Software supply chain security is at the top of a lot of agendas at the moment, more so since the Log4j vulnerability was discovered and since the US Executive Order on cybersecurity.

Google is seeking contributors to a new open source project called GUAC (Graph for Understanding Artifact Composition), which although in its early stages yet is poised to change how the industry understands software supply chains.

Continue reading →

The IT world is littered with acronyms and one of the latest is CNAPP, standing for Cloud Native Application Protection Platform. If you haven't heard about it already you almost certainly will do soon.

We spoke to Stanimir Markov, CEO at Runecast, about CNAPP, what it is and how it can benefit modern enterprises and their cloud environments.

Continue reading →

Although we've been told for years that their days are numbered, passwords are still a major part of our security defenses.

New research from Rapid7 looks at two of the most popular protocols used for remote administration, SSH and RDP, to get a sense of how attackers are taking advantage of weaker password management to gain access to systems.

Continue reading →

The period from July to September this year has seen 27 ransomware variants used to conduct 455 attacks according to cybercrime intelligence company Intel 471's Spot Reports and Breach Alerts.

This represents a decrease of 38 attacks from the second quarter of 2022 and 134 from the first quarter of 2022.

Continue reading →

New research from identity verification company Socure looks at patterns surrounding how fraudsters construct synthetic identities to identify factors that may assist in identifying and thwarting this kind of crime.

The study shows that criminals employing synthetic identities do their best to blend them with the overall population. So in the majority of cases, synthetic identities fell into the most common demographics and consumer traits.

Continue reading →

A new survey of 150 federal cybersecurity leaders finds that 73 percent of respondents feel a lack of foundational data protection efforts puts their agency at risk.

In addition the research, from data protection provider Zettaset, shows 77 percent say that siloed systems that lack visibility make it difficult to properly protect critical assets. It's not surprising then that 57 percent report experiencing multiple data breaches over the past two years.

Continue reading →

Incident investigations in today's environments such as the cloud, containers and serverless environments can be a challenge. In particular collecting volatile data quickly following an incident to help security teams identify root causes and respond faster.

Cado Security is launching a new new volatile artifact collector tool that allows security analysts to collect a snapshot of volatile data, adding critical context to incident investigations.

Continue reading →

There's a lot of talk about how artificial intelligence (AI) is changing the world. And it's true -- AI has already started transforming the healthcare, finance, and manufacturing industries. But there's one area where AI is causing some severe problems: fake reviews.

We spoke with Truely CEO JP Bisson about AI technology and how companies can use it to protect their interests.

Continue reading →

The trouble with mobile phones is they rely on a battery and you can almost guarantee that with today's high-res screens and power-hungry applications it never seems to be fully charged when you want it to be.

If you want to avoid waiting for a charge to complete or using your phone while tethered to a wall socket, the team at charger specialist MAGFAST has created an infographic with tips to help you ensure your phone charges faster.

Continue reading →

With more open source being consumed than ever before, attacks targeting the software supply chain have increased too, both in frequency and complexity. A new report reveals a 633 percent year on year increase in malicious attacks aimed at open source in public repositories -- this equates to a 742 percent average yearly increase in software supply chain attacks since 2019.

The latest State of the Software Supply Chain Report from Sonatype, released today at the DevOps Enterprise Summit, also finds that 96 percent of open source Java downloads with known-vulnerabilities could have been avoided because a better version was available, but was ignored.

Continue reading →

A new survey of over 300 IT professionals with responsibility for workforce identities and their security in large organizations shows that 87 percent expect passwordless solutions will become the leading approach to secure workforce identities within five years.

The study by Dimensional Research for Secret Double Octopus looks at perceptions and adoption of newer FIDO2-certified enterprise passwordless solutions, and the impact of single sign-on portal and endpoint biometric-based 'passwordless-like' experiences.

Continue reading →

More than half (53 percent) of DevOps professionals in a new study say they will consider multicloud architecture to reduce reliance on a specific cloud provider.

The survey of over 700 development professionals and leaders from Techstrong Research finds that the cloud landscape is changing as buyers increasingly put the developer experience on the same footing as core technical and performance capabilities of cloud infrastructure services.

Continue reading →

Online advertising is big business and it inevitably follows that where there's money to be made the fraudsters and cybercriminals won't be far behind.

We spoke to Jacob Loveless, CEO of eCommerce specialist Edgemesh, to find out more about why ad fraud has become such an issue and what businesses can do to combat it.

Continue reading →

The internet has changed the way that most people shop and increasingly we want to get the things we've ordered fast.

This has given rise to on-demand commerce, with deliveries supported by armies of gig workers. But it's also driven rapid technological innovation in the logistics sector. We spoke to Kashyap Deorah, founder and CEO of logistics app specialist HyperTrack, to learn more about the new the phenomenon of 'instant commerce' and what it means for both enterprises and consumers.

Continue reading →

Research from GuidePoint Security shows eight new ransomware groups have emerged in the last quarter and that there has been at least one new ransomware group each month since January 2021.

The report, from the GuidePoint Research and Intelligence Team (GRIT), tracked 27 ransomware groups and 568 publicly posted victims in the third quarter of this year and shows a slight slowdown overall of ransomware activity from the previous quarter.

Continue reading →