Ian Barker

Phishing is the most common form of cyberattack as criminals seek to obtain credentials to access bank accounts or corporate networks.

Abnormal Security has analyzed which phishing attacks generate the highest click rate and categorized them based on the words included in the subject line.

Continue reading →

The Payment Card Industry Data Security Standard (PCI DSS) turns 20 next year and has remained largely unchanged during that time. But version 4.0, due to become mandatory from April 2024, will bring the standard bang up-to-date and usher in a number of big changes.

We spoke to Phil Robinson, principal consultant and QSA at Prism Infosec, to explore what's changing and how organizations can prepare to meet the new requirements.

Continue reading →

New research from Malwarebytes reveals that employees are being tricked into downloading remote monitoring and management tools like AnyDesk to open up back doors to corporate networks.

In a standard phishing technique potential victims are targeted via an email or SMS message, personalized to match their roles within the organization. The link in the email goes to what looks like a legitimate bank website with a link to open a chat support session.

Continue reading →

Traditionally, organizations have focused on measuring the results of their cyber security strategies in terms of threat events or security incidents to determine how effective their security controls are.

However, in today's fast-paced world, the real game-changer is aligning security outcomes with business objectives and this is where 'outcome-based security' plays a huge role. It's a shift in focus for organizations, but one which can empower security teams to add even greater value to the strategic goals of the business.

Continue reading →

The latest ransomware report from GuidePoint Security shows a decline in activity in January compared to the final quarter of last year, with a drop in the total number of posted victims by 33 percent and 60 percent relative to December and November 2023.

However, this is consistent with the trends of January of 2022 and 2023, both of which also followed heightened Q4 activity from the previous year.

Continue reading →

A 'forest' -- in case you didn't know -- is the top-level logical container in an Active Directory configuration that holds domains, users, computers, and group policies.

This level presents a security challenge and a new survey of 1,000 IT professionals from Cayosoft reveals a 172 percent increase in forest-wide Active Directory outages since 2021.

Continue reading →

A new report from HP Wolf Security shows cybercrime groups are using professional advertising tools to optimize their malware campaigns and convince users to take the bait.

The report identifies the DarkGate campaign which uses ad tools to sharpen attacks. Malicious PDF attachments, posing as OneDrive error messages, direct users to sponsored content hosted on a popular ad network. This leads to DarkGate malware which hands backdoor access to cybercriminals into networks, exposing victims to risks like data theft and ransomware..

Continue reading →

In a new report on the impact of generative AI on security posture, Menlo Security looks at employee usage of gen AI and the subsequent security risks these behaviors pose to organizations.

It finds that 55 percent of data loss prevention events detected by Menlo Security in the last thirty days included attempts to input personally identifiable information. The next most common type of data that triggered DLP detections included confidential documents, which represented 40 percent of input attempts.

Continue reading →

A new report from Veracode shows that software security debt -- flaws that have gone unfixed for over a year -- is found in 42 percent of applications.

Although the number of high-severity flaws has reduced 70.8 percent of organizations still suffer from security debt. 45.9 percent have critical security debt, that is high-severity flaws that have been unfixed for 12 months or more.

Continue reading →

New research finds that 84 percent of organizations believe their existing content management system (CMS) is preventing them from unlocking full value from their data and content.

The study, from headless CMS company Hygraph, surveyed 400 professionals in product and engineering roles across the US, UK, and Germany, and finds 92 percent of organizations say their content and data sources are currently siloed, with 38 percent describing it as 'very siloed'. This means the work required to integrate all these sources is both time-consuming and expensive.

Continue reading →

Just as cybersecurity threats are constantly evolving, so are the compliance regulations that organizations must follow. And as these regulations tighten so the risks of non-compliance become higher.

Cam Roberson, VP at Beachhead Solutions, a provider of cloud-managed PC and mobile device encryption, security, and data access control, sat down with us to discuss what enterprises need to know about the current state of cybersecurity compliance.

Continue reading →

With cyber threats becoming increasingly sophisticated, organizations face new challenges in safeguarding their digital assets. A new report from Info-Tech Research Group looks at the issues IT and security leaders must prioritize over the coming year.

It highlights the need to take account of the cybersecurity talent shortage, the rise of AI-driven threats, the integration of security risks with business risks, the adoption of zero-trust frameworks, and the increasing significance of automating security operations.

Continue reading →

A new report from Picus Security looks at real-world malware samples and identifies the most common techniques leveraged by attackers.

It identifies a surge in 'hunter-killer' demonstrating a shift in adversaries' ability to identify and neutralize advanced enterprise defenses such as next-gen firewalls, antivirus, and EDR. According to the report, there has been a 333 percent increase in malware that can actively target defensive systems in an attempt to disable them.

Continue reading →

The overwhelming majority of organizations (91 percent) have experienced a software supply chain incident in the past 12 months, according to a new report.

The study from Data Theorem and the Enterprise Strategy Group surveyed over 350 respondents from private- and public-sector organizations in the US and Canada across cybersecurity professionals, application developers and IT professionals.

Continue reading →

The cybersecurity landscape is changing all the time and security teams are constantly searching for anything that can give them an edge in defending their systems.

We spoke to Rajeev Gupta, co-founder and chief product officer at insurance specialist Cowbell Cyber, about cyber risk assessment and how it can help businesses understand their level of risk and improve it to stay ahead of bad actors and threats like phishing attempts.

Continue reading →