Insecure and outdated web applications are a core source of high-profile data breaches among FT 500 global companies according to new research from web security company High-Tech Bridge.

The study reveals that abandoned, shadow and legacy web applications more or less nullify corporate cybersecurity spending and undermine compliance.

Continue reading →

It seems not a day goes by without a new cloud data breach making headlines. And though the victims change, the attack details remain the same. Why do organizations keep repeating the same cloud security mistakes? And how can we break free from this vicious cycle?

We spoke to Zach Malone, security engineer at security management specialist FireMon, who discusses these issues and tells us why, to identify the biggest threat to cloud security, we need to look in the mirror.

Continue reading →

During his keynote speech today at the Jamf User Nation Conference in Minneapolis, IBM CIO Fletcher Previn announced that IBM is going to open source its Mac@IBM code.

Designed to streamline the integration of corporate-owned or BYOD Apple Mac devices and applications into the enterprise while delivering a personalized experience, Mac@IBM has seen the number of IBMers using Macs increase from 30,000 in 2015 to 134,000 in 2018.

Continue reading →

Universities and colleges are uniquely attractive to cyber criminals, because a constantly changing population and the use of large numbers of BYOD machines means lots of potential vulnerabilities.

Privileged access management specialist Thycotic is releasing a free Cyber Security Toolkit for College Students and Families, aimed at providing an essential guide to help schools build an understanding of cyber best practices throughout their entire community.

Continue reading →

Earlier this year we covered some research from Duo Security published into the activities of Twitter bots. The company has now followed this with a look at how fake Twitter followers operate.

Traditional fake followers are challenging to detect on an individual level since they have very little (if any) activity other than following other accounts. However, because fakes operate in groups created by the same bot owner they do tend to share characteristics.

Continue reading →

Security gaps in key areas such as plain-text passwords, direct connections to the internet, and weak anti-virus protections are leaving industrial control systems vulnerable to attack according to a new report.

The study from ICS security company CyberX also shows that although the use of Windows XP has declined over the last year there are still older, unpatchable, Windows systems in slightly more than half of all industrial sites.

Continue reading →

Which subject lines make a person most likely to click a link in a phishing email? Security awareness training company KnowBe4 has analyzed data from simulated phishing tests and 'in the wild' emails to find out.

The most successful lines play on user's desire to remain secure with subjects relating to password checks the most clicked. On social media, messages about tagging or new profile views are most likely to be clicked.

Continue reading →

Email is still one of the most common ways for attackers to target individuals or businesses, whether it’s through phishing attacks or delivering malware. Although you may have protection measures in place it can be hard to know if they’re working effectively.

Intelligence-led security company FireEye is launching a new capability that allows organizations to evaluate email threat detection efficacy with a no-charge evaluation service

Continue reading →

We often hear the term 'ethical hacker', but what exactly does this involve and is it something you can actually make a career out of?

We spoke to Jim O'Gorman president of online penetration testing training provider Offensive Security to find out what being an ethical hacker is all about and what skills you need if you want to become one.

Continue reading →

IT operations is an area that often involves analyzing and reacting to a series of events and that makes it a strong candidate for automation.

Operations platform specialist OpsRamp has recognized this with the launch of OpsQ, an intelligent event management, alert correlation, and remediation solution for hybrid enterprises.

Continue reading →

Businesses are increasingly moving more of their operations to the cloud and this leads to a greater focus on securing these workloads.

Cloud infrastructure security company Threat Stack has released a new report created by Vanson Bourne which shows 54 percent of businesses are worried that they will soon outgrow their security solutions.

Continue reading →

In many organizations, time and productivity is lost by staff by working on repetitive tasks that would be better suited for outsourcing, rather than focusing on the knowledge-based work that they are employed to do.

This is a problem that shouldn't be underestimated, Harvard Business Review reckons that knowledge workers spend up to 41 percent of their time on tasks that could be competently carried out by others.

Continue reading →

Many people rely on connecting to Wi-Fi networks when they are out and about, but using public hotspots does present a significant security risk.

The best way to protect yourself is to use a VPN and cybersecurity company Webroot is launching its own in the form of Webroot WiFi Security, to provide security and privacy for users who connect to WiFi networks using Windows, Mac, and Android operating systems.

Continue reading →

New research from (ISC)² -- the world's largest non-profit association of cybersecurity professionals -- reveals a worldwide skills gap of 2.9 million.

The Asia-Pacific region is experiencing the highest shortage, at 2.14 million, in part thanks to its growing economies and new cybersecurity and data privacy legislation being enacted throughout the region. North America has the next highest gap at 498,000, while EMEA and Latin America contribute 142,000 and 136,000 to the staffing shortfall, respectively.

Continue reading →

In a world of evolving technologies and shifting demographics within the workforce, and within firms' customer bases, organizations need to rethink their approach to the adoption and oversight of electronic communications.

But a new study from data archiving specialist Smarsh shows that financial organizations are not keeping pace with their retention and supervision efforts -- particularly with a growing, younger workforce that relies on expanding, mobile-friendly channels, such as social media and text messaging.

Continue reading →