Keys, tokens and too much trust found in container images
We are all aware of the risks introduced by good old third party code. Where would we be without it? Apparently not very far. It is estimated that between 30 to 70 percent of …
research
Fake news services and tools proliferate on online markets
Fake news is not a new concept, but the Internet – and social media and networks in particular – have made it infinitely easier for it to spread and reach its …
Could an independent NGO solve the problem of cyber attack attribution?
Cyber attack attribution is a necessary prerequisite for holding actors accountable for malicious cyber activity, but is notoriously difficult to achieve. Perhaps it’s …
Email-borne threats: Watch your inbox closely on Thursdays
Malicious email attachment message volume spikes more than 38% on Thursdays over the average weekday volume. Ransomware attackers in particular favor sending malicious …
Foscam IP cameras riddled with gaping security holes
F-Secure researchers have discovered a bucketload of serious security vulnerabilities affecting IP cameras made by Chinese manufacturer Foscam. Even though notified months …
UK ICO offers grants for practical privacy research
The UK Information Commissioner’s Office (ICO) has launched a Grants Programme to promote and support independent, innovative research and solutions focused on privacy and …
Attack rates are increasing across the board
Finance and technology are the sectors most resilient to cyber intrusions, new research from Vectra Networks has found. The company released the results of its Post-Intrusion …
Websites built by freelance developers are plagued with security failures
Websites developed by “budget” developers, without portfolios or references, tend to be plagued with critical security failures, research has shown. For this project, the …
For timely vulnerability information, unofficial sources are a better bet
From over 12,500 disclosed Common Vulnerabilities and Exposures (CVEs), more than 75% were publicly reported online before they were published to the NIST’s centralized …
Dark web fraud guides reveal potential threats to orgs
An in-depth look at content from more than 1,000 fraud guides available for sale on the dark web revealed that the majority of these guides are useless. Still, as many as 20 …
What’s really stopping users from adopting secure communication tools?
“Users’ goal to communicate with others overrides everything else, including security,” a group of researchers has concluded after interviewing sixty individuals …
Attacks within the Dark Web
For six months, Trend Micro researchers operated a honeypot setup simulating several underground services on the Dark Web. The goal of their research was to see if those …