Remote access tools are creating cybersecurity risks and operational burdens for operational technology (OT) systems, according to a new report.

The study, from the Claroty Team82 threat research team, using data from more than 50,000 remote-access-enabled devices shows that the volume of remote access tools deployed is excessive, with 55 percent of organizations having four or more and 33 percent having six or more.

Continue reading →

Compliance automation software company Secureframe has launched its free Gap Assessment Tool to help service partners including MSPs, MSSPs, vCISOs, and IT security consultants identify gaps in security posture or compliance status.

It's designed to address a common challenge faced by IT service providers -- uncovering areas of non-compliance and potential risk while demonstrating value to clients.

Continue reading →

Many organizations rely on platform engineering to introduce automation, self-service capabilities, and streamlined workflows into software development.

But a new report from Forrester for digital experience specialist the Qt Group finds that 63 percent of embedded software from organizations with a platform engineering strategy is still created using custom, ad hoc solutions.

Continue reading →

A new report on the mobile threat landscape from Lookout reveals a 40.4 percent jump in mobile phishing attempts and malicious web attacks targeting enterprise organizations.

More than 80,000 malicious apps were detected on enterprise mobile devices. These threats can vary widely, from invasive permissions and riskware that pose significant compliance risks to sophisticated spyware capable of tracking devices, stealing data, eavesdropping on conversations and accessing the user' camera and microphone.

Continue reading →

The manufacturing and industrial sectors have seen a dramatic rise in cyberattacks, accounting for 41 percent of cyber incidents in the first half of 2024, an increase of 105 percent.

A new threat intelligence report from Ontinue also highlights a rise in state-sponsored campaigns from China increasingly focused on information control and leveraging zero-day exploits, further complicating attribution and escalating the global threat landscape.

Continue reading →

Identities are probably the biggest attack surface for organizations in today's world as employees rely more on systems and apps to do their jobs.

Mapping identity and access data from the large, disparate, and often disconnected, mix of on-premise and cloud systems that enterprises use is a major challenge.

Continue reading →

A new zero-trust stealth mode browser is being launched by SlashNext, designed to see through obfuscation techniques commonly used by threat actors, and deliver enhanced protection against phishing and malware.

In recent years, well-intentioned companies offering free services such as CAPTCHA solutions and content delivery networks have inadvertently aided threat actors. For example, Cloudflare's Turnstile Services and similar CAPTCHA solutions are commonly exploited as obfuscation techniques. CAPTCHAs are used to block the crawlers employed by security services from accessing and analyzing phishing sites.

Continue reading →

Enterprises are increasingly looking to software bills of materials (SBOM) to understand the components inside the tech products they use in order to secure their software supply chain.

But do SBOMs really provide value? And how can they be used more effectively? We talked to Varun Badhwar, CEO and co-founder of Endor Labs, to find out the keys to using SBOMs successfully.

Continue reading →

In an increasingly digital world, youngsters are just as a risk as the rest of us -- perhaps more so -- which means cybersecurity education for children is crucial.

Security awareness training company KnowBe4 has released its Children's Interactive Cybersecurity Activity Kit, featuring an AI safety video, a password video game, a cybersecurity activity book, and middle school lesson plans.

Continue reading →

Trust management platform Vanta is launching new tools to help businesses understand their risk posture, particularly with regard to third-parties.

Report Center provides a real-time view into the state of a business' security and compliance program. It can automatically collect and visualize data across the entire security program, including risk management, vendors, compliance, personnel and trust.

Continue reading →

Nearly two-thirds of CISOs report increasing budgets this year, with average growth rising from six percent in 2023 to eight percent this year, but this is only about half of growth rates in 2021 (16 percent) and 2022 (17 percent).

A study from IANS Research and Artico Search shows that a quarter of CISOs are experiencing flat budgets while 12 percent face declines.

Continue reading →

Following the July 2024 CrowdStrike IT outages, over 78 percent of people in the UK now worry about the heavy reliance of global organizations on IT systems and software providers.

A new survey of 2,000 UK adults by One Poll for Nineteen Group, organizers of the International Cyber Expo shows that 44 percent of respondents were in some way impacted by the outages. 18 percent were affected themselves and 26 percent knew someone who was.

Continue reading →

Attacks on content creators and online influencers have surged alongside the growing accessibility of deepfake technologies, posing a significant threat.

To combat these threats Bitdefender is launching a new Security for Creators package that safeguards content channels and social media accounts from takeovers and supports Windows, Mac, Android, and iOS.

Continue reading →

Enterprises are facing a rapidly changing privacy landscape, in which some laws contradict each other, while struggling to reduce costs and gain visibility into their privacy risks.

Indeed there’s been a recent increase in lawsuits against companies for online privacy violations that is putting significant strain on C-level executives and they're looking to their IT leaders to address all of this risk with technology.

Continue reading →

A new report from dark web intelligence specialist Searchlight Cyber shows a 56 percent increase in the number of active ransomware groups this year compared to the first half of 2023, reflecting a diversification of the ransomware landscape.

LockBit has retained its top position despite the disruption caused by Operation Cronos, though its number of listed victims has fallen compared to H1 2023.

Continue reading →