Global cybersecurity leaders may not be practicing what they preach after new research revealed that many are engaging in risky behavior online. Constella Intelligence polled over 100 global IT security bosses across multiple verticals to compile its latest report, Cyber Risk in Today’s Hyperconnected World. It revealed widespread poor security practice: a quarter (24%) admitted to using the same passwords across work and personal use and nearly half (45%) connect to public Wi-Fi without using…

There were 193 billion credential stuffing attempts during 2020 as cyber-criminals looked to capitalize on surging numbers of online users, according to Akamai. The security vendor’s latest 2021 State of the Internet / Security report revealed the sheer scale of attempts to crack open users’ accounts using previously breached credentials. Focusing mainly on the financial sector, the report claimed that Akamai detected 3.4 billion credential stuffing attempts targeting the vertical — a 45% increase on…

Misconfiguration of back-end cloud services by more than 20 mobile app developers may have exposed the personal data of over 100 million Android users, according to researchers. A team at Check Point investigated 23 Android applications in a new piece of research, and found users’ emails, chat messages, location, passwords and photos all exposed by poor security practices. There were three main issues. First, misconfiguration of the real-time databases that developers use to store data…

MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques and Common Knowledge. It’s a curated knowledge base of adversarial behavior based on real-world observation of APT campaigns. The original impetus for the project was to answer the question, “How are we doing at detecting documented adversary behavior?” MITRE ATT&CK v1 was released in 2015, and since then, it has seen rapid growth and adoption across multiple domains such as risk management, threat intelligence, incident response and…

As has long been the tradition at the annual RSA Conference, the final panel event is the Top 5 Most Dangerous New Attack Techniques session, and the virtual 2021 edition of the conference was no exception. Ed Skoudis, fellow and director at SANS Institute, identified undermining software integrity as one of the biggest attack vectors that he is seeing today. Software integrity includes supply chain security for all the embedded libraries and components that make…

There are a number of common executive cybersecurity roles today, including chief security officer (CSO) and chief information security officer (CISO), and now it’s time to add one more – the chief product security officer (CPSO). In a session on May 20 at the 2021 RSA Conference, Chris Wysopal, founder and CTO at Veracode, and Joshua Corman, chief strategist for the healthcare sector at CISA, outlined why it’s time for organizations to have a chief product…