Security

The number of reported breaches of organizations' data has been growing hyperbolically over the past few years, based on data in Verizon's 2016 Data Breach Investigations Report (DBIR). And a major reason for that is that many organizations are still doing security like they were decades ago. The leading cause of reported data breaches, as documented by Verizon, is "miscellaneous errors"—mistakes made by employees—that open the door to attackers.

You may want to change your Spotify password now.

A list of hundreds of Spotify usernames, passwords, account types, and other details showed up on Pastebin.com, a text-sharing site, on April 23.

The data is specific to Spotify, and TechCrunch verified that it could, in fact, log into a few of the compromised accounts. While the first possible explanation that came to our minds was "hack", Spotify denied such a data breach occurred.

With the connected world of the Internet of Things (IoT) on the rise, and expected to be an increasing focus for malware attacks in enterprises, Gartner believes worldwide spending on IoT security will reach $348 million in 2016, up 24% over 2015 spending, according to an April 25 report.

Over the next few years, IoT security spending will initially be "moderate," according to Gartner, and will rise to $547.2 million in 2018. Then it will gain real momentum after 2020, "as improved skills, organizational change and more scalable service options improve execution."

A newly identified Windows 10 security flaw lets hackers install malicious apps on any machine, without business owners being made aware anything out of the ordinary is happening. The issue lets anyone familiar with Windows security bypass its defenses without leaving any trace on the machine.

Discovered accidentally, the issue is significant, and Microsoft is yet to issue a patch.

Cybercriminals are way ahead of the game against defenders without having to try anything new, according to the latest edition of Verizon's benchmark survey of security breaches.

The study shows that miscreants have no need to switch up, because the same old tactics are still working fine. Security defenders are still performing poorly in their attempts to defend against hacking or malware-based attacks. This isn't for a lack of trying or skills on their part, but almost completely down to the fact that the game is rigged against them.

Eighty-nine percent of the data breaches tracked by Verizon were either financially or espionage motivated and conducted within minutes courtesy of phishing and stolen credentials.

Those are some of the key takeaways from Verizon's 2016 Data Breach Investigations Report (DBIR), which analyzed 100,000 incidents of which 3,141 were confirmed data breaches.

BeautifulPeople.com, you may remember, is a dating site that allows members to vote on hopeful enlistees based on their looks, ensuring that people who belong meet certain standards of both attractiveness and shallowness. It bills itself as “a dating site where existing members hold the key to the door.” Turns out, the site maybe should have put them in charge of server security, as well. The personal data of 1.1 million members is currently for sale on the black market, after hackers took it from an insecure database.

But the same security mistakes appear to be helping hackers steal data from cloud-based systems time and time again.

And it’s against that gloomy backdrop that a new report by the Cloud Security Alliance, “Identity Solutions: Security Beyond the Perimeter”, makes a worthwhile read.

The US has introduced a new tactic in its war against the Islamic State.

The Department of Defense's Cyber Command unit is mounting cyberattacks against the terrorist organization, the New York Times reported Sunday.

Cyberattacks are getting smarter and stealthier as criminals and nation states use a combination of complex techniques to evade detection. The accepted reality now is that traditional protection techniques that rely on static signatures – such as Anti-Virus (AV) – or take a narrow view and ignore vectors like fileless based attacks, are simply no match for today’s threat landscape. So where does this leave organisations trying to protect against new, ever evolving variants of malware or exploits?