An analysis of workers’ cyber knowledge gaps found that ends users last year struggled most with identifying phishing threats and protecting data throughout its lifecycle, according to a new report from Proofpoint. Titled “Beyond the Phish 2019, the report incorporated data gathered from roughly 130 million answers to questions that were posed to endpoint users…
A company’s recent analysis of credential abuse activity over a 17-month period uncovered roughly 55 billion credential stuffing attack attempts against various online services, roughly 12 billion of which targeted the gaming industry. Researchers at Akamai Technologies revealed the data in their latest State of the Internet/Security report, which specifically focuses on web attacks and…
The campaign by Russia’s Internet Research Agency to interfere with the 2016 U.S. presidential election using fake Twitter accounts was even organized than many people realize, according to a new report from Symantec Corporation. But another new report from scholars at Stanford University prescribes more than 45 policy recommendations for how the U.S. can prevent…
Social engineering attacks against C-level executives, hacks of cloud-based email servers, and compromises of payment card web apps were all notably up last year, according to the newly released 2019 Verizon Data Breach Investigations Report (DBIR). Other key takeaways from the past year included a marked decrease in successful attacks against physical point-of-sale terminals and…
The FBI’s Internet Crime Complaint Center (IC3) received nearly 352,000 complaints related to cybercrime activity that collectively was responsible for $2.7 billion in losses, according to the agency’s 2018 Internet Crime Report. The three most commonly reported internet crimes last year were non-payment/non-delivery scams (i.e. the scammer never pays for or never ships ordered merchandise),…
The WPA3 protocol and certification that was introduced last year to make Wi-Fi networks more secure was found to contain a series of vulnerabilities, including time- and cache-based side-channel flaws that could ultimately allow adversaries to recover passwords. Developed by the Wireless Security Alliance, WPA3 replaced the old standard’s Pre-Shared Key exchange with a Simultaneous Authentication…
A study of more than 1,500 hotels in 54 countries found that 67 percent of their websites leak booking reference codes to third-party partners, allowing them to potentially access guests’ booking details and personal information. Such access could even enable the third parties to cancel individuals’ reservations if they so desired, according to Symantec Principal…
The most likely person to steal IP is not an external threat, but rather the person who developed it and uses it every day, according to Forcepoint Chief Scientist Dr. Richard Ford. And this insider threat actually may be more difficult to detect because typical event-based security analytics may not always be adequately equipped to…
The hacker community reported more than 93,000 resolved security vulnerabilities last year and earned roughly $19 million in bug bounties while using HackerOne’s vulnerability disclosure platform, according to the company The $19 million figure nearly equals the total bug bounty earnings collected over the previous six years of the platform’s existence, HackerOne explains in its…
Researchers have developed proof-of-concept malware capable of compromising Building Automation Systems after discovering two critical bugs in a BAS programmable logic controller (PLC). Created by experts at ForeScout, the malware exploits both vulnerabilities in combination with several older flaws that were previously known to the public, according to a ForeScout white paper released today in…
