Ian Barker

Cybercriminals are increasingly adopting a 'mobile-first' attack strategy to infiltrate enterprise systems by targeting weak, unsecured, and unmanaged mobile endpoints, recognizing mobile as a major entry point to corporate networks and sensitive data.

A new report from Zimperium zLabs shows a significant rise in mobile phishing -- or 'mishing' -- a technique that employs various tactics specifically designed to exploit vulnerabilities in mobile devices.

It's usually the case that cybersecurity is seen as being all about technology and that humans -- making mistakes and falling for social engineering -- are something of a liability.

But are people really just a problem or can they also be part of the solution? Toney Jennings, CEO of DataStone, believes we need to shift our thinking away from the current paradigm to empowering people as a hidden asset in the protection of their organization. We talked to him to find out more.

The latest threat insights report from HP Wolf Security has identified a new campaign using malware believed to have been written with the help of GenAI.

Analysis of the campaign, targeting French-speakers using VBScript and JavaScript, finds the structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables are strong indications that the threat actor used GenAI to create the malware.

A new survey of cybersecurity professionals finds that 75 percent of respondents think phishing attacks pose the greatest AI-powered threat to their organization, while 56 percent say deepfake enhanced fraud (voice or video) poses the greatest threat.

The study from Team 8, carried out at its annual CISO Summit, also finds that lack of expertise (58 percent) and balancing security with usability (56 percent) are the two main challenges organizations face when defending AI systems.

A new global study reveals that 58 percent of people use a username and password to login to personal accounts and 54 percent do so to login to work accounts.

The report from Yubico, based on a study of 20,000 people around the world carried out by Talker Research, reveals a worrying lack of awareness of best practices for authentication. 39 percent think username and password are the most secure and 37 percent think mobile SMS based authentication is the most secure, though both are highly susceptible to phishing attacks.

It's a pretty fair bet that if you asked most people they would skeptical about the effects of social media on well-being. However, new research from the Saïd Business School at the University of Oxford suggests there are positive benefits of social media usage on adults' mental health.

Academics conducted a six-month study of 1029 adults, with participants' daily time using social platforms on their Android mobile device unobtrusively tracked and their well-being measured every two weeks.

The presence of any data relating to an organization on the dark web demonstrably increases its risk of a cyberattack.

This probably won't come as too much of a surprise but it's confirmed by new research from Searchlight Cyber, the dark web intelligence company, and the Marsh McLennan Cyber Risk Intelligence Center.

A new qualification aims to equip cybersecurity professionals with the skills needed to tackle cybercrime in the age of AI.

Certified Ethical Hacker CEH v13 from EC-Council, a leader in cybersecurity certification, education, and training, provides in-depth training by integrating AI into all five phases of ethical hacking, from reconnaissance and scanning to gaining access, maintaining access, and covering tracks.

AI has become an undeniable and powerful part of the digital landscape. It makes systems stronger and more automated -- but it also has the potential to present a threat.

Some 80 percent of executives believe deepfakes pose a risk to their business, yet only 29 percent say they have taken steps to combat them. We spoke to Patrick Harding, chief product architect at Ping Identity, to discuss the security threats posed by AI and the need to take steps to properly secure identity by adding additional layers of protection.

Over half of C-suite and other executives (51.6 percent) expect an increase in the number and size of deepfake attacks targeting their organizations' financial and accounting data in the next year.

A new Deloitte poll shows that increase could impact more than one-quarter of executives in the year ahead, as those polled report that their organizations experienced at least one (15.1 percent) or multiple (10.8 percent) deepfake financial fraud incidents during the past year.

According to a new survey, 84 percent of organizations in the enterprise sector spotted a cyberattack within the last 12 months, compared to only 65 percent in 2023.

The study from Netwrix shows the most common security incidents are phishing, user or admin account compromise, and ransomware or other malware attack.

The latest tech trends report from Info-Tech Research Group suggests that that CIOs will need to increasingly adopt forward-thinking strategies to anticipate and simulate future business scenarios.

"At the intersection of digital transformation and exponential AI growth, IT leaders are
entering a new era where forecasting probable futures will be just as critical as reporting on the past," says Brian Jackson, principal research director and lead author of the report. "Our 2025 Tech Trends report provides a roadmap for organizations to harness AI, quantum computing, and cybersecurity solutions to stay ahead of the curve."

The rate of change in both technology and economic conditions can make it hard for CIOs to both innovate and satisfy the needs of the business.

We spoke to Ioan Iacob, founder and CEO of financial application specialist FlowX, to discuss the challenges of developing apps in the enterprise and how they can be addressed.

The latest threat detection data from Red Canary shows that Atomic Stealer -- an infostealer that targets credentials, payment card data, keychain details, and cryptocurrency wallet information on macOS devices -- has entered the top 10 threats.

Other notable appearances include Scarlet Goldfinch -- an 'activity cluster' that uses fake browser updates to trick users into downloading a legitimate remote management and monitoring tool that can be abused to deploy malicious software -- and ChromeLoader -- a malicious browser extension that reads and hijacks browser traffic to redirect it to specific sites, likely to conduct pay-per-click advertising fraud.

A survey of 800 security decision-makers across the US, UK, Germany and France reveals that 92 percent of security leaders have concerns about the use of AI-generated code within their organization.

In spite of these concerns though the study from Venafi finds 83 percent of organizations use AI for coding and open source software is present in 61 percent of applications.