According to a new report, 84 percent of CISOs say that they are called into sales engagements related to closing sales of their company's products and services, highlighting the connection between AppSec and business growth.

The study from Checkmarx also reveals that 96 percent of CISOs say their prospects consider the level of application security of their organizations when making purchase decisions.

Continue reading →

Systems at the Electoral Commission, the body which oversees elections in the UK, have suffered a breach exposing electoral registers which hold the data of anyone registered to vote between 2014 and 2022. The Commission’s email system was also exposed in the breach.

In a statement on its website the Commission says it identified the incident in October last year but that systems were accessed as long ago as August 2021.

Continue reading →

Recent developments in generative AI have led to a good deal of debate around whether jobs are at risk. Since new AI applications like OpenAI Codex and Copilot can write code, developers could be among those under threat.

We spoke to Trisha Gee, lead developer evangelist at Gradle, to find out more about how AI is likely to change the way developers work.

Continue reading →

A new report shows that, on average, organizations’ security controls (such as next-gen firewalls and intrusion prevention solutions) only prevent six out of every 10 attacks.

The Blue Report 2023 study from Picus Security is based on an analysis of more than 14 million simulated cyberattacks.

Continue reading →

Researchers at British universities have demonstrated a technique that allows an AI model to work out what you’re typing simply by listening to the keystrokes.

Known as an acoustic side channel attack (ASCA) it involves recording the sound of a keyboard, either by using a nearby smartphone or via a remote conferencing session such as Zoom. Researchers used a standard iPhone 13 to record the sound of the Apple MacBook Pro 16-inch laptop keyboard at standard 44.1kHz quality.

Continue reading →

Cybersecurity benefits from being able to share information about threats in order to speed detection. In pursuit of this the Open Cybersecurity Schema Framework (OCSF) was launched last year by Splunk, Amazon Web Services (AWS), IBM and 15 other cybersecurity firms.

Today OCSF becomes generally available, delivering an open and extensible framework that organizations can integrate into any environment, application or solution to complement existing security standards and processes.

Continue reading →

Historically Windows has been the favorite target of cybercriminals, but new research from Accenture suggests macOS is becoming a lucrative priority on the dark web and information on exploits is being traded for millions of dollars.

The Accenture Cyber Threat Intelligence (ACTI) team has noted a significant upward trend in dark-web threat actors targeting macOS from 2019 to 2022 and the volume from 2023 has overtaken 2022 in just the first six months.

Continue reading →

Back in May, when World Password Day was once again in the news, we asked whether the days of the password were numbered.

Rishi Bhargava, co-founder of Descope, agrees that passwords belong to the past. We spoke to him to discover more and find out how new technologies like passkeys are driving the change.

Continue reading →

Smaller businesses are not immune from cyberattacks. In fact, because they lack the resources for the latest defenses and to train their staff to spot threats, they can be particularly vulnerable.

Education and training are key to protect any business and to help smaller companies stay up to date Avast -- now part of digital security and privacy brand Gen -- is launching a new Cybersecurity Training Quiz.

Continue reading →

Cyberattacks and data breaches come it many forms, but often at the root of them is a phishing scam.

Exploiting the fact that humans are the weakest link in the security chain, cybercriminals use phishing to trick employees into giving up credentials or other sensitive information that can be used to gain a foothold to carry out a later attack.

Continue reading →

Concerns around supply chain security, partly driven by President Biden's Executive Order on Improving the US' Cybersecurity, are leading to increased adoption of software bills of materials (SBOM).

Research from Sonatype surveyed over 200 IT directors in the US and UK at businesses with over $50 million revenue and finds 76 percent of enterprises have adopted SBOMs since the order's introduction.

Continue reading →

Avril Lavigne didn't quite sing that line but she might well have done if she'd worked in IT. More than two-thirds of IT managers (68 percent) say their current privileged access management (PAM) product is too complex or has too many features they don't use.

A new report from Keeper Security also finds that 87 percent of respondents would prefer a pared down form of PAM that is easier to deploy and use.

Continue reading →

New research from SynSaber, along with the ICS Advisory Project, into industrial control operational technology system vulnerabilities finds that 34 percent of the CVEs reported in the first half of 2023 currently have no patch or remediation available from the vendor.

This compares to the 35 percent that had no fixes in the second half of 2022 but is a significant increase from the 13 percent in the first half of last year.

Continue reading →

The past few years have seen some major changes in the IT world. Accelerated by the pandemic we've seen a significant shift to the cloud and hybrid working models.

But this brings with it additional risks. We spoke to Matt Spitz, head of engineering at Vanta, to discuss the security challenges posed and how enterprises can adapt to cope with them.

Continue reading →

A new cloud threat findings report from Cado Security looks at the evolving cloud threat landscape, shedding light on the heightened risk of cyberattacks due to the rapid adoption of cloud-focused services.

The report shows SSH is the most commonly targeted service accounting for 68.2 percent of the samples seen, followed by Redis at 27.6 percent, and Log4Shell traffic at a mere 4.3 percent, indicating a shift in threat actor strategy no longer prioritizing the vulnerability as a means of initial access.

Continue reading →