Research

Identity management is in dire straits, according to a recently conducted survey by identity security firm One Identity. Surveying over 1,000 IT security professionals, the results showed that 96 percent of companies report using multiple identity management tools, with 41 percent deploying at least 25 different systems to manage access rights. However, 70 percent of companies reported they’re paying for identity tools they’re not actively using. This investment in multiple disparate identity tools is having...

Salt Labs, the research arm of API specialist Salt Security, has revealed it identified a pair of application programming interface (API) security vulnerabilities in Lego's BrickLink digital resale platform. The vulnerabilities have now been fixed. Boasting over a million members, BrickLink is currently experiencing its busy season as shoppers scramble to before second-hand Lego sets before Christmas. The site is the world's largest platform for buying and selling second-hand Lego sets and operates in a...

Since 2014, the US government has suffered 822 breaches affecting nearly 175 million records. Based on the average cost per breached record (as reported by IBM each year), Comparitech estimate these breaches have cost government entities over $26 billion from 2014 to October 2022. In 2018 and 2019, the number of government breaches hit an all-time high with 116 and 118 breaches respectively. In 2020, breaches decreased to 107 before increasing again to 116 in...

Today, Comparitech released the results of its most recent study, looking at the true cost of ransomware on healthcare organisations around the world. It found that, since 2018, there have been 500 publicly-confirmed ransomware attacks; and this excludes those that may have not been disclosed at all. In total, these have crippled nearly 13,000 separate facilities and have impacted almost 49 million patient records. As such, Comparitech was able to estimate that these attacks exceed...

Obrela Security Industries recently launched their H1 2022 Digital Universe Study, which provides detailed insight into this year’s security and threat landscape. The results provide a ‘funnel’ view of real-time visibility data, and allow organisations to gain a better understanding of how threats are security are developing, and how they can better protect themselves.   To put together this report, Obrela collected and analysed 1 PBs of logs as well as 100,000 devices. In this time,...

It is a scenario anyone who works in an office can imagine all too easily; You’ve locked yourself out of your email accounts, and the myriad complexity of your own authentication systems leaves you locked out for hours at a time.  This scenario is felt even more keenly from the IT and security departments charged with managing this system of complexity, according to a new survey conducted by Axiad, who today announced the results of...

Researchers have discovered 8000 exposed Virtual Network Computing instances, which could put numerous global organisations at risk of remote compromise. As a matter of fact, the instances were managed by critical infrastructure (CNI) organisations, who are responsible for water treatment plants, manufacturing plants and research facilities. With disabled authentication, malicious actors have the ability to hijack certain endpoints and with it, the industrial control systems these may be connected to. This is because VNC is...

A recent survey has shown that 73.48% of organisations feel they have wasted the majority of their cybersecurity budget on failing to remediate threats, despite having an over-abundance of security tools at their disposal. The survey was conducted by Gurucul among 180 attendees at the 2022 RSA Conference, and asked attendees about their opinions on the biggest threats to security operations and efficiencies.    Results also suggested that only 25% of organisations consider their biggest...

https://vimeo.com/683449370/53eb067506   Armis, unified asset visibility and security company, announced the discovery of three zero-day vulnerabilities in APC Smart-UPS devices that can allow attackers to gain remote access. If exploited, these vulnerabilities, collectively known as TLStorm, allow threat actors to disable, disrupt, and even destroy APC Smart-UPS devices and attached assets, researchers have warned.   Uninterruptible power supply (UPS) devices provide emergency backup power for mission-critical assets in data centres, industrial facilities, hospitals, and more....

Salt Security released its Salt Labs State of API Security Report, Q1 2022. The bi-annual report found that 95% of surveyed organisations have experienced an API security incident in the past 12 months. The research showed that 34% of respondents - all of whom are running production APIs - lack any kind of API security strategy. This lack of defence presents significant business risk to enterprises in the form of slowed business innovation, compromised consumer...