New research from Bitdefender shows that 84 percent of high severity attacks are using Living off the Land (LOTL) techniques, exploiting legitimate tools used by administrators.

One of the findings is that the netsh.exe tool -- used for network configuration -- management is the most frequently abused tool, appearing in a third of major attacks. While checking firewall configurations is a logical initial step for attackers, this clearly demonstrates how data analysis can spotlight trends that human operators might instinctively disregard.

Continue reading →

A new report from Abnormal AI shows that employees in large enterprises engage with malicious vendor messages 72 percent of the time.

Drawing on behavioral data from over 1,400 organizations worldwide, the report reveals the extent to which employees are actively engaging with advanced text-based threats like vendor email compromise (VEC) and explores the blind spots attackers are exploiting with highly targeted, socially engineered attacks.

Continue reading →

In today's interconnected world, the IT service desk often serves as the invisible backbone of any successful organization, from troubleshooting minor glitches to resolving critical system outages.

But beneath this seemingly straightforward function lies a complex web of challenges that can significantly impact efficiency, user satisfaction, and ultimately, an organization's bottom line.

Continue reading →

As data demands across organizations intensify they need to scale productivity and enable business users to explore data independently.

Cube is launching an agentic AI analytics platform built on a universal semantic layer which allows it to operate autonomously within enterprise frameworks, automating work while preserving trust, governance, and transparency.

Continue reading →

New research from Barracuda Networks finds 65 percent of IT and security professionals say their organizations are juggling too many security tools.

What's more, over half (53 percent) of respondents also say their security tools cannot be integrated -- creating fragmented environments that are difficult to manage and secure.

Continue reading →

As businesses continue to generate and rely on vast amounts of data, the traditional approach to managing that data is no longer sufficient.

Enter the concept of a data mesh -- a decentralized, domain-driven approach to data architecture that promises to transform how organizations handle and leverage their data. But the question remains: should a business create a data mesh? What value does it add, and what challenges does it help solve?

Continue reading →

New research reveals a surge in interest in data sovereignty among UK IT leaders since the implementation of the United States government's historic raft of tariffs in April.

The study from Civo, of over 1,000 UK-based IT leaders, shows more than 60 percent now feel that the UK government’s use of US cloud services exposes the country's digital economy to significant risks, damages its domestic industry, and threatens data security.

Continue reading →

The technology world is a fast moving one and keeping up with the latest trends can be difficult. Yet it's also essential if you're not to lose competitive edge or get caught out by new risks.

We spoke to Myke Lyons, CISO of data infrastructure company Cribl, to discuss what the priorities for cyber leaders should be and what things are likely to keep them awake at night.

Continue reading →

While the average total compensation for CISOs at large enterprises is $700K, those at $20B+ firms average $1.1M, with top earners exceeding $1.3M. These people are often managing $100M+ security budgets and teams of over 200 staff.

A new report from IANS Research along with Artico Search looks at data from more than 860 CISOs, including 406 at enterprises with $1B+ in annual revenue.

Continue reading →

New research from EasyDMARC reveals that just 7.7 percent of the world's top 1.8 million email domains are fully protected against phishing and spoofing, having implemented the most stringent DMARC policy.

While this configuration, known as 'p=reject', actively blocks malicious emails from reaching inboxes, many businesses have only adopted the passive monitoring setting known as 'p=none', which passively monitors inboxes for threats without intercepting them. This means it doesn't block fraudulent emails or provide full visibility into authentication failures.

Continue reading →

New research finds that 32 percent of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations. 68 percent are more realistic, noting they feel uncertain about achieving this near-impossible outcome.

The study from Lineaje, carried out among RSA attendees, also shows that while software bill of material (SBOM) regulations and guidelines continue to increase, organizations vary in their level of adoption.

Continue reading →

Not all browser extensions are created equal, and just because one is available in a high-profile store doesn't mean it's safe. Stores may do simple verifications to check for obvious red flags, but it's not part of their workflow to investigate deeper indicators of suspicious or malicious behavior.

ExtensionPedia, a new database developed by LayerX, changes that by providing individuals and businesses with detailed risk analyses on over 200,000 extensions to distinguish between safe, risky and malicious tools.

Continue reading →

According to recent projections from Gartner, by 2028 90 percent of enterprise software engineers will use AI code assistants, up from less than 14 percent in early 2024. But relying on AI in development roles also introduces risks.

Snyk is launching a new AI-native agentic platform specifically built to secure and govern software development in the AI Era.

Continue reading →

The promise of GenAI is undeniable, it offers transformative potential to streamline workflows, boost efficiencies, and deliver competitive advantage. Yet, for many organizations, the journey to implement AI is far from straightforward.

Obstacles typically fall into three categories: strategic, technological, and operational. We spoke with Dorian Selz, CEO and co-founder of Squirro, to explore these obstacles in more detail, as well as looking at some of the biggest misconceptions enterprises have when starting their GenAI journey.

Continue reading →

A new report from Orchid Security shows nearly half of enterprise applications violate basic credential-handling guidance, with 44 percent undermining centralized identity provider (IdP) policies and 40 percent falling short of widely accepted identity-control standards.

Orchid analyzed authentication flows and authorization practices embedded deep within enterprise applications and finds clear-text credentials in nearly half. These are normally associated with alternative access flows, often for non-human accounts, but they also present an easy target for threat actors seeking entry or lateral movement.

Continue reading →