Businesses struggle with data security practices
43% of C-suite executives and 12% of small business owners (SBOs) have experienced a data breach, according to Shred-it. While businesses are getting better at protecting their customers’ personal and sensitive information, their focus on security training and protocols has declined in the last year. This decline could pose issues for businesses, as 83% of…
Machine identity related cyberattacks grew by 433% between 2018 and 2019
The machine identity attack surface is exploding, with a rapid increase in all types of machine identity-related security events in 2018 and 2019, according to Venafi. For example, the number of reported machine identity-related cyberattacks grew by over 400% during this two-year period. “We have seen machine use skyrocket in organizations over the last five…
Global adoption of data and privacy programs still maturing
The importance of privacy and data protection is a critical issue for organizations as it transcends beyond legal departments to the forefront of an organization’s strategic priorities. A FairWarning research, based on survey results from more than 550 global privacy and data protection, IT, and compliance professionals outlines the characteristics and behaviors of advanced privacy…
One-fifth of organizations did not make cybersecurity a priority during the pandemic
56% of IT and OT security professionals at industrial enterprises have seen an increase in cybersecurity threats since the start of the COVID-19 pandemic in March, a Claroty research reveals. Additionally, 70% have seen cybercriminals using new tactics to target their organizations in this timeframe. The report is based on a global, independent survey of…
Permanent remote work puts greater pressure on IT teams
82% of IT leaders think their company is at a greater risk of phishing attacks, and 78% believe they are at a greater risk of an insider attack, when employees are working from home, according to a report from Tessian. The research addresses the IT and security challenges companies must overcome to deliver a safe…
High volumes of attacks keep targeting video game companies and players
High volumes of attacks were used to target video game companies and players between 2018 and 2020, an Akamai report reveals. It also notes an uptick in attack traffic that correlates with COVID-19-related lockdowns. In addition, the report examines motivations driving the attacks and steps gamers can take to help protect their personal information, accounts,…
Bit-and-piece DDoS attacks increased 570% in Q2 2020
Attackers shifted tactics in Q2 2020, with a 570% increase in bit-and-piece DDoS attacks compared to the same period last year, according to Nexusguard. Perpetrators used bit-and-piece attacks to launch various amplification and elaborate UDP-based attacks to flood target networks with traffic. Analysts witnessed attacks using much smaller sizes—more than 51% of bit-and-piece attacks were…
A look at the top threats inside malicious emails
Web-phishing targeting various online services almost doubled during the COVID-19 pandemic: it accounted for 46 percent of the total number of fake web pages, Group-IB reveals. Ransomware, the headliner of the previous half-year, walked off stage: only 1 percent of emails analyzed contained this kind of malware. Every third email, meanwhile, contained spyware, which is…
Information Disclosure, XSS Vulnerabilities Patched in Drupal
The most serious of the flaws is CVE-2020-13668, a critical XSS issue affecting Drupal 8 and 9. It’s worth noting that Drupal uses the NIST Common Misuse Scoring System to determine security risk levels and critical is the second highest level, after highly critical. The issue is a reflected XSS and exploitation is only possible…
Attacks growing in both scope and sophistication, exposing gaps in the cloud native toolchain
There’s a growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure, according to Aqua Security. While most attacks were aimed at abusing public cloud compute resources for cryptocurrency mining, the methods used open the door for higher-value targets that leverage security gaps in container software supply chains and runtime environments. The report…