Security

Thanks to organizational changes brought about by digital transformation, enterprise use of Public Key Infrastructure (PKI) and digital certificates has never been higher, but the related skills to manage PKI are in historically short supply.

A new report from trusted identity company Entrust, based on research from the Ponemon Institute, finds cloud-based services remain the highest driver of PKI use at 51 percent, the Internet of Things (IoT) remains the second highest growing trend cited by 46 percent of respondents, and consumer mobile comes in third at 39 percent.

Patch Tuesday has rolled round again, and Microsoft has released a cumulative update for Windows 11.

The KB5007215 update addresses security issues that have been found in the latest version of Microsoft’s operating system, and also fixes other problems. Among the issues patched are a screen rendering problem affecting various apps. Microsoft has also released a video including some Windows 11 tips.

As digital transformation projects roll out, APIs are more critical than ever to build modern applications. But as we reported last week they also create security headaches.

Security testing specialist Veracode is addressing this with the launch of a new scanning tool that enables organizations to find and fix vulnerabilities in APIs.

Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020 level, according to the latest quarterly trends report by PhishLabs.

Social media is now the attack target of choice, with attacks per target climbing steadily, up 82 percent year-to-date. The payment services industry continues to be the most targeted, but staffing and recruiting experienced the steepest increase in attacks compared to Q2.

New research from security automation specialist Ivanti shows that ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since the beginning of 2021.

The report, produced with Cyber Security Works and Cyware, reveals that the last quarter has seen a 4.5 percent increase in CVEs associated with ransomware.

The idea of a 'common digital identity' (CDI), that would allow access to a range of services, offers huge benefits to financial institutions in delivering better, faster, and more reliable checks for consumers.

Consumers themselves, however, are less convinced. A survey conducted by RegTech Associates on behalf of PassFort finds only 17 percent of UK respondents say they are very much in favour of CDI.

Only 45 percent of respondents to a recent survey believe it is currently possible to prevent all malware threats from infiltrating their organization's network.

The survey from Deep Instinct does show some longer term optimism though. 66 percent of respondents believe it may be possible to prevent all malware threats from infiltrating their organization's network in the next two to five years.

According to commonly accepted truisms within the app development world, consumers care most about functionality, and they’re perfectly willing to give up strong security if it means they get better features faster.

Unfortunately, these bits of common knowledge about consumers’ attitudes towards mobile security are wrong, according to a recent Appdome survey of 10,000 mobile consumers from around the world. Far from accepting a "buyer beware" approach to mobile app security, consumers place a high priority on security and possess a sophisticated understanding of mobile security. In fact, 74 percent of all consumers would stop using an app if they learned it had been breached or hacked, and nearly half (46 percent) would tell their friends to do the same.

Microsoft's Active Directory is used by many businesses as a way of managing identity services and controlling access.

But if it's not configured correctly it can lead to security risks. But how dangerous is this and what can enterprises do to keep themselves safe? We spoke to Andy Robbins, technical product architect at SpecterOps to find out.

Open banking, connecting banks, third parties and service providers, allowing them to exchange information quickly and securely, has been rolling out since 2018 and delivers a great deal of convenience for consumers.

However, while it doesn't introduce new fraud risks in itself, open banking does create opportunities for fraudsters to attempt account takeovers, for example, or to target banks' own PSD2 (Payment Services Directive 2) implementations for Payment Initiation Service Providers (PISP).

According to a new report 59 percent of all workers are using corporate email for personal use, but Gen Zs are the biggest offenders at 93 percent.

The study from SailPoint also finds that Gen Z (77 percent) and Millennials (55 percent) are using corporate emails for their social media logins, compared to just 15 percent of Gen X and seven percent of Boomers.

Rootkits, those sneaky bits of software that lurk deep inside a system in order to give access to hackers, have been around since the late 1980s.

A new study from Positive Technologies takes a close look at how they have evolved in recent years and just how much of a threat they present.

A new report from Imperva suggests that the 2021 holiday shopping season faces disruption by cybercriminals looking to create chaos and take advantage of the global supply chain crisis.

Bot attacks against retail sites have risen by 13 percent in 2021, with 57 percent of attacks recorded on eCommerce websites this year carried out by bots. In comparison, bad bots made up just 33 percent of the total attacks on websites in all other industries in 2021.

Over the last year at least 44 percent of respondents to a new survey faced substantial issues concerning privacy, data leakage, and object property exposure with internal or external-facing APIs.

The study for Cloudentity, based on research carried out by PulseQA, shows that as a result of these issues, 97 percent of enterprises have experienced delays in releases of new applications and service enhancements due to identity and authorization issues with APIs and services.

New research from identity security specialist One Identity shows that 95 percent of companies report challenges managing identities.

In addition 84 percent say that the number of identities they're managing has more than doubled, which means they have too many identities and credentials to keep track of, leaving holes within their network, evidenced by only 12 percent of security professionals being fully confident they can prevent a credential-based attack.