggling with malware analysis according to a new report from infrastructure protection company OPSWAT.

The study finds 94 percent of organizations are finding it challenging to recruit, train, and retain malware analysis staff. In addition 93 percent of organizations are challenged by malware analysis tools that lack automation, integration, and accuracy. This leads to over 20 percent of organizations reporting they are unable to investigate and resolve a majority of their malicious files or alerts.

Continue reading →

In the past five years 85 percent of organizations have suffered a ransomware incident, while 74 percent have had more than one.

A new report from ExtraHop based on a survey conducted by Wakefield Research shows that 77 percent of IT decision makers are very or completely confident in their company's ability to prevent or mitigate cybersecurity threats.

Continue reading →

Cyberattacks come in many different forms and it’s important for businesses to understand where they're vulnerable in order to mount an effective defense.

We spoke to Ed Williams, cybersecurity specialist at Trustwave, to find out more about vulnerability management, why it's important and how it fits into an organization's overall security strategy.

Continue reading →

While the US and other NATO nations continue to plan and implement sanctions and possible other means of making Vladimir Putin and his Oligarchs feel some pain over what they are currently doing, Hacktivist group Anonymous has already made its choices and has quickly started implementing its own set of consequences upon those responsible for alleged war crimes. 

As of Saturday morning, the group had taken down websites of the Kremlin, the Russian Department of Defense and Russian DUMA (the lower house of the federal assembly). The sites were taken down rather quickly once Anonymous targeted them but periodically popped back to life, only to have that life snuffed backed out again by renewed efforts. 

Continue reading →

Fake versions of popular games such as Temple Run and Subway Surfers are being used to distribute dangerous malware through the Microsoft Store to users of Windows 10 and Windows 11.

Security firm Check Point Research found that malicious versions of the titles were riddled with Electron Bot malware and have already infected thousands of computers in countries incuding Sweden, Bulgaria and Russia. The malware gives an attacker a backdoor into a victim's computer allowing for complete system control, as well as control of social media accounts.

Continue reading →