Ian Barker

A new report from DoControl finds that companies are generating approximately 286,000 new SaaS assets, such as files or recordings, each week. However, it also found the public exposure of 35,000 sensitive assets at the average company, a significant lapse in data management and access controls.

The report finds a 182 percent increase in employees sharing company-owned assets via their personal email too. In 2023, findings show that the average company had one out of six employees share data with their personal email account (1.3 million assets).

Continue reading →

Detections for malicious email forwarding rules have risen by nearly 600 percent in 2023, as adversaries compromised email accounts, redirected sensitive communications to archive folders and other places users are unlikely to look, and attempted to modify payroll or wire transfer destinations, re-routing money into the criminal’s account.

This is one of the findings in the latest Threat Detection Report from Red Canary. Half of the threats in top 10 leverage malvertising and/or SEO poisoning, occasionally leading to more serious payloads like ransomware precursors that could lead to a serious attack if not detected.

Continue reading →

New threat research from Salt Labs has uncovered critical security flaws within ChatGPT plugins, highlighting a new risk for enterprises.

Plugins provide AI chatbots like ChatGPT with access and permissions to perform tasks on behalf of users within third party websites. For example, committing code to GitHub repositories or retrieving data from an organization's Google Drives.

Continue reading →

According to a new report, 74 percent of all cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering.

More than two-thirds believe employees are putting the organization at risk through the misuse of email, oversharing company information on social media, and careless web browsing. This highlights the need for staff to receive better training on the risks.

Continue reading →

Friction and lack of communication between development and security teams can lead to problems in software development and testing.

How can we bridge the gap between developer and security teams and help them see that they have common goals? We spoke to Scott Gerlach, CSO and co-founder of StackHawk, the company making web application and API security testing part of software delivery, to find out.

Continue reading →

Bots have been around for a long time, but they're now much more sophisticated, capable of mimicking human behavior, evading detection, and perpetrating a wide range of malicious activities.

A new report from CHEQ shows that latest bots are able to scrape data without permission, inflate engagement metrics, commit fraud, and compromise the security and integrity of websites, mobile apps, and APIs.

Continue reading →

Observability is key to allowing organizations to manage their systems effectively, helping improve performance, cut workloads and save money.

Grafana has released its latest Obervability Survey, based on responses from over 300 industry practitioners which shows that 70 percent of teams are using four or more observability technologies.

Continue reading →

For the second year running managing cloud spending is the top challenge facing organizations, according to the latest Flexera State of the Cloud Report.

The survey of over 750 respondents shows more than a quarter of them spend over $12 million a year on cloud (29 percent), and 22 percent spend that much on SaaS.

Continue reading →

The pandemic led to a dramatic shift in working patterns with many more people working from home or spending less time in the office.

Recently though we've been seeing more calls for staff to go back to the office. So, have working patterns changed for good and if so how can productivity levels be maintained with remote working? We talked to Mark Cresswell, co-founder and executive chairman of Scalable Software, to find out.

Continue reading →

The nature of the modern world means that we all have lots of different accounts to manage various services.

Protecting all of these can be a challenge and you can end up with lots of different tools like password managers, VPNs, anti-virus tools and more. It also leads to people getting lazy and reusing passwords.

Continue reading →

Kaspersky's annual spam and phishing report, released today, shows its anti-phishing system thwarted over 709 million attempts to access phishing and scam websites in 2023 -- a 40 percent increase over 2022.

There's also been a surge in attacks spread via messaging platforms, including 62,127 phishing attempts on Telegram -- a 22 percent increase from the year before. AI platforms, social media services, and cryptocurrency exchanges are the other most-exploited channels.

Continue reading →

Around half of organizations have experienced a significant increase in their audit budget expenditures due to poor IT asset inventory data.

Research carried out by YouGov for Oomnitza shows 56 percent of companies report that the data accuracy of their configuration management database (CMDB) is only 85 percent or less with insufficient levels of process automation.

Continue reading →

New research from Civo finds 64 percent of users of AWS, Microsoft Azure, and Google Cloud have seen an increase in cloud costs in the last 12 months.

This comes at a time when public cloud services are coming under scrutiny from the Competition and Markets Authority for their billing and pricing tactics.

Continue reading →

A new survey of 150 IT security and data science leaders shows that 98 percent of enterprises consider at least some of their AI models crucial to their business success, and 77 percent identified breaches to their AI in the past year.

Yet the study from HiddenLayer shows only 14 percent of IT leaders say their respective companies are planning and testing for adversarial attacks on AI models.

Continue reading →

New research from email security provider EasyDMARC finds that 25 percent of e-commerce retailers expect to see a notable drop in email deliverability following Yahoo and Google's email authentication policy changes.

Both Google's sender guidelines and Yahoo's sender requirements and recommendations have stated that failure to comply with the new sending standards could negatively impact email delivery. For e-commerce providers that rely on email as a marketing and customer communications channel, these measures could negatively impact customer engagement and sales.

Continue reading →