Ian Barker

ChatGPT is very much flavor of the month at the moment, with many companies looking to add the AI technology into their products and Google launching its own alternative, Bard.

The latest to embrace the potential is Logpoint which is launching ChatGPT integration for its Security Orchestration, Automation and Response (SOAR) product.

Continue reading →

While technology to secure devices has been widely adopted, more progress is needed to protect identity, networks and applications, according to the first-ever Cybersecurity Readiness Index from Cisco.

Respondents rank identity and device management as two of the three top cybersecurity threats. With the widespread adoption of technology like multi-factor authentication (MFA), criminals are increasingly targeting the solutions employed to protect users and devices.

Continue reading →

Google is using today's Safer Internet Day to announce a number of new security and privacy initiatives.

Among these are new ways to fill out passwords easily and securely in Chrome, more privacy protection for the Google app, improvements to Google Password Manger, and an expansion of SafeSearch to protect against explicit images.

Continue reading →

Critical infrastructure organizations accounted for 51 percent of ransomware victims in 2022, with construction being the most targeted sector overall.

Analysis by the KrakenLabs team at Outpost24 has identified 2,363 victims disclosed by various ransomware groups on Data Leak Sites (DLS) in 2022, with an estimated $450 million paid in ransom by victims.

Continue reading →

Cybercriminals don't need to be clever and use inventive hacking exploits to breach systems as organizations are making things too easy for them, says a new report.

Intelligence-led computer security testing company SE Labs has released its annual Cyber Threat Intelligence report with a warning that CEOs need to take cybersecurity seriously or risk falling into the clutches of criminals eager to take their data and their money.

Continue reading →

The cybersecurity world is a constantly evolving one. In recent years though we've seen the rise of new technologies like AI and quantum computing that, while they may revolutionize legitimate businesses, also have worrying implications for security.

We spoke to Kevin Kennedy, vice president of products at detection and response company Vectra AI, to find out more about the risks and what organizations can do about them.

Continue reading →

Netflix recently announced a crackdown on the sharing of account details and has introduced a paid sharing option to allow multiple users. It isn't surprising then that there's a thriving Dark Web market for streaming account details.

Research from AtlasVPN shows that account logins for popular streaming services are being sold for an average of $11.

Continue reading →

IT and security professionals spend an average of 4,300 hours annually achieving or maintaining compliance, according to a new study.

The survey, from automation platform Drata of 300 IT and security professionals in fast-growing organizations across the US, finds 87 percent of respondents have faced consequences as a result of not having continuous compliance, these include slowed sales cycles, security breaches, business interruption, loss of a business relationship, a damaged reputation, or fines.

Continue reading →

This summer, Gartner introduced Continuous Threat Exposure Management (CTEM). This is a set of processes and capabilities that allow organizations to create a system for review of exposures that is faster than the periodic project-based approach.

With endless threats and vulnerabilities hammering today's organizations, exposure management that evaluates the accessibility, exposure and exploitability of all digital and physical assets is necessary to govern and prioritize risk reduction for enterprises.

Continue reading →

A new survey of 300 organizations across the US and Europe looks at the key challenges concerning the ability to effectively prioritize and contextualize the large amounts of data organizations get from several cyber security alert systems, as well as identifying the actions needed to meet them.

The survey, conducted for Darktrace by IDC, finds evolving attack vectors make it difficult to prepare proactively, with only 31 percent of respondents highly confident that their tools can continuously adjust to new configurations.

Continue reading →

Researchers at WithSecure have uncovered a cyberattack campaign linked back to North Korea's notorious Lazarus Group.

It is extremely rare to be able to link a campaign so strongly to a perpetrator as WithSecure has been able to do here. The Hackers have been targeting medical research and energy organizations with the intent to commit espionage.

Continue reading →

A new platform from Sonatype is designed to make it easier for developer and security teams to unite and build innovative software securely.

It delivers an Application Security Testing (AST) and Software Composition Analysis (SCA) tool that offers cloud, self-hosted, and disconnected deployment options -- giving control and flexibility to its customers.

Continue reading →

We can expect to see more than 1,900 new Common Vulnerabilities and Exposures (CVEs) per month in 2023, including 270 high-severity and 155 critical-severity vulnerabilities -- a 13 percent increase from published 2022 levels.

This is according to a report from cyber insurance provider Coalition, which finds that most CVEs are exploited within 90 days of public disclosure, with the majority exploited within the first 30 days.

Continue reading →

Due to the nature of modern software design and the sharing of open source images, security teams face a large number of container vulnerabilities according to a new report.

The study from Sysdig, based on real-world data sets covering billions of containers, thousands of cloud accounts, and hundreds of thousands of applications, finds 87 percent of container images have high or critical vulnerabilities.

Continue reading →

Last year Toyota suffered a data breach due to accidentally exposing a credential allowing access to customer data in a public GitHub repository.

This type of breach could be avoided if organizations turned their focus on credentials that are exposed within SaaS applications. We spoke to Corey O'Connor, director of product at SaaS security platform DoControl, about why he believes identity security needs to go beyond just protecting the keys.

Continue reading →