Articles about Security

In the past six months overall API traffic has increased 141 percent but in the same time period, API attack traffic has grown by a startling 348 percent.

A new report from Salt Security reveals significant challenges in addressing API security, with all Salt customers experiencing API attacks, security topping the list of API program concerns, and very few respondents feeling confident they can identify and stop API attacks.

Continue reading →

The cybersecurity skills crisis has impacted 57 percent of organizations, according to the fifth annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG).

The survey of almost 500 security professionals finds the top effects of the skills shortage include an increasing workload for the cybersecurity team (62 percent), unfilled open job vacancies (38 percent), and high burnout among staff (38 percent).

Continue reading →

Cybercrime is getting more organized than ever, as threat actors increase collaboration and adapt methods to drive greater monetization, selling access to breached systems to organized criminal groups and ransomware gangs.

The latest HP Wolf Security Threat Insights Report, reveals a 65 percent rise in the use of hacking tools downloaded from underground forums and file sharing websites between the second half of 2020 and the first half of 2021.

Continue reading →

Threats to web, mobile and API-based apps are developing rapidly and the average time taken to fix them isn't improving, with critical vulnerabilities remaining open on average for 202 days.

NTT Application Security has released its latest AppSec Stats Flash report looking at the current state of application security and the wider threat landscape. It finds the utilities sector the worst, with with 66 percent of applications in the industry having at least one serious exploitable vulnerability throughout the year.

Continue reading →

A new survey of enterprise IT security leaders shows almost 80 percent believe remote workers are at more risk from phishing attacks now because they're isolated from their organizations' security teams.

The study from Egress also reveals that more than 59 percent of respondents feel solutions such as video training (27 percent), email reminders (20 percent), and VPNs (12 percent), are sufficient by themselves to keep organizations safe from the biggest security breach fears: damage to brand and reputation, and legal jeopardy.

Continue reading →

Ransomware is a major problem and ideally while you'd like to avoid being attacked, the chances are that at some point you're going to be a target.

So, what happens following an attack and what should organizations be doing immediately afterwards to lessen the impact? We spoke to Ed Williams, EMEA director of SpiderLabs at Trustwave, to find out and to get some tips on how to proactively secure against ransomware attacks in future.

Continue reading →

As with any big-name software that is yet to be officially released, there is not only great enthusiasm about Windows 11, but also a rush to get hold of it by any means possible. While there are formal channels through which to obtain Windows 11 legitimately in order to test it out, scammers are taking advantage of the excitement surrounding the new operating system.

Security firm Kaspersky has issued a warning for anyone thinking about downloading Windows 11. The company urges caution lest users find their system infected with malware and adware, particularly in the light of a 1.75GB file that is currentlyu in circulation called 86307_windows 11 build 21996.1 x64 + activator.exe.

Continue reading →

In a recently published transparency report, Twitter has revealed figures that show a disappointing adoption of 2FA (two-factor authentication) by users.

While the number of users choosing to secure their account with 2FA is on the increase, it "remains relatively low", says Twitter. And we are talking low numbers here -- a mere 2.3 percent of the Twitter userbase is concerned enough about security to enable two-factor authentication.

Continue reading →

As enterprise boundaries have become more flexible, older authentication models of security have begun to look increasingly outmoded.

A new survey of 150 IT security decision makers carried out by ThycoticCentrify finds that 71 percent of contributors agree that a distributed workforce makes a zero trust security strategy even more critical.

Continue reading →

Local councils have faced the same pressure as commercial businesses to have people working at home during the pandemic. But a new report shows attacks on UK councils' remote workers rose by 213 percent from March 2020 compared to the previous year.

Freedom of Information (FOI) requests made by technology solutions provider Insight, show that on average councils switched 74 percent of their employees -- more than double the UK average -- to remote working during the pandemic.

Continue reading →

It is now almost three weeks since the gigantic ransomware attack that exploited a vulnerability in Kaseya VSA remote management software. The attack affected millions of devices and the group behind it, REvil, had been demanding a $70 million ransom.

There had been great concern about the fall out from the attack due to the apparent disappearance of REvil which made it impossible for anyone willing to pay the ransom to do so. Now a universal decryption key has been obtained from a "trusted third party", giving victims the chance to regain access to their data without the need to part with any money.

Continue reading →

In watching the most recent high profile, and very costly breaches, I’ve begun to ask the question "Why have we failed and what do we need to do?" We’ve failed. As I enter the twilight of my career in our industry, we haven’t gotten better -- breaches are more expensive, they’re more difficult to remediate, the economic destruction is real, and people get hurt or die as a result of cybersecurity breaches. Why? Where did we go wrong, and what do we need to do to fix it?

The first question I asked myself is, "What do we do well?" We’re an industry of incredibly talented people. Over the years, we’ve learned to collaborate and share information (which, we didn’t start off doing), and we have no shortage of tools. Our tool chest is loaded to the gills with capability. We also have boards and executives who are more cyber savvy than ever before. When I started in our industry over two decades ago, I couldn’t explain to a board what cybersecurity was with a PowerPoint presentation. Now, they’re all concerned about the issue and paying attention.

Continue reading →

A new survey of 300 cloud professionals finds that 36 percent of organizations have suffered a serious cloud security data leak or a breach in the past 12 months.

The study conducted by security and compliance automation firm Fugue and developer tools company Sonatype finds eight out of ten are worried that they're vulnerable to a major data breach related to cloud misconfiguration.

Continue reading →

A new study finds that only three percent of respondents recognize that a container, in and of itself, is not a security boundary, suggesting that the default security capabilities of containers are overestimated.

The survey, from cloud security company Aqua Security of 150 cloud native security practitioners and executives from IT, Security and DevOps teams, across sectors and geographies, also shows that only 24 percent of respondents have plans in place to deploy the necessary building blocks for runtime security.

Continue reading →

A new study from Atlas VPN shows that 51 percent of exploits sold on underground cybercriminal forums are for Microsoft products.

Microsoft Office exploits make up 23 percent while Windows accounts for 12 percent of exploits sold on hacker forums. Remote Desktop Protocol (RDP) exploits make up 10 percent, with Internet Explorer and Share Point taking three percent each.

Continue reading →