We know that cyber criminals are increasingly operating in a businesslike way and using underground marketplaces to sell services and information.

A new report from threat intelligence specialist IntSights looks at one particular aspect of this trend which is the sale of access to already compromised networks.

Continue reading →

Researchers at Varonis are warning about a Salesforce misconfiguration that can expose sensitive data to anyone on the internet.

The issue is in the Salesforce Community, which lets Salesforce customers create their own websites to connect with users outside their organization and collaborate.

Continue reading →

In the last few decades, we've seen cybercrime transform from an activity perpetrated by independent lone actors into an increasingly professional business endeavor in pursuit of profit.

Cybercriminals communicate and collaborate, working together and exchanging information on the deep and dark web. But what exactly is up for sale on these underground markets and what does this tell us about threat actor behavior and motivation?

Continue reading →

It's now been five years since the United Kingdom voted in a referendum to leave the European Union, and six months since it actually left.

With the promise of freedom to 'take back control' of the UK's borders, potential new opportunities for Britons and a plan to make the UK a global leader in innovation, there's still a lot up in the air. What has been apparent, however, is that almost all aspects of businesses have been impacted by Brexit in some way or other, from supply chain complications, to staff shortages, to confusion around GDPR and data protection rules.

Continue reading →

As the enterprise IT landscape has become more complex, security is no longer a matter of simply securing the network perimeter. The cloud and remote workers now have to be part of the equation too.

In order to cope with this, more and more businesses are turning to the use of zero trust methodology. We spoke to James Carder, CSO of SIEM platform LogRhythm to find out more about why this is a technology whose time has come and how it can be implemented effectively.

Continue reading →

Read about any new cybersecurity product today and the chances are that it will be keen to stress its use of AI in some form.

But are we expecting too much from AI and are companies adopting it just because it's on trend? We spoke to Nadav Arbel, co-founder and CEO of managed SOC platform CYREBRO, to find out more about AI's role and why the human factor is still important.

Continue reading →

Enterprises are overwhelmingly counting on data science as a key to their long-term success, but flawed investments in people, processes and tools are leading companies to fail in their best efforts to develop, deploy, monitor, and manage models.

New research from Domino Data Lab shows that while 71 percent of data executives say their company leadership expects revenue growth from their investment in data science, 48 percent say their company has not invested enough to meet those expectations.

Continue reading →

APIs make life easier for developers by allowing easy access to various program functions. However, this functionality also makes them an increasingly attractive target for attack.

Web application and API Protection platform ThreatX is launching new API catalog capabilities to provide enterprises with a clear view of their API's attack surface, as well as the operational health of any APIs in production.

Continue reading →

After a slump during the pandemic, vulnerability disclosures are once again showing growth according to the latest Vulnerability QuickView Report from Risk Based Security's VulnDB team.

The report shows 12,723 vulnerabilities disclosed during the first half of 2021 and the vulnerability disclosure landscape saw a growth of 2.8 percent compared to the same period in 2020.

Continue reading →

A new study from threat detection and response specialist Vectra AI finds that all respondents have experienced at least one security incident in their public cloud environment in the last 12 months.

The study of over 300 IT executives, with 70 percent coming from enterprises with more than 1,000 employees, shows a rapid expansion and reliance on AWS services while simultaneously pointing up security blind spots within many organizations.

Continue reading →

Over the last year there has been a significant move away from using cash. In the US alone ATM withdrawals are down 58 percent, 41 percent of consumers have switched from cash to online and phone payments, while 55 percent don't plan to switch back to using cash.

But while this is convenient for the consumer it opens up more opportunities for fraud and cybercrime. Financial risk management firm Feedzai is aiming to boost digital trust, by adding pre-transaction behavioral intelligence to prevent financial crime in real-time before it happens.

Continue reading →

A new study carried out by Opinium for certificate authority GlobalSign shows that managing digital certificates, especially expirations and renewals, continues to be a challenging process for businesses of all sizes.

The top challenges respondents typically encountered when keeping track of certificates include managing multiple types of certificates (45 percent) and managing large quantities of them (41 percent).

Continue reading →

A new survey from Egress of 500 IT leaders and 3,000 employees across the US and UK finds that 73 percent of organizations have suffered data breaches caused by phishing attacks in the last year.

In addition 53 percent of IT leaders report an increase in incidents caused by phishing since the widespread adoption of remote working. There are also concerns over future hybrid working, with 50 percent of IT leaders saying it will make it harder to prevent breaches caused by malicious email attacks.

Continue reading →

Databases are employed by all kinds of businesses, but deciding which one to use can be a tricky decision. Once you've chosen a solution it’s a lot of work to switch to a different one.

But also different stakeholders within the enterprise have different requirements from a database and different views on which features are important.

Continue reading →

We're all encouraged to use multi-factor authentication to protect our online accounts. Very often this involves a one-time passcode (OTP) sent via an SMS message.

This makes life harder for the cybercriminals even if they have your password, but the team at CyberNews has uncovered a new robocall bot that aims to trick users into giving up their OTPs.

Continue reading →