Research | SC Media

Research

What is workforce’s biggest cyber knowledge gap? ID’ing phishing threats, says study

An analysis of workers’ cyber knowledge gaps found that ends users last year struggled most with identifying phishing threats and protecting data throughout its lifecycle, according to a new report from Proofpoint. Titled “Beyond the Phish 2019, the report incorporated data gathered from roughly 130 million answers to questions that were posed to endpoint users…

Cyber gangs battle to take down Xbox and PlayStation gaming networks for Christmas.

Gaming industry has become popular target of credential stuffing attacks: study

A company’s recent analysis of credential abuse activity over a 17-month period uncovered roughly 55 billion credential stuffing attack attempts against various online services, roughly 12 billion of which targeted the gaming industry. Researchers at Akamai Technologies revealed the data in their latest State of the Internet/Security report, which specifically focuses on web attacks and…

Russia’s 2016 election interference was highly organized, but fixes for 2020 are possible: reports

The campaign by Russia’s Internet Research Agency to interfere with the 2016 U.S. presidential election using fake Twitter accounts was even organized than many people realize, according to a new report from Symantec Corporation. But another new report from scholars at Stanford University prescribes more than 45 policy recommendations for how the U.S. can prevent…

Facebook took action against 2.19B fake accounts in first three months of 2019

The newly released third edition of Facebook’s Community Standards Enforcement report found that five percent of monthly active accounts registered on the social media website between October 2017 and March 2019 were fake. This represents a one-to-two percentage point increase in fake account “prevalence” since the second edition of the transparency report was published last…

Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018

Social engineering attacks against C-level executives, hacks of cloud-based email servers, and compromises of payment card web apps were all notably up last year, according to the newly released 2019 Verizon Data Breach Investigations Report (DBIR). Other key takeaways from the past year included a marked decrease in successful attacks against physical point-of-sale terminals and…

FBI fielded roughly $2.7 billion worth of Internet crime complaints in 2018

The FBI’s Internet Crime Complaint Center (IC3) received nearly 352,000 complaints related to cybercrime activity that collectively was responsible for $2.7 billion in losses, according to the agency’s 2018 Internet Crime Report. The three most commonly reported internet crimes last year were non-payment/non-delivery scams (i.e. the scammer never pays for or never ships ordered merchandise),…

‘Dragonblood’ flaws in WPA3 protocol could help adversaries recover passwords

The WPA3 protocol and certification that was introduced last year to make Wi-Fi networks more secure was found to contain a series of vulnerabilities, including time- and cache-based side-channel flaws that could ultimately allow adversaries to recover passwords. Developed by the Wireless Security Alliance, WPA3 replaced the old standard’s Pre-Shared Key exchange with a Simultaneous Authentication…

hotel

Study: 67 percent of hotel websites grant third parties access to personal booking data, reservations

A study of more than 1,500 hotels in 54 countries found that 67 percent of their websites leak booking reference codes to third-party partners, allowing them to potentially access guests’ booking details and personal information. Such access could even enable the third parties to cancel individuals’ reservations if they so desired, according to Symantec Principal…

Can event-based analytics spot IP developers stealing their own assets?

The most likely person to steal IP is not an external threat, but rather the person who developed it and uses it every day, according to Forcepoint Chief Scientist Dr. Richard Ford. And this insider threat actually may be more difficult to detect because typical event-based security analytics may not always be adequately equipped to…

Report: Bug bounty reward totals soared in 2018

The hacker community reported more than 93,000 resolved security vulnerabilities last year and earned roughly $19 million in bug bounties while using HackerOne’s vulnerability disclosure platform, according to the company The $19 million figure nearly equals the total bug bounty earnings collected over the previous six years of the platform’s existence, HackerOne explains in its…

Next post in Security News