Security News > 2022 > February
Panorays has identified the top five most common cyber gaps among third-party organizations over 2021. Analyzing data gathered from cyber posture evaluations of tens of thousands of vendors across various industries, Panorays pinpointed compromised credentials as among the most common issues impacting supply chain security, with 44% of companies affected.
Cybersecurity incidents have risen 125% year over year and will continue to grow exponentially, putting vast amounts of organizational data at risk. To protect data, businesses will need to adapt how they approach data access security.
Humans have far greater difficulty identifying images of biometric spoofing attacks compared to computers performing the same task, according to research released by ID R&D. The research report finds that computers are more adept than people at accurately and quickly determining whether a photo is of an actual, live person versus a presentation attack. The study tested humans and machines by presenting them with the most common spoofing techniques: printed photos, videos, digital images, and 2D or 3D masks.
Executives are concerned about their ability to deliver value propositions that satisfy employees and a subsequent inability to retain and recruit talent, according to Gartner's report. Talent risks topped pandemic-related concerns, including supply chain disruptions and inflationary pressures, according to the survey of 254 senior executives across industry and geography, conducted in 4Q21. "Talent risks are particularly concerning to executives because they are being driven by multiple root causes," said Matt Shinkman, VP with the Gartner Risk and Audit Practice.
The Cloud Security Alliance released the findings of its latest survey which offers insight into companies' plans regarding cloud and security strategy, cloud services, and cloud-related technologies. "Cloud is a continuously evolving space with new services, strategies, and technologies springing up seemingly overnight. It's imperative that organizations regularly change and adapt their approach to cloud and cloud security," said Hillary Baron, lead author and research analyst, Cloud Security Alliance.
A study from Juniper Research has found that revenue for digital identity vendors will exceed $53 billion globally in 2026, doubling from $26 billion in 2021. Digital identity revenue includes third-party and civic identity apps, centralised identity schemes, and digital identity verification.
A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant "Incriminating digital evidence." Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as "ModifiedElephant," an elusive threat actor that's been operational since at least 2012, whose activity aligns sharply with Indian state interests.
Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine. After finding out what folders were added to the antivirus exclusion list, attackers could deliver and execute malware from an excluded folder on a compromised Windows system without having to fear that its malicious payload will be detected and neutralized.
French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation laws in the country, almost a month after a similar decision was reached in Austria. Of the data protection decree, which govern the transfers of personal data to third countries or international entities.
The shackles have been broken for victims of Maze/Egregor/Sekhmet ransomware: On Wednesday, decryption keys were released for all three ransomware strains in a BleepingComputer forum post. Translation: Maze team members are purportedly never going back to ransomware, and they've destroyed all of their ransomware source code.