Research

Research

15B credentials available on dark web; average selling price below $16

There are more than 15 billion stolen account credentials being sold or even shared for free on the dark web, with individual entries selling for an average of $15.43, a new research report states. Roughly one-third of the credentials, or about 5 billion, are unique, according to Digital Shadows, whose researchers reached these totals following…

Risk assessments reveal businesses remain deficient in security compliance, training

InfoSec World 2020 – An analysis of more than 100 risk self-assessments conducted by business organizations across a cross-section of industries revealed that over 65 percent admitted to achieving zero-to-minimal compliance of U.S. state data privacy and security regulations, including myriad breach laws and the California Consumer Privacy Act. The discouraging findings show that business…

Hacker group announces jailbreak for iOS 11 – 13.5

Users of iPhones, iPads and iPod Touches that run on iOS 11 through 13.5 can now jailbreak their devices with new downloadable software from the hacking group Unc0ver. The jailbreak is reportedly made possible thanks to a zero-day kernel vulnerability discovered by Unc0ver hacker @Pwn20wnd. [1, 2, 3] Jailbreaks are hotly anticipated events for certain tech…

Device owners demand opt-out power from COVID-19 contact tracing apps

To encourage widespread acceptance of Bluetooth-based COVID-19 contact tracing applications, developers should allow consumers to opt out of data sharing at any time, and they should also be more forthcoming about their security efforts and data usage, according to the results of a new survey. For the study, Checkmarx polled 1,500 Americans and found that…

Six need-to-know takeaways from the Verizon breach report

Phishing attacks and stolen credentials have become attackers’ most popular avenues of network compromise, and employee errors are helping pave the way according to Verizon’s newly released 2020 Data Breach Investigations Report (DBIR). Verizon researchers analyzed 157,525 known “incidents” (defined as a security event that results in the compromise of an information asset) and 3,950…

Security in 2015: Biometrics

Researchers fool devices’ biometric scanners with replicated fingerprints

Researchers at Cisco Talos said they were able to fool biometrics-based user authentication technology on eight mobile devices by using 3D-printed molds to create replicates of users’ fingerprints. The process Talos researchers developed to fabricate a user’s biometric signature required a painstaking effort, and in real life would require either direct or indirect access to…

FBI tallied 467K cybercrime complaints in 2019, totaling $3.5B in losses

The FBI’s Internet Crime Complaint Center (IC3) last year fielded 467,361 complaints related to cybercrime activity that collectively cost victims $3.5 billion in losses, according the agency’s just released 2019 Internet Crime Report. The 2019 complaint count represents a nearly 33 percent increase from the 2018 total of 351,937, and the $3.5 billion figure also…

CISOs burdened by unhealthy stress levels, survey study finds

In a recent survey of 400 U.S.- and UK-based chief information security officers, an overwhelming number, 88 percent, said they find themselves under a moderate or high amount of job-related stress. Moreover, 48 percent admitted that the stress has affected their mental health, while 31 percent said their job performance has suffered, according to .uk…

Billie Eilish sweeps Grammys, but Taylor Swift leads with most malware files

Being nominated for a Grammy doesn’t not raise your Q-rating; it also, apparently, increases the likelihood that cybercriminals will appropriate your name or song tracks to trick targets into opening malicious files. Researchers at Kaspersky looked at 14 musical artists who were nominated this year for a major Grammy award and determined that in 2019…

Imaginative attack scenarios elicit intrigue at NYU’s CSAW cyber event

Using AI to create artificial fingerprints that can unlock strangers’ phones… abusing electric vehicle charging stations to overwhelm the power grid… exploiting 3D printer technology to execute an all-new form of supply chain attack… These may have once sounded like far-flung ideas, but top cyber minds at New York University have been actively exploring such…

Next post in Research