Netflix recently announced a crackdown on the sharing of account details and has introduced a paid sharing option to allow multiple users. It isn't surprising then that there's a thriving Dark Web market for streaming account details.

Research from AtlasVPN shows that account logins for popular streaming services are being sold for an average of $11.

Continue reading →

IT and security professionals spend an average of 4,300 hours annually achieving or maintaining compliance, according to a new study.

The survey, from automation platform Drata of 300 IT and security professionals in fast-growing organizations across the US, finds 87 percent of respondents have faced consequences as a result of not having continuous compliance, these include slowed sales cycles, security breaches, business interruption, loss of a business relationship, a damaged reputation, or fines.

Continue reading →

This summer, Gartner introduced Continuous Threat Exposure Management (CTEM). This is a set of processes and capabilities that allow organizations to create a system for review of exposures that is faster than the periodic project-based approach.

With endless threats and vulnerabilities hammering today's organizations, exposure management that evaluates the accessibility, exposure and exploitability of all digital and physical assets is necessary to govern and prioritize risk reduction for enterprises.

Continue reading →

A new survey of 300 organizations across the US and Europe looks at the key challenges concerning the ability to effectively prioritize and contextualize the large amounts of data organizations get from several cyber security alert systems, as well as identifying the actions needed to meet them.

The survey, conducted for Darktrace by IDC, finds evolving attack vectors make it difficult to prepare proactively, with only 31 percent of respondents highly confident that their tools can continuously adjust to new configurations.

Continue reading →

Researchers at WithSecure have uncovered a cyberattack campaign linked back to North Korea's notorious Lazarus Group.

It is extremely rare to be able to link a campaign so strongly to a perpetrator as WithSecure has been able to do here. The Hackers have been targeting medical research and energy organizations with the intent to commit espionage.

Continue reading →

A new platform from Sonatype is designed to make it easier for developer and security teams to unite and build innovative software securely.

It delivers an Application Security Testing (AST) and Software Composition Analysis (SCA) tool that offers cloud, self-hosted, and disconnected deployment options -- giving control and flexibility to its customers.

Continue reading →

We can expect to see more than 1,900 new Common Vulnerabilities and Exposures (CVEs) per month in 2023, including 270 high-severity and 155 critical-severity vulnerabilities -- a 13 percent increase from published 2022 levels.

This is according to a report from cyber insurance provider Coalition, which finds that most CVEs are exploited within 90 days of public disclosure, with the majority exploited within the first 30 days.

Continue reading →

Due to the nature of modern software design and the sharing of open source images, security teams face a large number of container vulnerabilities according to a new report.

The study from Sysdig, based on real-world data sets covering billions of containers, thousands of cloud accounts, and hundreds of thousands of applications, finds 87 percent of container images have high or critical vulnerabilities.

Continue reading →

Last year Toyota suffered a data breach due to accidentally exposing a credential allowing access to customer data in a public GitHub repository.

This type of breach could be avoided if organizations turned their focus on credentials that are exposed within SaaS applications. We spoke to Corey O'Connor, director of product at SaaS security platform DoControl, about why he believes identity security needs to go beyond just protecting the keys.

Continue reading →

A new survey of 350 IT leaders in the US and UK shows 84 percent of respondents want a large portion of their storage to remain in the cloud, and two-thirds of them want as much storage in the cloud as possible.

On average, enterprises have put 57 percent of their storage in the cloud, whilst keeping 43 percent on premises.

Continue reading →

The software supply chain is increasingly being weaponized by attackers seeking to compromise businesses and steal information.

Application security specialist Checkmarx is looking to combat this with the launch of a new product which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.

Continue reading →

Economic pressures are forcing delays and price increases on connected device makers, with 38 percent experiencing delays in bringing devices to market, while almost half (48 percent) say they have been forced to increase prices.

New research from the Qt Group -- based on a survey of 250 embedded device manufacturers in the US, UK, France and Germany, conducted by Censuswide -- finds manufacturers are adopting various techniques in order to fuel efficiencies.

Continue reading →

According to new research, 62 percent of eCommerce organizations say that real-time data collection will be at the forefront of their priorities for 2023.

The study, carried out for Oxylabs by Censuswide, surveyed over 1,000 senior data decision-makers, split between UK and US eCommerce companies. It finds that as companies begin to rely more on efficient and low-cost data collection methods such as external data gathering, used by 40.54 percent of respondents, there is a clear shift towards gaining more actionable insights.

Continue reading →

Much of our current IT infrastructure relies on DNS to safely route traffic. Securing that infrastructure is in turn heavily reliant on cryptography, but there's a threat looming on the horizon.

Quantum computing will offer a level of processing power that could render current cryptographic techniques obsolete, and that's a problem for the entire internet and networking world. We spoke to Peter Lowe, principal security researcher at DNSFilter, to discuss the possible impact of quantum computing on security and what can be done to address the threat.

Continue reading →

These days no important topic is worthy of the name if it doesn't have a day devoted to it. Today (January 28) it's the turn of data privacy -- or data protection depending on who you talk to -- to take its turn in the spotlight.

As organizations gather ever more data, concerns around how it is stored and used have grown which has led to legislators taking an interest too.

Continue reading →