Articles about threat

AI is one of the most powerful innovations of the decade, if not the most powerful. Yet with that power also comes the risk of abuse.

Whenever any new, disruptive technology is introduced to society, if there is a way for it to be abused for the nefarious gain of others, wrongdoers will find it. Thus, the threat of AI is not inherent to the technology itself, but rather an unintended consequence of bad actors using it for purposes that wreak havoc and cause harm. If we do not do something about these cyber threats posed by the misuse of AI, the legitimate, beneficial uses of the technology will be undermined.

Continue reading →

New analysis from MixMode.ai reveals the countries with the highest and lowest risk for cyber threats worldwide in 2024, with the US ranking 9th overall among countries with the lowest risk.

The analysis is based on a comprehensive dataset encompassing various indices, including the National Cyber Security Index, Cybersecurity Exposure Index, Global Cybersecurity Index, Cyber Resilience Index, and the Final Cyber Safety Score to give each of 70 countries a score out of 100.

Continue reading →

Security vulnerabilities often lurk undetected within organizations, a consequence of gaps in traditional security assessments. These gaps can arise from missed systems during scans or the use of improper scanning techniques or technologies for specific systems.

To effectively manage risk, organizations need a comprehensive understanding of their security posture across the entire technology stack. This is where continuous risk assessment comes in -- it provides enhanced visibility, pinpointing vulnerabilities that periodic audits might miss and highlighting the limitations of traditional methods.

Continue reading →

It’s no secret that artificial intelligence (AI) is transforming software development. From automating routine tasks to enhancing code efficiency and optimizing testing processes, AI is helping developers save time, money, and resources. It can also analyze code to detect bugs, security vulnerabilities, and quality issues more effectively than traditional models. If you’re thinking there’s a "but" coming, you’re right.

The downside to the benefits of leveraging AI technologies in software development is that it can also enhance the capabilities of malware developers. As such, the proliferation of AI is not necessarily fueling new cyberattacks, it is simply creating an even distribution of enhanced proficiency for both legitimate and malicious actors.

Continue reading →

This year sees elections around the world, affecting around half the global population, with voters in the US, Mexico, India, Taiwan, Indonesia, the UK and other places all heading to the polls.

A new report from Everstream Analytics looks at how these elections will create new supply chain risks associated with global trade, commodity supplies and cyberattacks.

Continue reading →

According to a new report, 74 percent of all cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering.

More than two-thirds believe employees are putting the organization at risk through the misuse of email, oversharing company information on social media, and careless web browsing. This highlights the need for staff to receive better training on the risks.

Continue reading →

The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organizations’ IT networks in the US and is preparing “disruptive or destructive cyber attacks” against communications, energy, transport, water and waste water systems.

The announcement, which was supported by national cybersecurity agencies in Australia, Canada, UK, and New Zealand, is a sobering reminder that modern life relies on digital networks. From healthcare, banking, and socializing, to energy, water, local and national government -- everything has a digital aspect. But while digitization has delivered great leaps forward in convenience, speed, and efficiency, it has also introduced risk. Malicious forces wanting to disrupt economies, governments, and people, know that targeting digital networks is the quickest route to maximum cross-border disruption.

Continue reading →

A new report from HP Wolf Security shows cybercrime groups are using professional advertising tools to optimize their malware campaigns and convince users to take the bait.

The report identifies the DarkGate campaign which uses ad tools to sharpen attacks. Malicious PDF attachments, posing as OneDrive error messages, direct users to sponsored content hosted on a popular ad network. This leads to DarkGate malware which hands backdoor access to cybercriminals into networks, exposing victims to risks like data theft and ransomware..

Continue reading →

According to new research from International Data Corporation (IDC) and Exabeam, 57 percent of companies experienced significant security incidents in the last year that needed extra resources to address.

North America experienced the highest rate of security incidents (66 percent), closely followed by Western Europe (65 percent), then Asia Pacific and Japan (APJ) (34 percent).

Continue reading →

A new study finds that that most organizations anticipate phishing (81 percent), malware and ransomware (76 percent), and accidental data loss (63 percent) will be the top security risks over the next six months, followed by social engineering (55 percent) and third-party risks (52 percent).

The report from Fortra looks at the challenges security professionals have faced over the past year, as well as what they plan to focus on next as they continue to embrace digital transformation, new hybrid infrastructures and a challenging security landscape.

Continue reading →

DDoS (distributed denial-of-service) protection occupies a peculiar spot in cybersecurity. While "newer" threats like AI-enabled cybercrime and the ongoing ransomware spree take up many airwaves, DDoS is relatively stable. For many, it's a known quantity. But this is where the problem lies. DDoS has been around for so long, and companies have been mitigating against it for all this time that a knowledge gap is slowly creeping in.

Because things change, bad habits get picked up, or common misconceptions go unchallenged and evolve into full-blown myths. Companies might be ‘protecting’ themselves under false pretenses, so it pays to revisit what you know, explore what’s changed and rebuild your knowledge of the threat landscape semi-regularly. So, with that in mind, let's explore three common myths we regularly encounter in the DDoS space. 

Continue reading →

Cyber Threat Intelligence introduces the history, terminology, and techniques to be applied within cyber security, offering an overview of the current state of cyberattacks and stimulating readers to consider their own issues from a threat intelligence point of view. The author takes a systematic, system-agnostic, and holistic view to generating, collecting, and applying threat intelligence.

The text covers the threat environment, malicious attacks, collecting, generating, and applying intelligence and attribution, as well as legal and ethical considerations.

Continue reading →

Open-source software (OSS) is now so widely used that it is incredibly difficult to find an organization that doesn’t incorporate OSS in some form or another -- whether that be in a standalone open-source product, or more commonly, in the form of OSS packages. Though its usefulness cannot be doubted, the prevalence of this software is exactly what makes it a major target for cyber-attacks.

A prime example of this is Log4j, a popular logging utility used by scores of organizations for recording events such as status reports and errors. In a situation which came to be known as 'Log4shell', a zero-day vulnerability allowed threat actors to compromise systems using malicious code and take control all while remaining undetected. At the time, its impact was described as "enormous" and the implications of its implementation into countless commercial products underlined the inherent vulnerabilities of some open-source technologies when weak points are exposed.

Continue reading →

Threat validation is an indispensable component of every security detection program, ensuring a healthy detection pipeline.

 This comprehensive detection engineering guide will serve as an introduction for those who are new to detection validation, providing valuable guidelines to swiftly bring you up to speed. The book will show you how to apply the supplied frameworks to assess, test, and validate your detection program.

Continue reading →

The cybersecurity landscape is experiencing an unprecedented surge in vulnerabilities. In 2022 alone, a staggering 25,096 new vulnerabilities were added to the National Vulnerability Database (NVD). This number represents the highest count of vulnerabilities ever recorded within a single year and reflects a 25 percent increase compared to the 20,196 new vulnerabilities reported in 2021.

This escalating trend indicates that cybersecurity threats are not only on the rise but are also accelerating at an alarming pace. The reasons behind this surge in vulnerabilities are multifaceted, stemming from factors such as the increasing complexity of software and technology systems, the rapid pace of digital transformation, and the growing sophistication of cyber attackers.

Continue reading →