Buying software used to be relatively simple. You either paid a one-off fee, or an ongoing license, or sometimes a combination of both.

With the advent of cloud and SaaS, however, things have become rather more complicated. Usage based pricing is more common, plus in a difficult economic climate there's a spotlight on software costs.

Continue reading →

Cybersecurity is usually viewed as something to be addressed via software. In recent years though we've seen a hardware element start to creep in -- Windows 11's requirement for TPM capability for example.

Can we expect to see more hardware-based security measures? And what benefits do these offer? We spoke to Ed Maste, senior director of technology at the FreeBSD Foundation (the non-profit organization supporting the open source FreeBSD operating system) to find out.

Continue reading →

With 70 percent of government workers reporting that they work virtually at least some of the time, a new survey shows some worrying trends.

The report from Ivanti finds five percent of government workers have fallen victim to a phishing attempt. However, 34 percent don't believe their actions impact their organization's ability to stay safe.

Continue reading →

The threat of business email compromise (BEC) is growing year on year and is projected to be twice as high as the threat of phishing in general.

According to a new report from cloud email security platform IRONSCALES, over 93 percent of organizations have experienced one or more of the BEC attack variants in the previous 12 months, with 62 percent facing three or more attack variants.

Continue reading →

Secrets are not just login credentials and personal data; they securely hold together the components of the modern software supply chain, from code to the cloud. And because of the leverage they provide they are much sought-after by hackers.

However, many breaches that occurred in 2022 show how inadequate the protection of secrets is. Research from automated detection specialist GitGuardian finds that one in 10 code authors exposed a secret in 2022.

Continue reading →

Much of our modern communication relies on satellites, but the data sent between them and ground stations is vulnerable to theft, leaving satellite communications even more accessible than typical internet communications.

Post-quantum cybersecurity company QuSecure has announced that it's achieved an end-to-end quantum-resilient cryptographic communications satellite link.

Continue reading →

Password service 1Password is launching a new service that will allow enterprise customers to unlock their 1Password accounts using third-party identity services.

Unlock with Single Sign-On (SSO) automatically provisions and deprovisions employees, with streamlined deployment through the bridge connection for the 1Password SCIM (System for Cross-domain Identity Management).

Continue reading →

The UK's new Data Protection and Digital Information Bill is set to reduce costs and burdens for British businesses and charities, and remove barriers to international trade.

We know from when it was first brought before parliament last summer that it will also cut the number of repetitive data collection and cookie pop-ups online.

Continue reading →

This year marks the first time in more than a decade that managing cloud spend has overtaken security as the top challenge facing organizations, according to the latest State of the Cloud report from Flexera.

The report is based on responses of 750 respondents from a survey conducted in late 2022 and finds optimizing existing use of the cloud (cost savings) is the top initiative (reported by 62 percent of all respondents).

Continue reading →

A new study from Specops Software finds that 88 percent of passwords used in successful attacks consisted of 12 characters or less, with the most common being just eight characters (24 percent).

The research, largely compiled through analysis of 800 million breached passwords, finds the most common base terms used in passwords are depressingly familiar: 'password', 'admin', 'welcome' and 'p@ssw0rd'.

Continue reading →

Switching to the cloud has left organizations in heavily regulated industries like healthcare and financial services with a greater attack surface, according to a new report.

Research published today by Blancco Technology Group, based on responses from 1,800 IT professionals in healthcare and finance, shows 65 percent of respondents say that the switch has also increased the volume of redundant, obsolete or trivial (ROT) data they collect.

Continue reading →

It's become common for businesses to use more than one cloud, however, service providers have no incentive to offer unified management tools as they want to keep customers for themselves.

This means enterprises end up relying on multiple tools as their cloud footprint expands which is not only inefficient but can be costly. We spoke to Rod Stuhlmuller, VP of solutions marketing at Aviatrix, to find out how organizations can monitor and control their cloud usage and costs at a time when budgets are coming under increased pressure.

Continue reading →

As developers increasingly rely on open source components in their projects, knowing which have been used is a key part of being able to identify updates and potential threats. This is where a software bill of materials (SBOM) is essential.

Application security testing and software research services company GrammaTech is launching a no cost SBOM service, alongside a new version of its CodeSentry software composition analysis (SCA) tool.

Continue reading →

Threat protection company Vade has released its latest Phishers' Favorites report for 2022 which finds that financial services is the most impersonated industry, accounting for 34 percent of phishing pages as attackers continue to follow the money.

There are also seven finance brands in the top 20, with PayPal, MTB, Crédit Agricole, and La Banaque Postale all securing a spot in the top 10.

Continue reading →

The latest Annual Trends Report from Jamf, based on a sample of 500,000 devices protected by the company's technology, looks at the threats impacting devices used in the modern workplace and finds social engineering tops the list.

The combination of an increasingly distributed workforce with the relative ease with which bad actors can carry out phishing campaigns, leads to the leakage of user credentials. In 2022, 31 percent of organizations had at least one user fall victim to a phishing attack.

Continue reading →