Ian Barker

Researchers at cloud security platform Armorblox have uncovered a phishing attack that seeks to steal Office 365 login credentials.

So far, so predictable. The clever twist here though is that the initial page victims are taken to via the email link is hosted on cloud file sharing service Box, followed by a credential phishing page that resembles the Office 365 login portal.

Continue reading →

Phishing is a problem that shows no signs of going away and indeed the COVID-19 pandemic has seen a new raft of malware and fraudulent emails seeking to trick the unwary.

Edison Software is launching a new AI-based email security subscription plan that can be added to the Edison Mail iOS app to help combat the threat.

Continue reading →

A new study of over 400 technology leaders in the US, UK and Germany shows that 80 percent of organizations are struggling to reach application delivery requirements with their existing infrastructure.

However, even with the other challenges of 2020, efforts to modernize networks and applications to address this challenge are accelerating with 83 percent reporting budget increases for these initiatives over the next three years.

Continue reading →

Researchers at F-Secure have uncovered a targeted, advanced attack on a cryptocurrency organization which they have linked to the Lazarus Group, and believe is part of a global, and financially motivated, hacking campaign.

Lazarus has been linked to the now infamous WannaCry attacks of 2017. This latest report identifies the tactics, techniques, and procedures (TTPs) used during the attack, such as spearphishing via a service (in this case, using LinkedIn to send a fake job offer tailored to the recipient’s profile).

Continue reading →

Botnet and exploit activity have increased over the course 2020's second quarter by 29 percent and 13 percent respectively, representing more than 17,000 botnet and 187,000 exploit attacks a day.

The latest Quarterly Threat Landscape Report from managed security services provider Nuspire also reveals a shift in tactics as attackers pivot away from COVID-19 themes, instead using other prominent media themes like the upcoming US election and exploiting the Black Lives Matter movement.

Continue reading →

Internet of Things (IoT) devices are generating huge volumes of data and that represents a challenge for organizations when it comes to processing and storing it.

We spoke to Karthik Ranganathan, CTO of the company behind the distributed SQL database YugabyteDB, to find out how businesses can cope with the complexity and performance issues that handling IoT data and its associated metadata raises.

Continue reading →

New research into insider threats from security automation platform Securonix shows that 60 percent of data exfiltration incidents are carried out by employees identified as 'flight risk', in other words that are about to leave the business.

We spoke to Shareth Ben, director of insider threat and cyber threat analytics with Securonix, to find out more about insider threats, flight risks and how companies can protect themselves.

Continue reading →

The Linux Foundation is today announcing the formation of the FinOps Foundation to promote the discipline of cloud financial management through best practices, education, and standards

With support from founding members Apptio, Cloudeasier, Cloudsoft, CloudWize, Contino, Kubecost, Neos, Opsani, ProsperOps, Timspirit and VMware, the foundation is set to increase awareness and offer education for professionals in the emerging discipline of FinOps.

Continue reading →

A new study from cybersecurity and data analytics firm, CybSafe shows that one in fours UK office workers are relying on unauthorized personal devices to work from home.

The study of 600 workers also shows that one in 10 share their work devices with others in their household, and that 65 percent of workers have not received any remote working security training in the last 6 months.

Continue reading →

While COVID-19 has altered the cloud strategies of enterprise IT executives, the vast majority are still moving forward with their big-picture digital transformation initiatives, and most think they'll see an increase in their cloud budgets to support these projects over the next year.

A new report from professional services and managed cloud company 2nd Watch surveyed more than 100 cloud-focused IT directors or above and finds that 82 percent of respondents say they've experienced cloud-related challenges with 77 percent saying these challenges have caused them to alter their cloud strategies.

Continue reading →

Since organizations have shifted to a work from home model, the potential for cyberattacks and breaches has increased. In fact, since the start of the pandemic, 20 percent of respondents say they faced a security breach as a result of a remote worker.

New research from Malwarebytes shows that this in turn has led to higher costs, with 24 percent of respondents saying they paid unexpected expenses to address a cybersecurity breach or malware attack following shelter-in-place orders.

Continue reading →

More than half of UK businesses are turning to outsourced partners for cyber security services, according to research commissioned by digital risk protection company Skurio.

Lack of in-house expertise is a key issue for organizations, in particular when it comes to digital risk protection -- the ability to monitor risks, threats and breaches outside their network -- with 80 percent of respondents saying that their teams lack skills and knowledge in this area.

Continue reading →

A new Biannual ICS Risk and Vulnerability Report, released today by Claroty, reveals that more than 70 percent of industrial control system (ICS) vulnerabilities disclosed in the first half of 2020 can be exploited remotely.

Earlier this week we looked at how project files can be used to attack ICS systems even if they're air-gapped, but this report highlights the importance of protecting internet-facing ICS devices and remote access connections.

Continue reading →

In the new normal world where more work is being carried out remotely, corporate communications have increased in importance but they have also come under greater threat.

As the recent Twitter attack shows, communication tools offer hackers an attractive extra method of getting hold of sensitive information like login details.

Continue reading →

Almost half of all actions by attackers are identical to the normal activities of the users and admins, and in most companies even a low-skilled hacker can obtain control of the infrastructure.

These are among the findings of a new study from penetration testing specialist Positive Technologies. Testers, acting as internal attackers, managed to obtain full control of infrastructure at 23 tested companies usually within three days.

Continue reading →