According to a new Skybox Security study, risk-based strategies are the most effective in preventing security breaches. Of the companies taking a risk-based approach, 48 percent suffered no breaches, and 50 percent are top performers in TTM (Time To…

Security researchers at Digital Shadows have discovered that ransomware activity rose by a fifth in the last quarter.  The researchers monitored almost 90 data leak sites on the dark web and observed ransomware groups named 705 victims in Q2 2022,…

Security researchers found that most critical services companies are struggling to secure their industrial internet of things (IIoT)/operational technology (OT) systems and acknowledge the need to invest more heavily in these areas.  The researchers…

Security researchers at Panaseer discovered that cyber insurance companies are looking for new ways to assess risk as they grow increasingly wary of rising claims.  The researchers surveyed 400 global insurers, CISOs, and risk experts to conduct the…

Security researchers at Sophos have discovered that ransomware attacks on educational institutions have risen substantially in the last year.  The researchers surveyed 5600 respondents across 31 countries.  The survey covered 730 educational…

According to Ukraine's top cyber defense agency, five months after Russia's invasion, Ukraine continues to see significant increases in cyberattacks targeting state systems and infrastructure as a result of the war. A new report released by Ukraine's…

Biometrics are increasingly being used for secure access management. However, according to an RSA session presented by Mike Serra, product counsel with Cisco Systems, and Stephen Wu, shareholder with the Silicon Valley Law Group, as more organizations…

Mike Fong, CEO of Privoro, stated that how each side collects the adversary's smartphone location data and shields their own could mean the difference between victory and defeat.  For soldiers on the battlefield, the act of turning on one's…

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has updated its list of actively exploited bugs to include a vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS). This high severity security…

New data shows that half of untrained users in the consulting, energy, and healthcare industries fall victim to phishing attacks. According to data gathered from the clients of the security awareness training provider KnowBe4, 32.4 percent of users will…

Lenovo has released fixes to address three security flaws discovered in its UEFI firmware, which affects over 70 product models. According to the Slovak cybersecurity firm ESET, the vulnerabilities can be exploited to achieve arbitrary code execution in…

Microsoft researchers discovered a massive phishing campaign that can steal credentials even if a user has enabled multi-factor authentication (MFA). The campaign has attempted to compromise more than 10,000 organizations. It has been running since…