Research

Comparitech recently conducted a series of freedom-of-information requests, which found that UK government employees received an average of 2,246 malicious emails each in 2022. The results showed that, across 250 government organisations, Comparitech estimates that 2.16 million government employees received a total of 2.75 billion malicious emails in 2022. The study also found that: Government employees received an average of 2,245.88 malicious emails each in 2022 250 government organisations received an estimated 2.75 billion malicious...

Salt Security, the API security company, has released new threat research from Salt Labs highlighting several critical security flaws in Booking.com. The now remediated flaws were found in the implementation of the Open Authorization (OAuth) social-login functionality utilised by Booking.com, which had the potential to affect any users logging into the site through their Facebook accounts.   The OAuth misconfigurations could have allowed for both large-scale account takeover (ATO) on customers’ accounts and server compromise,...

Keeper Security, the provider of cloud-based zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, has released findings from its Privileged Access Management Survey: User Insights on Cost & Complexity. The report explores global insights from IT and security executives, revealing an overwhelming industry desire for Privileged Access Management (PAM) solutions that are easier to deploy and maintain. In fact,  84% of global IT leaders say they want to simplify their PAM solutions in 2023....

Identity management is in dire straits, according to a recently conducted survey by identity security firm One Identity. Surveying over 1,000 IT security professionals, the results showed that 96 percent of companies report using multiple identity management tools, with 41 percent deploying at least 25 different systems to manage access rights. However, 70 percent of companies reported they’re paying for identity tools they’re not actively using. This investment in multiple disparate identity tools is having...

Salt Labs, the research arm of API specialist Salt Security, has revealed it identified a pair of application programming interface (API) security vulnerabilities in Lego's BrickLink digital resale platform. The vulnerabilities have now been fixed. Boasting over a million members, BrickLink is currently experiencing its busy season as shoppers scramble to before second-hand Lego sets before Christmas. The site is the world's largest platform for buying and selling second-hand Lego sets and operates in a...

Since 2014, the US government has suffered 822 breaches affecting nearly 175 million records. Based on the average cost per breached record (as reported by IBM each year), Comparitech estimate these breaches have cost government entities over $26 billion from 2014 to October 2022. In 2018 and 2019, the number of government breaches hit an all-time high with 116 and 118 breaches respectively. In 2020, breaches decreased to 107 before increasing again to 116 in...

Today, Comparitech released the results of its most recent study, looking at the true cost of ransomware on healthcare organisations around the world. It found that, since 2018, there have been 500 publicly-confirmed ransomware attacks; and this excludes those that may have not been disclosed at all. In total, these have crippled nearly 13,000 separate facilities and have impacted almost 49 million patient records. As such, Comparitech was able to estimate that these attacks exceed...

Obrela Security Industries recently launched their H1 2022 Digital Universe Study, which provides detailed insight into this year’s security and threat landscape. The results provide a ‘funnel’ view of real-time visibility data, and allow organisations to gain a better understanding of how threats are security are developing, and how they can better protect themselves.   To put together this report, Obrela collected and analysed 1 PBs of logs as well as 100,000 devices. In this time,...

It is a scenario anyone who works in an office can imagine all too easily; You’ve locked yourself out of your email accounts, and the myriad complexity of your own authentication systems leaves you locked out for hours at a time.  This scenario is felt even more keenly from the IT and security departments charged with managing this system of complexity, according to a new survey conducted by Axiad, who today announced the results of...

Researchers have discovered 8000 exposed Virtual Network Computing instances, which could put numerous global organisations at risk of remote compromise. As a matter of fact, the instances were managed by critical infrastructure (CNI) organisations, who are responsible for water treatment plants, manufacturing plants and research facilities. With disabled authentication, malicious actors have the ability to hijack certain endpoints and with it, the industrial control systems these may be connected to. This is because VNC is...