Ransomware has hit the headlines in recent months with attacks on infrastructure and supply chains closing down operations. But ransomware has the potential to be even more devastating if it’s spread via Active Directory, as demonstrated by the SolarWinds attack.

We talked to Derek Melber, chief technology and security strategist of Tenable to find out more about AD attacks and how to combat them.

Continue reading →

According to a new report, in mid-sized to large enterprises 50 percent of the software applications being developed are cloud based and another 30 percent are expected to migrate to the cloud within the next two years.

83 percent of respondents state that cloud-based development and deployment is a top IT priority in 2021 for applications their company develops and deploys.

Continue reading →

Although people are sometimes seen as a weak link in information security, a new report from F-Secure shows that a third of emails that employees report as suspicious are actually phishing.

The finding comes from an analysis of emails reported by employees from organizations around the world, using F-Secure's mail reporting plugin for Office 365, during the first half of 2021.

Continue reading →

A recent IBM report showed that over 90 percent of organizations are planning to implement edge computing strategies within the next five years.

Now 5G security company Exium is collaborating with Big Blue to help clients adopt an edge computing strategy designed to enable them to run AI or IoT applications seamlessly across hybrid cloud environments.

Continue reading →

Creating the code for an Android app is only part of the job, you also need to consider mobile app management and mobile device virtualization as well as testing.

To help with this process Canonical is launching its Anbox Cloud Appliance on the AWS Marketplace from today. A small-scale version of Canonical's Anbox Cloud, developers can use it for rapid prototyping of Android-in-the-Cloud solutions.

Continue reading →

Many enterprises have adopted DevOps practices in order to streamline their development. But security is all too often treated as an afterthought.

There is of course a way around this which is to integrate security into the DevOps pipeline, in other words move to DevSecOps.

Continue reading →

Infecting office files has been a popular malware technique for some time but is still popular among cybercriminals as it allows them to evade many detection solutions. New research from AtlasVPN reveals that 43 percent of all malware downloads in the second quarter of this year were malicious office documents.

This is an increase from the same period in 2020 when only 14 percent of malware came in office files. In the third quarter of last year the volume jumped to 38 percent before declining to 34 percent in Q4 2020 and Q1 2021.

Continue reading →

More and more businesses are moving to a hybrid work model. But while this approach can offer improved value along with the tools to drive the business forward, it can also present a number of challenges.

So what does it take to succeed with a hybrid approach? We spoke to Cisco Webex's Lorrissa Horton to find out.

Continue reading →

Researchers at CyberNews have uncovered security flaws within the default firmware and the web interface app of the TP-Link AC1200 Archer C50 (v6) router.

The router -- an 'Amazon's Choice' product -- is shipped with outdated firmware that is vulnerable to dozens of known security flaws and could put users at risk of man-in-the-middle and Denial of Service attacks.

Continue reading →

Even in the age of the cloud, USB drives are still commonly used to exchange information between office and home computers, but they're used by hackers as a way to infiltrate systems too.

Researchers at the UK's Liverpool Hope University have developed a new scanning device that can counter the threat posed by USB devices.

Continue reading →

Researchers at SophosLabs have uncovered malware being distributed by a network of websites acting as a 'dropper as a service', serving up a variety of other nasty packages.

These droppers for hire are delivering bundles of malicious and unwanted content to targets looking for cracked versions of popular business and consumer applications.

Continue reading →

A new survey of over 1,200 IT and IT security practitioners shows that 53 percent of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent for attacks.

Released in conjunction with the start of National Insider Threat Awareness Month, the report, conducted by the Ponemon Institute with sponsorship from DTEX Systems finds almost half of companies find it impossible or very difficult to prevent an insider attack at the earliest stages.

Continue reading →

Industrial businesses were the second most targeted sector in 2020 and new research from Positive Technologies shows that an external attacker could penetrate the corporate network at 91 percent of them.

In addition, Positive Technologies penetration testers gained access to the industrial control system (ICS) networks at 75 percent of these companies. Once criminals have obtained access to ICS components, they can shutdown entire production lines, cause equipment to fail, or incidents that could cause serious harm.

Continue reading →

Increasingly applications and infrastructure are moving to the cloud and containers. But although this offers convenience and cost savings it introduces challenges when security incidents occur.

We spoke to James Campbell, CEO and co-founder of Cado Security to find out about the importance of digital forensics when dealing with cloud system breaches.

Continue reading →

The rapid shift of applications and infrastructure to the cloud creates gaps in security according to a new threat report from security platform Lacework.

This increases the opportunities for cybercriminals to steal data, take advantage of an organization's assets, and to gain illicit network access.

Continue reading →