Research

Since 2014, the US government has suffered 822 breaches affecting nearly 175 million records. Based on the average cost per breached record (as reported by IBM each year), Comparitech estimate these breaches have cost government entities over $26 billion from 2014 to October 2022. In 2018 and 2019, the number of government breaches hit an all-time high with 116 and 118 breaches respectively. In 2020, breaches decreased to 107 before increasing again to 116 in...

Today, Comparitech released the results of its most recent study, looking at the true cost of ransomware on healthcare organisations around the world. It found that, since 2018, there have been 500 publicly-confirmed ransomware attacks; and this excludes those that may have not been disclosed at all. In total, these have crippled nearly 13,000 separate facilities and have impacted almost 49 million patient records. As such, Comparitech was able to estimate that these attacks exceed...

Obrela Security Industries recently launched their H1 2022 Digital Universe Study, which provides detailed insight into this year’s security and threat landscape. The results provide a ‘funnel’ view of real-time visibility data, and allow organisations to gain a better understanding of how threats are security are developing, and how they can better protect themselves.   To put together this report, Obrela collected and analysed 1 PBs of logs as well as 100,000 devices. In this time,...

It is a scenario anyone who works in an office can imagine all too easily; You’ve locked yourself out of your email accounts, and the myriad complexity of your own authentication systems leaves you locked out for hours at a time.  This scenario is felt even more keenly from the IT and security departments charged with managing this system of complexity, according to a new survey conducted by Axiad, who today announced the results of...

Researchers have discovered 8000 exposed Virtual Network Computing instances, which could put numerous global organisations at risk of remote compromise. As a matter of fact, the instances were managed by critical infrastructure (CNI) organisations, who are responsible for water treatment plants, manufacturing plants and research facilities. With disabled authentication, malicious actors have the ability to hijack certain endpoints and with it, the industrial control systems these may be connected to. This is because VNC is...

A recent survey has shown that 73.48% of organisations feel they have wasted the majority of their cybersecurity budget on failing to remediate threats, despite having an over-abundance of security tools at their disposal. The survey was conducted by Gurucul among 180 attendees at the 2022 RSA Conference, and asked attendees about their opinions on the biggest threats to security operations and efficiencies.    Results also suggested that only 25% of organisations consider their biggest...

https://vimeo.com/683449370/53eb067506   Armis, unified asset visibility and security company, announced the discovery of three zero-day vulnerabilities in APC Smart-UPS devices that can allow attackers to gain remote access. If exploited, these vulnerabilities, collectively known as TLStorm, allow threat actors to disable, disrupt, and even destroy APC Smart-UPS devices and attached assets, researchers have warned.   Uninterruptible power supply (UPS) devices provide emergency backup power for mission-critical assets in data centres, industrial facilities, hospitals, and more....

Salt Security released its Salt Labs State of API Security Report, Q1 2022. The bi-annual report found that 95% of surveyed organisations have experienced an API security incident in the past 12 months. The research showed that 34% of respondents - all of whom are running production APIs - lack any kind of API security strategy. This lack of defence presents significant business risk to enterprises in the form of slowed business innovation, compromised consumer...

New research from Adarma, the UK’s largest independent cyber threat management company, has discovered a major disconnect in the way organisations think and act in the face of ransomware. Adarma's nationwide ransomware study surveyed 500 C-level executives at UK businesses with over 2,000 employees and found that 58% of respondents have experienced a ransomware attack, with 94% of respondents reporting to be either concerned or very concerned about being hit by ransomware. However, the research also...

UPDATED: Researchers at Armis have discovered nine critical vulnerabilities in the Nexus Control Panel, which powers all current models of Translogic’s pneumatic tube system (PTS) stations by Swisslog Healthcare. The Translogic PTS system is a critical infrastructure for healthcare used in more than 3,000 hospitals worldwide. The system is responsible for delivering medications, blood products, and various lab samples across multiple departments of a hospital. The discovered vulnerabilities can enable an unauthenticated attacker to take...