Security

Software supply chain attacks grew by more than 300 percent in 2021 compared to 2020 as attackers focused on open source vulnerabilities and poisoning, code integrity issues, and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.

According to Aqua Security's Argon Security arm, 2021 Software Supply Chain Security Review, security across software development environments remains low, and significantly, every company evaluated had vulnerabilities and misconfigurations that could expose them to supply chain attacks.

New data shows that while total perimeter malware detection volume has decreased, endpoint malware detections had already surpassed the total volume seen in 2020 by the third quarter of 2021.

The latest quarterly report from WatchGuard Technologies also shows a continuing trend for a significant percentage of malware to arrive over encrypted connections, the percentage delivered via TLS jumping from 31.6 percent to 47 percent.

Financial services companies on the Bugcrowd platform experienced a 185 percent increase in the last 12 months for Priority One (P1) submissions, which relate to the most critical vulnerabilities.

According to activity recorded on the Bugcrowd Security Knowledge Platform, high-level trends include an increase in ransomware and the reimagining of supply chains, leading to more complex attack surfaces during the pandemic.

Although Secure Access Service Edge (SASE) is widely seen as the answer to balance network performance and security, new research from Cato Networks shows a radical approach is needed in order to reap the full benefits.

The study of over 2,000 IT leaders and nearly 1,000 channel partners doesn't show much difference between those who have and have not adopted SASE. When asked how they react to performance issues with cloud applications, 67 percent of SASE users and 61 percent of non-SASE users claim they would add bandwidth, while 19 percent of SASE users and 21 percent of non-SASE users would look to WAN optimization appliances.

From a privacy point of view, there is much to love about end-to-end encryption, as employed by the likes of WhatsApp. But while users may delight in the knowledge that their communication is free from surveillance, there are some groups that have a different opinion.

Law enforcement agencies have long-complained that E2E encryption stands in the way of investigations, and serves to complicate evidence gathering. Many governments are of the same mind, and it's not just those that are traditionally regarded as totalitarian by other countries. Governments from ostensibly democratic countries are opposed to E2E encryption, and some are using underhand tactics in negative PR campaigns.

Historically identity and access management has been built around an on-premises model. But with more systems now residing in the cloud the old way of doing things isn't working.

To find out more about why the cloud needs a new approach to IAM we spoke to Britive CEO, Art Poghosyan, about the challenges it raises and how to address them.

Adobe Creative Cloud hosts popular apps including Photoshop and Acrobat, it also aids collaboration by allowing users to share documents.

Cybersecurity researchers at Avanan have discovered that hackers are now exploiting these file-sharing services as a phishing attack vector by sending legitimate emails through a trusted sender, bypassing ATP protection via Adobe’s SaaS offering.

As baby boomers reach retirement age, younger people are taking their place in the workforce. But does this lead to a loss of skills that aren't being replaced?

A new study commissioned by Appgate looks at how generational differences impact cybersecurity teams and the benefits to be gained from having an inter-generational mix of staff.

The financial services industry is a prime target for cybercriminals due to the vast sums of money managed but also the quantity and quality of sensitive information that is collected by these institutions.

A new industry report by Blueliv uses threat intelligence gathered by the company’s Threat Compass to assess the evolving threat landscape surrounding the financial services sector.

Since the Log4Shell attack targeting a log4j vulnerability was first uncovered towards the end of last year it's posed a threat to web servers worldwide.

It's a tricky problem to address because doing so means updating software dependencies. Meanwhile attackers are seeking to inject text into log messages or log message parameters, then into server logs which can then load code from a remote server for malicious use, using obfuscation techniques to hide from security software.

Last year 48 percent of ransomware attacks were directed at targets in the United States, with industrial and energy, retail, and finance businesses among the most threatened.

Research from AtlasVPN finds that out of 2,845 witnessed ransomware attacks worldwide in 2021 1,352 were launched against targets in the US. Meanwhile one in five attacks were against European countries with France suffering 146 attacks, the UK 139 and Germany 115.

Microsoft has fixed a critical vulnerability which affects several versions of its operating system including Windows 11 and Windows Server 2022.

The security bug is an HTTP vulnerability which is tracked as CVE-2022-21907 and Microsoft warns it is wormable. The company has issued a fix for the flaw and says that users should prioritize installing it to secure their systems.

The majority of data breaches are down to compromised credentials that allow privileged access to corporate systems, in particular infrastructure secrets such as API keys, certificates, database passwords and access keys.

Keeper Security is launching a new solution to help businesses in securing these secrets. Keeper Secrets Manager is cloud-based, fully-managed and uses innovative security architecture.

A new survey from Kaspersky finds 85 percent of IT decision makers in North America say their cybersecurity budget will increase anywhere up to 50 percent in the next 12 months.

The survey, carried out in October 2021 and targeting 600 IT decision makers in the US and Canada, finds 28 percent of respondents say their company annually invests anywhere from $25K-$50k in cybersecurity.

Microsoft has revealed details of a security vulnerability in macOS that could be exploited to gain unathorized access to user data.

The vulnerability, which has been named 'powerdir' and is being tracked as CVE-2021-30970, involves a logic issue in the Transparency, Consent and Control (TCC) security framework. The security and privacy problem was discovered by the Microsoft 365 Defender Research Team and was reported to Apple is mid-July last year.