02 Aug 2019

Organizations At Risk for Data Breaches: System Vulnerabilities Increase by 92 Percent

Bugcrowd has released a new study on the current state of crowdsourced security. The report cites a 92% surge in the total number of vulnerabilities that were reported by bug bounty researchers last year, compared to the previous report. Researchers are not only finding more flaws, but they are also

Read More
31 Jul 2019

53% of enterprises have no idea if their security tools are working

A new report by AttackIQ shows that a majority of organizations (53%) are not sure to what extend the security tools they use actually work, and an ever bigger number of firms (63%) have noticed security tools falsely reporting that they stopped an attack. While most firms plan to increase security

Read More
31 Jul 2019

95% of Pen Test Problems Can Be Easily Resolved

New statistics gathered by Lares show that the most common security issues found by ethical hackers as part of penetrating testing engagements are: Brute forcing accounts with weak and guessable passwords Kerberoasting Excessive file system permissions WannaCry/EternalBlue Windows Management Instrumentation (WMI) lateral movement According to Lares founder Chris Nickerson, penetration

Read More
25 Jul 2019

Most SMBs have not identified and documented cybersecurity threats

A new ConnectWise report highlights major shortcomings in the cybersecurity strategies of small and mid-sized businesses (SMBs). The vast majority of SMBs have not identified and documented cybersecurity threats (69%) nor vulnerabilities (66%), which means that they have no clue about the weak links in their defenses and no way

Read More
24 Jul 2019

Windows zero-days don’t usually work against the latest OS version

New figures released by Microsoft underscore the importance of updating to the latest operation system, since the stats show that the majority of Windows zero-day vulnerabilities cannot be used to attack the latest Windows versions. Since 2015, 38.2% of zero-days could be exploited on the latest OS versions, while the

Read More
23 Jul 2019

Your business hit by a data breach? Expect a bill of $3.92 million

Data breaches have gotten 12% more costly over the past five years, and the average data breach now leads to $3.92 million in losses for the affected organization, a new report by IBM shows. While the costs for smaller firms tend be lower, companies with fewer than 500 people on

Read More
23 Jul 2019

ProFTPD Remote Code Execution Bug Exposes Over 1 Million Servers

A security researcher has uncovered a critical security vulnerability in the ProFTPD service that puts over a million servers at risk of remote code execution and information disclosure attacks. Even though the flaw was disclosed to ProFTP in September of last year, there is still no patch available. However, the

Read More
19 Jul 2019

Why 72% of people still recycle passwords

A new Security.org report underscores how poor the password practices of many people still are. The survey found that the vast majority (72%) of users reuse passwords. On average, recycled passwords are used for 4 different accounts. Password recycling is a terrible practice because it puts users at risk of

Read More
18 Jul 2019

Why 70% of healthcare orgs have suffered data breaches

Seven out of ten US healthcare organizations have experienced a data breach at some point, and one in three have suffered a breach in the past year, a new report by Thales shows. All healthcare firms in the survey indicated that they use digital transformation technologies to collect, store and

Read More
18 Jul 2019

75% of Security Awareness Pros Are Part Time

A new SANS report provides insight into company efforts to increase the security awareness and skills of employees. The study found that only 4.3% of organizations still don’t have a security awareness program, which is a slight improvement compared to two years ago when the number was 7.6%. However, SANS

Read More