• Article

Alongside traditional approaches like software vulnerabilities and misconfigurations in applications, hackers are constantly looking for new ways to get into devices and corporate networks. Two of the biggest growing threats are Search Engine Optimization (SEO) poisoning and Malvertising.

SEO Poisoning is where hackers lure victims to legitimate websites by populating them with content on topics of interest to potential victims. For example, Gootloader, an Initial-Access-as-a-Service operation, targets law professionals because they handle sensitive business data that can be extremely valuable. Hackers use Gootloader to get a foothold into an organization’s IT environment and then spread laterally through the entity’s IT network to implant ransomware or exfiltrate data.

Continue reading →

2023 looks set to be yet another record-breaking year for ransomware attacks. According to Statista, over 72 percent of businesses worldwide have already been affected by ransomware attacks this year, with LockBit3.0 and CI0p Ransomware claiming the bulk of victims last quarter.

The scourge of modern digital businesses everywhere, the proliferation of ransomware shows no sign of slowing down thanks to the rise of ransomware-as-a-service (RaaS) platforms -- so much so that it has become the most prevalent issue confronting organizations today.

Continue reading →

A new global study of over 1,600 software testers reveals that 78 percent have already adopted some form of AI to improve productivity.

The report from LambdaTest also shows companies are working to respond to the need for greater software reliability with 72 percent of organizations involving testers in 'sprint' planning sessions, signaling a substantial shift towards software quality being considered earlier in the software development lifecycle.

Continue reading →

While we all know email is a big target for attackers, it’s important to remember that email is not the only risk vector. As companies use more tools and features, the risks grow too. Email is just one piece of the puzzle, which is why it is crucial to consider a wide range of employee security behaviors to get a holistic view of your risks. By doing so, you can focus resources more efficiently.

Human Risk Management (HRM) is a vital part of cyber security. Even if you have technological safeguards in place, HRM plays a substantial role in your overall security stance. Here I highlight some of the employee cyber risks that often get overlooked and how we can better keep an eye on them in real time.

Continue reading →

The demands of daily lives increasingly mean that we want to be connected wherever we are. Add in the shift to hybrid working and we’re likely to want to be in touch with the office all the time too.

That makes the lure of free public Wi-Fi, whether it's in a coffee shop, a hotel or an airport, hard to resist, especially if you have a limited data allowance on your mobile contract. But of course using public networks always comes with a side order of added risk.

Continue reading →

As we approach the end of 2023, the Linux community receives a delightful surprise: the December refresh of Mabox Linux 23.12. This update is not just a routine upgrade; it introduces the latest Long-Term Support (LTS) kernel 6.6, ensuring enhanced stability and longevity for users.

That 6.6 kernel promises support until December 2026, aligning with Mabox's commitment to long-term reliability. Additionally, Mabox hasn't forgotten its legacy hardware users, offering an alternative ISO with the older yet reliable LTS 5.4 kernel. Users can install multiple kernels, from the latest 6.6 to the sturdy 4.19 version, and select their preferred one at boot time.

Continue reading →

When we want to secure something highly valuable, say, a bag of ancient Spanish coins worth millions, we think of locking it behind as many layers as possible. For example, you might put it in a safe deposit box in a bank vault, nestled safely inside the institution that is itself blanketed with redundant physical security controls.

As organizations have become increasingly complex, so too have their associated layers of security around application access. Enterprises have tremendous amounts of applications and data, as well as users and devices with differing levels of permissions trying to access that data. To provide a consistent, IT-vetted method of creating, managing, storing, and authenticating the complexity of application access, we have arrived at Identity Provider (IdP) tools. IdPs are (typically) cloud-hosted services that store unique information used to identify users, organizations, and devices ("digital identities"), authenticate access requests, add/remove users, and provide security around these functions. Popular examples of solutions often used for IdP functionality include Okta, Microsoft Azure AD, and Duo.

Continue reading →

The IT and cloud computing landscape has grown and evolved in 2023, and it’s poised to continue developing in 2024. Companies worldwide are actively adapting to the dynamics of a post-pandemic world. In this pursuit of resilience and innovation, we anticipate the emergence of four key trends that will shape the new year. These trends encompass technological advancements and shifting IT paradigms regarding spending, loyalty and governance.

Here are four trends we will likely see in the new year.

Continue reading →

WhatsApp has launched a new way to help protect your sensitive conversations, extending the capabilities of Chat Lock which rolled out earlier in the year.

The newly added feature makes it possible to both password-protect and hide those chats you don't want anyone else to see. These hidden conversations can only be accessed by those who know of their existence and who have the necessary code to make them visible.

Continue reading →

There have been questions, hopes and rumors about Windows 12 for quite some time now, and as time goes by this is something that shows no signs of changing. We've already had hints about the successor to Windows 11 from Intel, and now Taiwanese business media has offered up more information.

According to a report in the Commercial Times, we don't have long to wait until Microsoft releases Windows 12. Timed to coincide with the rising interest in AI PCs, Windows 12 is said to be due to launch in June 2024.

Continue reading →

In today’s digital age, the landscape of fraud is evolving at an alarming pace. Victim profiles, which used to skew heavily toward the elderly and infirm, now include younger, fully functioning adults. In 2022, 20-59-year-olds reported 63 percent of all fraud in the United States. Industries being targeted by fraudsters are evolving as well, and now include those in crypto and gaming.

In the past, most adults were able to see through scams and avoid them. However, the introduction of generative AI has been a game changer, transforming ordinary schemes into highly sophisticated efforts. Generative AI, a subset of artificial intelligence (AI), is making waves in the world of cybercrime. It is a technology that can generate content that is virtually indistinguishable from human-created content. Whether it's producing convincing text, images, or audio, generative AI leverages deep learning and neural networks to create highly realistic and persuasive output at scale. Shady third-world country call centers have been replaced by autonomous AI tools. This capability has become a powerful tool in the hands of fraudsters.

Continue reading →

Starting from today, a new Google inactive account policy comes into effect which means that accounts that haven't been active for two years will be deleted.

So, what counts as 'activity'? Google provides a helpful list:

Continue reading →

Microsoft has released the KB5032278 update for Windows 10 22H2, bringing a number of changes and improvements including the arrival of Copilot.

This is an optional update because it is a preview of next month's patch, and because it is a preview it is a non-security update. In addition to bringing Copilot to anyone outside of the EU, the KB5032278 update also includes numerous other changes, additions and fixes.

Continue reading →

Recent cyber attacks have seen not just the usual monetary motives but also the rise of espionage attempts with attacks on government officials.

So how can organizations, both public and private sector, protect their most valuable assets? We spoke to Glenn Luft, VP of engineering at Archive360, to find out.

Continue reading →

An APK teardown of Microsoft's Link to Windows app for Android (also known as Phone Link and Your Phone) shows that the company is working to bring a handy feature to handsets -- webcam functionality.

Code shows that Microsoft appears to be working on a feature to rival Apple's Continuity Camera, the feature that makes it possible to use an iPhone as a webcam in conjunction with a Mac. Now it seems that Android users are going to get a similar option under Windows.

Continue reading →