Articles about Security

The first quarter of 2022 has seen a rise in cybercriminals deceiving victims through new deepfakes and crypto scams to gain access to their financial or personal information.

The latest quarterly Consumer Cyber Safety Pulse Report from Norton Labs reveals deepfakes -- computer-generated images and videos -- are on the rise and being utilized by bad actors to spread disinformation.

Continue reading →

New research from Vectra AI reveals that 74 percent of respondents experienced a significant cybersecurity event in the past year.

The study surveyed 1,800 global IT security decision-makers at companies with over 1,000 employees and finds that 92 percent of respondents say that they had felt increased pressure to keep their organization safe from cyberattacks over the past year.

Continue reading →

The FBI has warned food and agriculture companies to be prepared for ransomware operatives to attack agricultural entities during planting and harvest seasons.

The FBI warning notes previous ransomware attacks during these seasons against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer.

Continue reading →

New phishing sites are launched on a regular basis, even back in 2017 1.4 million were launching every month according to Webroot, and most of them exist for less than 24 hours.

This makes it hard for security teams to pre-empt attacks, but email and brand protection company Red Sift has come up with an answer in the launch of a new platform that proactively uncovers impersonation domains and takes them down before they can be exploited.

Continue reading →

To celebrate the first anniversary of its Autofill tool, Microsoft has added new capabilities to its password security utility.

Available to use with Microsoft Edge natively, on iPhones and Android devices via an app, and in Chrome using an extension, Microsoft Autofill makes it easy to store and sync passwords in the cloud and have them automatically entered in logon forms. A new update to Microsoft Authenticator app means that it can now be used to generate strong passwords on demand.

Continue reading →

As organizations move to fully embrace cloud, the significant benefits of running IT infrastructure via cloud services are becoming even more evident. Not only do cloud-based services come at a far lower cost than physical platforms and deployments, IT leaders are also able to side-step much of the risk and 'heavy lifting' around tech investment and maintenance by moving this out of local data centers. They can also enjoy expert third-party systems management and reliable service delivery, without having to give up much of the control for end users.

Microsoft 365 is a great case in point. The procurement model for this ever-expanding suite of high-qual­ity IT services is based around a price per user. It is easily scalable as teams and organizations grow and can therefore help to optimise budgets, avoiding payment for infrastructure that may go unused. It’s also growing, with new features and functionality added every day that will keep IT departments at the cutting edge of optimal business processes.

Continue reading →

A new study shows that 69 percent of tech executives believe shadow IT is a top security concern related to SaaS adoption.

The report from automated SaaS management platform Torii reveals 41 percent of executives say challenges with SaaS spend visibility and optimization have impacted the way their organization operates.

Continue reading →

We're all used to those irritating questions you have to answer when you contact a company: the make of your first car, the town where you were born, the dog's maiden name, etc. But it seems that criminals may actually be better at answering them than we are.

Fraudsters are able to pass knowledge based authentication (KBA) questions 92 percent of the time, based on a national contact center case study, while genuine customers only pass KBA's 46 percent of the time.

Continue reading →

Attackers are finding new ways to target cloud-native environments according to a new report from Aqua Security's Nautilus threat research team.

While cryptominers are the most common malware observed, with increasing frequency researchers have discovered an increased usage of backdoors, rootkits and credential stealers.

Continue reading →

Cybercrime tends to follow the money when it comes to selecting targets, so it’s perhaps not too surprising to learn that 63 percent of financial institutions admit experiencing an increase in destructive attacks.

The latest Modern Bank Heists report from VMWare surveyed the financial industry's top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift in the sector.

Continue reading →

While the Russian security firm has fallen out of favor in recent months, Kaspersky has announced that it has managed to crack the Yanluowang ransomware.

Yanluowang was discovered by Symantec last year, and now Kaspersky has identified a vulnerability in the encryption algorithm it uses. This has enabled the company to develop a free decryption tool which can be used by ransomware victims to get their data back without having to pay a cent.

Continue reading →

A team of security researchers at ESET have unearthed a trio of vulnerabilities with Lenovo laptops. More than one hundred different models of laptop are affected, meaning that millions of owners are at risk.

Two of the vulnerabilities (CVE-2021-3971 and CVE-2021-3972) affect UEFI firmware drivers and are extremely worrying because of the potential implications of exploitation. CVE-2021-3970 is a slightly less serious memory corruption problem, but it remains concerning.

Continue reading →

A new report from compliance and risk management firm Kiteworks shows 51 percent of organizations are inadequately protected against third-party security and compliance risks related to sensitive content communications.

It also reveals that most organizations share sensitive content with a long list of third-party entities. Two-thirds do so with more than 1,000 third parties, while one-third have over 2,500.

Continue reading →

A new report from Enterprise Strategy Group (ESG), sponsored by Keepit, shows that granular and air-gapped backup are critical to data recovery when businesses are hit by ransomware.

Of more than 600 respondents to the survey, 79 percent have experienced a ransomware attack within the last year, with 17 percent experiencing attacks weekly and 13 percent daily.

Continue reading →

Millions of dollars are lost to online scams each year and the fraudsters are getting ever more sophisticated in the targeting of their attacks.

Much of today's fraud is executed using information about the consumer's habits and personal details, usually captured in phishing attacks or data breaches. The fact that we’re conducting more of our transactions online as a result of the pandemic has created even more opportunity for fraudsters.

Continue reading →