Articles about Threats

Data centers are increasingly faced with more sophisticated attack techniques, putting the information they hold at risk.

Specific vulnerabilities such as misconfigurations may pass under the radar of traditional security scans. We spoke to Daniel dos Santos, head of security research at Forescout, to discuss the potential impact of these vulnerabilities and why data centers need to strengthen their risk management.

Continue reading →

The growth in mobile device and app usage has created a growing attack surface, with 60 percent of global web traffic now coming from mobile devices. So it's not surprising that increasing numbers of cybercriminals and nation state actors want to exploit these areas of vulnerability.

The latest Global Mobile Threat Report from Zimperium finds that 80 percent of phishing sites now either specifically target mobile devices or are built to function on both mobile devices and desktops.

Continue reading →

Stolen identities continue to cause massive breaches, exposing 1.5 billion user records and costing businesses an average of $9.4 million per breach in 2022, according to a new report.

The ForgeRock 2023 Identity Breach Report shows that attackers continue to target credentials and use them as a stepping stone to infiltrate an organization across industries and geographies. What’s more and AI is making it more difficult for the average human to identify threats.

Continue reading →

The technology world never stands still for very long and as new technologies emerge so too do new threats. With things like quantum computing on the verge of becoming mainstream it's important to understand their security implications.

We spoke to Archie Agarwal, founder and CEO of ThreatModeler to discuss how DevSecOps can help to identify and mitigate these new threats to cloud services.

Continue reading →

The modern workplace is, to put it mildly, unsettled. The employee/employer relationship has been fractured in the wake of a chain of events that includes the COVID-19 shutdowns, the increase in remote work, the Great Resignation and the recent rash of layoffs combined with a labor market that nevertheless remains stubbornly tight.

A disconnect between employers and employees has emerged concerning work-life balance and the familiar-but-vague concept known as "organizational commitment," driven in part by social media-fueled myths such as "quiet quitting.”" A key concern for employers is that, according to workplace theory and several case studies, a lower level of "organizational commitment" among employees leads to an increase in the likelihood of insider threats. Whether they are leaving companies or staying on the job, employees who aren’t committed to their organizations are more likely to steal critical information.

Continue reading →

A record 26,448 software security flaws were reported by CISA last year, with the number of critical vulnerabilities (CVEs) up 59 percent from 2021 at 4,135.

The 2023 Annual Threat Intelligence Report, from the Deepwatch Adversary Tactics and Intelligence (ATI) team, also shows that the conflict between Ukraine and Russia has unleashed a flurry of amateur and state-sponsored attacks and breaches on organizations and critical infrastructure.

Continue reading →

Popular online platforms such as Netflix, Facebook, and Steam are being used to spread cyber attacks as criminals focus on consumers' favorite online activities.

The latest consumer threat guide from F-Secure finds the most imitated social media platform used to spread phishing threats in 2022 was Facebook at 62 percent. Steam, the largest distribution platform for PC games, was the most popular gaming platform to spoof at 37 percent.

Continue reading →

It used to be the case that all you had to worry about with ransomware was encrypted data, but the latest Cyberthreat Defense Report (CDR) from CyberEdge Group reveals that last year 78 percent of ransomware victims faced the consequences of one, two or three additional threats unless they paid the ransom.

Additional threats include launching distributed denial of service (DDoS) attacks (42 percent), notifying customers or the media of the data breach (42 percent), and publicly releasing exfiltrated data (40 percent).

Continue reading →

While many were marveling at the release of OpenAI’s GPT-4, Monitaur was busy analyzing the accompanying papers that examined the risks and technical design of its latest engine. In this commentary, I examine this through the lens of proper governance, responsible use, and ethical AI, while also considering the larger landscape of language models within which OpenAI sits.

The analysis results were not what were hoped for.

Continue reading →

Just 15 percent of organizations globally have the 'Mature' level of readiness needed to be resilient against today's modern cybersecurity risks, according to Cisco's first-ever Cybersecurity Readiness Index.

More than half (55 percent) of companies globally fall into the Beginner (eight percent) or Formative (47 percent) stages, meaning they are performing below average on cybersecurity readiness.

Continue reading →

Cybercrime actors are shifting away from ransomware to new, innovative techniques, according to the latest CrowdStrike Global Threat Report released today.

The report shows 71 percent of attacks detected in the last year were malware-free (up from 62 percent in 2021) and interactive intrusions (hands on keyboard activity) increased 50 percent in 2022. This shows how sophisticated human adversaries are increasingly looking to evade antivirus protection and outsmart machine-only defenses.

Continue reading →

The final quarterly analysis of 2022's threat landscape from Nuspire confirms that last year saw the most threat activity in history.

While Q4 saw dips across all three sectors Nuspire monitors -- malware, botnets and exploits -- the net sum for the year shows a marked increase, especially in the case of exploits, which nearly doubled.

Continue reading →

In 2022, the number of DDoS attacks grew 150 percent globally compared to the previous year, while the number of attacks in the Americas rose even faster, increasing 212 percent compared to 2021.

These figures are from the 2022 Global Threat Analysis Report released today by Radware which also shows the frequency of DDoS attacks saw a significant uptick. Globally, organizations mitigated an average of 29.3 attacks per day during the fourth quarter of 2022, 3.5 times more compared to 8.4 attacks per day at the end of 2021.

Continue reading →

This summer, Gartner introduced Continuous Threat Exposure Management (CTEM). This is a set of processes and capabilities that allow organizations to create a system for review of exposures that is faster than the periodic project-based approach.

With endless threats and vulnerabilities hammering today's organizations, exposure management that evaluates the accessibility, exposure and exploitability of all digital and physical assets is necessary to govern and prioritize risk reduction for enterprises.

Continue reading →

In the past decade, privacy-related legislation has developed considerably. The 'privacy industry' has gone through a metamorphosis not seen in many other disciplines. Now, as we reflect on the future post-pandemic, we must recognize that being able to quickly access and share accurate data is fundamental to everyone. 

When thinking about this, it’s important to remember that there’s a heavy overlap between business and personal aspects, an example of this is password managers. These will have both personal and work-related credentials saved to them, which can be hard to distinguish, and this is why corporate family use plans exist.

Continue reading →