BetaNews Staff

Passwords certainly aren’t new -- they began in ancient civilizations so tribes and their militaries could identify their members and allies. But the management problems they present in a digital world so utterly dependent upon them are voluminous and costly. On average, business users have 87 passwords for their work-related accounts. Granting this complexity, users will inevitably need to turn to IT several times a year to resolve password lock outs. Forrester estimates that it costs an organization $70 per password reset and that large, U.S.-based enterprises allocate $1M annually for password-related support costs.

While Self-Service Password Reset (SSPR) tools -- web-based portals that enable users and administrators to reset their own passwords without IT interaction -- seem like the ideal solution, they come with risks. Today’s threat actors are exploiting every opportunity to gain credentials, and without the proper controls, SSPR solutions can be ripe for social engineering and exploitation. Artificial Intelligence is bolstering social engineering tactics while making them less detectable. Threat actors have increasingly been waging these sorts of attacks against SSPR solutions, in particular Microsoft SSPR, to gain both user and admin credentials. While it has become necessary for IT to streamline tasks in a world of burgeoning demands and complexity, any solutions deployed must be reviewed for vulnerabilities -- or the cure could be worse than the disease, leading to a catastrophic breach.

Continue reading →

Microsoft Office stands as a pillar in the landscape of modern productivity tools. Its suite of programs -- from Word for crafting documents to Excel for data analysis - allows for versatility in both personal and professional environments. Used from everything like notetaking, resumes, essays, and business reports, in today’s digital age, these documents are indispensable and trusted tools.

This versatility, however, presents a double-edged sword. While they enhance efficiency and functionality, they simultaneously create potential security risks. This duality makes Microsoft Office documents an attractive target for threat actors, who exploit their widespread use and familiar interface to deliver phishing and malware with alarming ease.

Continue reading →

Modern cybersecurity leaders are expected to balance an almost comical number of responsibilities. Threat intelligence, vulnerability management, asset tracking, identity management, budgeting, third-party risk -- and that’s just what the company is willing to put in the job description.

To be a cybersecurity expert is to spend your entire career deepening your well of knowledge in one or a few domains. To be a cybersecurity leader, on the other hand, is to spend your career attempting to drink an ocean through a straw. What makes this moment in cybersecurity so interesting is that generative artificial intelligence (AI) brought a fundamental change to both the ocean and the straw.

Continue reading →

In today’s competitive business environment, delivering dynamic experiences across multiple digital channels is becoming increasingly important. In the past, a traditional monolithic CMS was the go-to solution for managing website content in bulk, offering a comprehensive approach with integrated front-end and back-end functionalities.

However, as the importance of web channels for media distribution grew, developers within larger enterprises recognized the limitations of monolithic solutions in managing complex, structured content or delivering unique frontend capabilities. This led to the rise of custom, internal CMS solutions. Performance and extensive customization were possible but at huge engineering costs and time pressure to plan, develop, and uphold these systems.

Continue reading →

Ask a connected device developer which operating system they prefer and most -- about three-quarters to be exact -- will reply with Linux. The open-source system is far and away the king of the Internet of Things (IoT) thanks to its flexibility and support for various architectures.

But there’s a problem. Simple, single-function devices like smart thermostats or connected bird feeders often don’t require the robust processing power of Linux. Loading these devices with multi-tasking capabilities can be inefficient and potentially risky. Recent reports of backdoor vulnerabilities in Linux, for example, raise concerns about its attack surface and open-source origins.

Continue reading →

Since the arrival of generative AI, its potential to increase challenges associated with privacy and cyber security has become a major concern. As a result, government bodies and industry experts are hotly debating how to regulate the AI industry.

So, where are we heading and how is the crossover between AI and cyber security likely to play out? Looking at the lessons learnt from previous efforts to regulate the cyber security market over the past few decades, achieving anything similar for AI is a daunting prospect. However, change is essential if we are to create a regulatory framework that guards against AI's negative potential without also blocking the positive uses that AI is already delivering.

Continue reading →

Supply-chain vulnerabilities loom large on the cybersecurity landscape, with threats and attacks such as SolarWinds, 3CX, Log4Shell and now XZ Utils underscoring the potentially devastating impact of these security breaches. The latter examples of Open Source Software (OSS) attacks are a growing attack vector. In fact, nearly three-quarters (74 percent) of UK software supply chains have faced cyber attacks within the last twelve months.

Expect attacks on the open source software supply chain to accelerate, with attackers automating attacks in common open source software projects and package managers. Many CISOs and DevSecOps teams are unprepared to implement controls in their existing build systems to mitigate these threats. In 2024, DevSecOps teams will migrate away from shift-left security models in favor of “shifting down” by using AI to automate security out of the developers’ workflows.

Continue reading →

Details are continuing to emerge daily on the hacking of Snowflake customers who have had their data stolen in what is shaping up to be one of the most significant attacks in years. So far, at least 165 of Snowflake’s customers, including household names like Ticketmaster, Santander Bank, and Advanced Auto Parts, have been identified as having their data impacted in this incident. 

While initial reports indicated that Snowflake itself had been hacked, with some evidence pointing to a former employee’s demo account having been compromised, this attack was actually far more interesting because of what it tells us about the current state of security in the cloud.

Continue reading →

Artificial Intelligence (AI) and Machine Learning (ML) are more than just trending topics, they’ve been influencing our daily interactions for many years now. AI is already deeply embedded in our digital lives and these technologies are not about creating a futuristic world but enhancing our current one. When wielded correctly AI makes businesses more efficient, drives better decision making and creates more personalized customer experiences.

At the core of any AI system is data. This data trains AI, helping to make more informed decisions. However, as the saying goes, "garbage in, garbage out", which is a good reminder of the implications of biased data in general, and why it is important to recognize this from an AI and ML perspective.

Continue reading →

Rapid solutions development has become the standard in the tech world, empowering organizations to be first to market and fast to acquire a return on their investment. However, achieving rapid development has become increasingly more difficult.

One of the main challenges to rapid development for today’s tech firms is the ever-increasing complexity of the tech world. New solutions must integrate with a virtually unending tech universe, and the factors that must be considered -- as well as the likelihood of conflicts -- have grown exponentially in recent years.

Continue reading →

Artificial intelligence is the biggest topic of 2024. While some are already tired of seeing AI constantly in the headlines, it will only become more prevalent. Keeping up with how it changes business practices is then critical. AI is undeniably disrupting most digital industries, including cybercrime.  

As a result, it is important to cut through the hype and get to the facts about AI. A lot has been said about AI's potential impact on the global ransomware threat, but what is the real impact?

Continue reading →

Cybercriminals are not new, and often neither are their tactics. Despite this, phishing attacks, which incorporate social engineering in emails and messages to persuade people to perform an action that puts organizations at risk, continue to be highly successful. New technologies, such as GenAI, are improving these tactics further and companies must implement a strategic approach built on a solid foundation of identity security to minimize risks.

The most glaring vulnerability within an organization stems from human error. Mistakes such as using weak passwords, reusing credentials across multiple platforms, or falling victim to phishing attacks, can provide malicious actors with an easy gateway into secure systems. Social engineering exploits the natural human inclination to trust, deceive employees into divulging sensitive information or unwittingly granting access. Despite widespread awareness campaigns, these tactics continue to succeed, highlighting the gap between knowledge and practice, which presents a major risk to organizations.

Continue reading →

In today’s post-pandemic world, businesses are looking to shift back into the office while leveraging the learnings from the pandemic. Digital operations are going to be the new normal. With business innovations increasingly helping enterprises provide faster and easier-to-consume services to customers, the digital way of business is continuously creating a much larger digital footprint than ever before.

However, continuously increasing digital footprint also means possible targets of cyberattacks are also increasing equally rapidly. What is interesting to note is while investments in cybersecurity are increasing, so have the cyberattacks. According to CrowdStrike, attackers are moving faster within enterprises after an initial breach, with the average time it takes to hit patient 1 after patient 0 (the typical indicator of lateral movement) falling from 84 minutes to 62 minutes in the last year. Unfortunately, while many enterprises are continuing to invest in cyber security, far few invest in cyber defense, yet everyone wants the assurance of cyber resilience.

Continue reading →

As technology evolves and becomes more accessible, providing new and exciting ways to make our lives easier, it’s easy to ignore the elephant in the room -- the huge amount of e-waste our appetite for consumption is causing. Ignorance has been bliss, but with research suggesting this year the UK could become the world’s biggest contributor to e-waste per head, transformative action is long overdue. 

While our drive to have the latest technology is natural, we need to consider what happens to old devices when we upgrade. 

Continue reading →

The following article continues the Cisco IoT series, shifting focus to the essential networking hardware that powers IoT solutions. Part one of the series explored the foundational elements of IoT routing and switching, emphasizing the critical role these components play in ensuring seamless connectivity and robust data flow. Building on that discussion, this piece will outline the significant opportunities in IoT networking and security that Cisco supports through its innovative hardware offerings.

IoT is a rapidly expanding area of networking with increasing use cases. It impacts various sectors, including healthcare and retail, by providing valuable security or cost-saving benefits through new forms of sensors. These sensors enable new capabilities such as better inventory management and improved products.

Continue reading →