Articles about Security

According to commonly accepted truisms within the app development world, consumers care most about functionality, and they’re perfectly willing to give up strong security if it means they get better features faster.

Unfortunately, these bits of common knowledge about consumers’ attitudes towards mobile security are wrong, according to a recent Appdome survey of 10,000 mobile consumers from around the world. Far from accepting a "buyer beware" approach to mobile app security, consumers place a high priority on security and possess a sophisticated understanding of mobile security. In fact, 74 percent of all consumers would stop using an app if they learned it had been breached or hacked, and nearly half (46 percent) would tell their friends to do the same.

Continue reading →

Microsoft's Active Directory is used by many businesses as a way of managing identity services and controlling access.

But if it's not configured correctly it can lead to security risks. But how dangerous is this and what can enterprises do to keep themselves safe? We spoke to Andy Robbins, technical product architect at SpecterOps to find out.

Continue reading →

Open banking, connecting banks, third parties and service providers, allowing them to exchange information quickly and securely, has been rolling out since 2018 and delivers a great deal of convenience for consumers.

However, while it doesn't introduce new fraud risks in itself, open banking does create opportunities for fraudsters to attempt account takeovers, for example, or to target banks' own PSD2 (Payment Services Directive 2) implementations for Payment Initiation Service Providers (PISP).

Continue reading →

According to a new report 59 percent of all workers are using corporate email for personal use, but Gen Zs are the biggest offenders at 93 percent.

The study from SailPoint also finds that Gen Z (77 percent) and Millennials (55 percent) are using corporate emails for their social media logins, compared to just 15 percent of Gen X and seven percent of Boomers.

Continue reading →

Rootkits, those sneaky bits of software that lurk deep inside a system in order to give access to hackers, have been around since the late 1980s.

A new study from Positive Technologies takes a close look at how they have evolved in recent years and just how much of a threat they present.

Continue reading →

A new report from Imperva suggests that the 2021 holiday shopping season faces disruption by cybercriminals looking to create chaos and take advantage of the global supply chain crisis.

Bot attacks against retail sites have risen by 13 percent in 2021, with 57 percent of attacks recorded on eCommerce websites this year carried out by bots. In comparison, bad bots made up just 33 percent of the total attacks on websites in all other industries in 2021.

Continue reading →

Over the last year at least 44 percent of respondents to a new survey faced substantial issues concerning privacy, data leakage, and object property exposure with internal or external-facing APIs.

The study for Cloudentity, based on research carried out by PulseQA, shows that as a result of these issues, 97 percent of enterprises have experienced delays in releases of new applications and service enhancements due to identity and authorization issues with APIs and services.

Continue reading →

New research from identity security specialist One Identity shows that 95 percent of companies report challenges managing identities.

In addition 84 percent say that the number of identities they're managing has more than doubled, which means they have too many identities and credentials to keep track of, leaving holes within their network, evidenced by only 12 percent of security professionals being fully confident they can prevent a credential-based attack.

Continue reading →

Energy organizations provide infrastructure that's essential for the safety and well being of society, but recent events like the Colonial Pipeline breach demonstrate that the industry is particularly vulnerable to cyberattacks.

A new report on energy industry threats finds that 20 percent of energy employees have been exposed to a mobile phishing attack in the first half of 2021, a 161 percent increase from the second half of 2020.

Continue reading →

It's easy to pigeonhole cybersecurity as something for the IT or security team to look after. But a major cyberattack can have a devastating impact on the business as a whole.

It's important, therefore, that security be looked at in the context of the entire enterprise. This also means considering approaches like 'assumed breach' where you accept that sooner or later attackers will succeed in getting into your network.

Continue reading →

Despite the rising popularity of other communication and collaboration methods like Zoom and Teams, email remains at the core of business correspondence. However, it also remains a popular vehicle for delivering cyberattacks and other unwelcome material.

Secure email company Avanan has produced an infographic looking at email safety.

Continue reading →

A new report from HP Wolf Security looks at how hybrid work is changing user behavior and creating a 'perfect storm' of cybersecurity challenges for IT departments.

The research shows that a growing number of users are buying and connecting unsanctioned devices without the IT team's approval. It also highlights that threat levels are rising, with attackers increasingly successful at bypassing defenses and tricking users into initiating attacks through phishing.

Continue reading →

APIs are designed to be fast and easy pipelines between different platforms. They offer convenience and user experience which makes APIs essential to many businesses, but it also makes them attractive targets for cybercriminals.

A new report from Akamai, produced in collaboration with Veracode, highlights the frustrating pattern of API vulnerabilities, despite improvements that have been made in software development life cycles (SDLCs) and testing tools.

Continue reading →

New research from cloud encryption specialist NordLocker looks at which industries are the most popular targets for ransomware, analyzing 1,200 companies hit by 10 infamous ransomware gangs in 2020 and 2021.

Perhaps surprisingly the construction sector tops the list with 93 attacks, followed by manufacturing on 86, finance on 69, healthcare on 65, and with education rounding out the top five on 63.

Continue reading →

The latest cloud security study from Thales shows that 83 percent of businesses are still failing to encrypt half of the sensitive data they store in the cloud.

This is despite the fact that 40 percent of organizations have experienced a cloud-based data breach in the past 12 months.

Continue reading →