threat

A new survey from HackerOne shows 67 percent of respondents believe an external, unbiased review of GenAI is the most effective way to uncover AI safety and security issues as AI red teaming gathers momentum.

Nearly 10 percent of security researchers now specialize in AI technology as 48 percent of security leaders consider AI to be one of the greatest risks to their organizations, according to the report -- based on data from 500 global security leaders, and more than 2,000 hackers on the HackerOne platform.

A new survey of over 7,000 individuals suggests a growing wave of pessimism among workers regarding cybersecurity practices.

The study from CybSafe and the National Cybersecurity Alliance shows 53 percent believe staying safe online is possible, down by five percent from last year, while only 60 percent think online safety is worth the effort, marking a nine percent drop.

The recent release of “Best Practices for Event Logging and Threat Detection” by CISA and its international partners is a testament to the growing importance of effective event logging in today’s cybersecurity landscape. With the increasing sophistication and proliferation of cyber attacks, organizations must constantly adapt their security strategies to address these advanced threats. CISA’s best practices underscore how a modern SIEM (Security Information and Event Management) solution, especially one equipped with UEBA (User and Entity Behavior Analytics) capabilities, is critical for organizations trying to adopt the best practices in this domain.

A modern SIEM with UEBA can help organizations streamline their event logging policies. It automates the collection and standardization of logs across diverse environments, from cloud to on-premise systems, ensuring that relevant events are captured consistently. This aligns with CISA’s recommendation for a consistent, enterprise-wide logging policy, which enhances visibility and early detection of threats. We've seen a rise in detection and response technologies, from Cloud Detection and Response (CDR) to Extended Detection and Response (XDR) being positioned as alternatives to SIEM. However, when it comes to consistently capturing and utilizing events across diverse environments, SIEM remains the preferred solution for large organizations facing these complex challenges.

It's not what you know, it's what you don’t know that bites you. Cyber attacks, internal rogue employees, and general operational missteps are a constant at enterprises. The cost, both financially and human operationally, impacts morale and budgets.

Many enterprises think they have what they need to defend their attack surfaces, except for one thing: a clear view of ALL the assets that make up that attack surface -- devices, users, applications and vulnerabilities. Too many security teams are trying to protect expanding and increasingly complex infrastructures without knowing all their risk exposures.

Check Point Research (CPR) has identified a critical zero-day spoofing attack exploiting Microsoft Internet Explorer on modern Windows 10/11 systems, despite the browser's retirement.

Identified as CVE-2024-38112, this vulnerability allows attackers to execute remote code by tricking users into opening malicious Internet Shortcut (.url) files. This attack method has been active for over a year and could potentially impact millions.

AI is one of the most powerful innovations of the decade, if not the most powerful. Yet with that power also comes the risk of abuse.

Whenever any new, disruptive technology is introduced to society, if there is a way for it to be abused for the nefarious gain of others, wrongdoers will find it. Thus, the threat of AI is not inherent to the technology itself, but rather an unintended consequence of bad actors using it for purposes that wreak havoc and cause harm. If we do not do something about these cyber threats posed by the misuse of AI, the legitimate, beneficial uses of the technology will be undermined.

New analysis from MixMode.ai reveals the countries with the highest and lowest risk for cyber threats worldwide in 2024, with the US ranking 9th overall among countries with the lowest risk.

The analysis is based on a comprehensive dataset encompassing various indices, including the National Cyber Security Index, Cybersecurity Exposure Index, Global Cybersecurity Index, Cyber Resilience Index, and the Final Cyber Safety Score to give each of 70 countries a score out of 100.

Security vulnerabilities often lurk undetected within organizations, a consequence of gaps in traditional security assessments. These gaps can arise from missed systems during scans or the use of improper scanning techniques or technologies for specific systems.

To effectively manage risk, organizations need a comprehensive understanding of their security posture across the entire technology stack. This is where continuous risk assessment comes in -- it provides enhanced visibility, pinpointing vulnerabilities that periodic audits might miss and highlighting the limitations of traditional methods.

It’s no secret that artificial intelligence (AI) is transforming software development. From automating routine tasks to enhancing code efficiency and optimizing testing processes, AI is helping developers save time, money, and resources. It can also analyze code to detect bugs, security vulnerabilities, and quality issues more effectively than traditional models. If you’re thinking there’s a "but" coming, you’re right.

The downside to the benefits of leveraging AI technologies in software development is that it can also enhance the capabilities of malware developers. As such, the proliferation of AI is not necessarily fueling new cyberattacks, it is simply creating an even distribution of enhanced proficiency for both legitimate and malicious actors.

This year sees elections around the world, affecting around half the global population, with voters in the US, Mexico, India, Taiwan, Indonesia, the UK and other places all heading to the polls.

A new report from Everstream Analytics looks at how these elections will create new supply chain risks associated with global trade, commodity supplies and cyberattacks.

According to a new report, 74 percent of all cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering.

More than two-thirds believe employees are putting the organization at risk through the misuse of email, oversharing company information on social media, and careless web browsing. This highlights the need for staff to receive better training on the risks.

The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organizations’ IT networks in the US and is preparing “disruptive or destructive cyber attacks” against communications, energy, transport, water and waste water systems.

The announcement, which was supported by national cybersecurity agencies in Australia, Canada, UK, and New Zealand, is a sobering reminder that modern life relies on digital networks. From healthcare, banking, and socializing, to energy, water, local and national government -- everything has a digital aspect. But while digitization has delivered great leaps forward in convenience, speed, and efficiency, it has also introduced risk. Malicious forces wanting to disrupt economies, governments, and people, know that targeting digital networks is the quickest route to maximum cross-border disruption.

A new report from HP Wolf Security shows cybercrime groups are using professional advertising tools to optimize their malware campaigns and convince users to take the bait.

The report identifies the DarkGate campaign which uses ad tools to sharpen attacks. Malicious PDF attachments, posing as OneDrive error messages, direct users to sponsored content hosted on a popular ad network. This leads to DarkGate malware which hands backdoor access to cybercriminals into networks, exposing victims to risks like data theft and ransomware..

According to new research from International Data Corporation (IDC) and Exabeam, 57 percent of companies experienced significant security incidents in the last year that needed extra resources to address.

North America experienced the highest rate of security incidents (66 percent), closely followed by Western Europe (65 percent), then Asia Pacific and Japan (APJ) (34 percent).

A new study finds that that most organizations anticipate phishing (81 percent), malware and ransomware (76 percent), and accidental data loss (63 percent) will be the top security risks over the next six months, followed by social engineering (55 percent) and third-party risks (52 percent).

The report from Fortra looks at the challenges security professionals have faced over the past year, as well as what they plan to focus on next as they continue to embrace digital transformation, new hybrid infrastructures and a challenging security landscape.