Ian Barker

Distributed Denial of Service (DDoS) attacks have become a dominant means of waging cyberwarfare linked to socio-political events such as elections, civil protests and policy disputes, according to the latest DDoS Threat Intelligence Report from NetScout.

Throughout the year, DDoS attacks have been intricately tied to social and political events, including Israel experiencing a 2,844 percent surge linked to hostage rescues and political conflicts, Georgia enduring a 1,489 percent increase during the lead-up to the passage of the 'Russia Bill', and Mexico having a 218 percent increase during national elections.

Continue reading →

As cyberattacks across sectors continue to rise, businesses face pressure to enhance their security postures amid budget restraints and operational challenges.

In the EU, the new Network and Information Security Directive (NIS2) is making it mandatory for companies in Europe -- and those doing business with Europe -- to not only invest in cybersecurity, but to prioritize it regardless of budgets and team structures.

Continue reading →

Lookalike domains, crafted to closely resemble authentic domains, enable a wide range of deceptive activities. By sending emails that appear to originate from trusted sources, attackers can effectively conduct a variety of scams from phishing and social engineering attacks to invoice fraud.

A new report from BlueVoyant looks at how cybercriminals encourage their victims to click on lookalike domains, whilst highlighting the critical need for vigilance and proactive measures to counteract these threats.

Continue reading →

Managing and securing the software supply chain end-to-end is vital for delivering trusted software releases.

But a new report from JFrog finds emerging software security threats, evolving DevOps risks and best practices, and potentially explosive security concerns in the AI era.

Continue reading →

Today -- which of course you knew already -- is World Backup Day, an idea that began in 2011 as a reminder from a group of Reddit users who had seen too many people lose their important files. They deliberately picked the day before April Fool's to get across that you’d be a fool not to backup your data.

Although it started a bit of a joke it's become a useful reminder that backups are important and figures in the industry now see it as good for raising awareness. Here’s what some of them think.

Continue reading →

No business is immune from the threat of cyberattack, but when it comes to protecting their most critical and sensitive data many feel they are inadvertently helping attackers through the leaking information.

We spoke to Paul Laudanski, director of security research at Onapsis, to learn about the most common errors and how to guard against them,

Continue reading →

As we approach the 31st March deadline for compliance with the new PCI DSS 4.0 payment security standard, new data from Cequence Security shows automated fraud is increasing with retailers facing 66.5 percent of all malicious traffic.

Using data from real transactions and attack data from Cequence's Unified API Protection (UAP) platform, the report highlights the growing attack surface cybercriminals exploit in payment infrastructure, loyalty programs, and product pricing systems.

Continue reading →

While Windows remains the most targeted operating system, Linux, once regarded as 'secure by default', has now emerged as the second-most infected OS, according to the 2024 Elastic Global Threat Report.

Linux's expanding use beyond servers has broadened its attack surface. Plus, its open-source nature, while great for developers, can also lead to mistakes and security holes. We spoke to Apu Pavithran, founder and CEO of Hexnode, to find out more about why Linux is being targeted and how it can be defended.

Continue reading →

A new report from Sift reveals an alarming democratization of cybercrime, with 34 percent of consumers seeing offers to participate in payment fraud online, an 89 percent increase over 2024.

The report details how fraudsters openly advertise and sell stolen payment information and fraud services on social media platforms and deep web forums like Telegram, significantly lowering the barrier to entry for anyone to participate in fraudulent activities.

Continue reading →

Over 70 percent of developers and quality assurance professionals responding to a new survey say their organization is currently developing AI applications and features, with 55 percent stating that chatbots and customer support tools are the main AI-powered solutions being built.

The research from Applause surveyed over 4,400 independent software developers, QA professionals and consumers explored common AI use cases, tools and challenges, as well as user experiences and preferences.

Continue reading →

We're always being encouraged to be greener in our energy usage these days and many people have turned to solar power as a means of doing their bit and reducing their bills.

But the inverter used to convert energy from solar panels to usable household electricity is usually an IoT device and could therefore be vulnerable. New research from Forescout analyzed equipment from six of the top 10 vendors of solar power systems worldwide: Huawei, Sungrow, Ginlong Solis, Growatt, GoodWe, and SMA. It has uncovered 46 new vulnerabilities across three of these inverter vendors, Sungrow, Growatt, and SMA.

Continue reading →

New research shows increasing confidence among developers at large organizations with regards to knowledge gained from security training, but they are still spending a considerable amount of time on security-related tasks.

The study from Checkmarx looks at the current practices of development teams in large enterprises as they work toward more mature states of development, security and operations (DevSecOps).

Continue reading →

Nuances in digital messaging in the workplace are driving miscommunication according to a new study by Adaptavist.

The survey of 1,000 UK knowledge workers finds 'misinterpreting tone or phrasing' comes out as the biggest communication challenge facing workers, cited by almost half (46 percent) of respondents. This is closely followed by different response time expectations (46 percent) and lack of context (31 percent).

Continue reading →

Popular cloud collaboration and file sharing platforms like Adobe, DocuSign, Dropbox, Canva, and Zoho are being misused in phishing attacks due to their widespread adoption by businesses and individuals.

Research by Cofense finds 8.8 percent of all credential phishing campaigns in 2024 used these websites. Among campaigns exploiting these online document sites 79 percent of all cases containing the domains were credential phishing attacks.

Continue reading →

A new report from Claroty finds that 89 percent of healthcare organizations have medical devices vulnerable to ransomware-linked exploits and insecure internet connectivity.

Based on analysis of more than 2.25 million Internet of Medical Things (IoMT) devices and 647,000-plus OT devices across 351 healthcare organizations, the report finds 99 percent have at least one known exploited vulnerability (KEV) in their networks, while 78 percent of hospitals have OT devices with KEVs, including building management systems, power supplies, and temperature controls.

Continue reading →