Cybercriminals are incessantly coming up with new ways to compromise online systems and wreak havoc, creating an ever-growing need for cybersecurity practitioners in every organization across the globe who understand international security standards, such as the ISO27k family of standards.

If you’re looking to ensure that your company's data conforms to these standards, Cybersecurity and Privacy Law Handbook has got you covered.

Continue reading →

A record 26,448 software security flaws were reported by CISA last year, with the number of critical vulnerabilities (CVEs) up 59 percent from 2021 at 4,135.

The 2023 Annual Threat Intelligence Report, from the Deepwatch Adversary Tactics and Intelligence (ATI) team, also shows that the conflict between Ukraine and Russia has unleashed a flurry of amateur and state-sponsored attacks and breaches on organizations and critical infrastructure.

Continue reading →

Enterprise browser specialist Talon Cyber Security has announced that it has integrated its secure enterprise browser with the Microsoft Azure OpenAI Service to provide enterprise-grade ChatGPT access to customers.

This allows organizations to maintain data protection, keeping data put into ChatGPT within their perimeter and preventing it from transferring to third-party services. When using ChatGPT in Azure OpenAI Service, the organization uses its own Azure resources, so sensitive data is not delivered to other locations, improving data security and reducing risk.

Continue reading →

Thanks to increased cloud and container use there's a growing demand for machine identities, but delivering and managing those identities can present problems.

Machine ID specialist Venafi is launching a new tool called Firefly that enables security teams to easily and securely meet developer-driven machine identity management requirements for cloud native workloads by issuing machine identities, such as TLS and SPIFFE, locally and quickly across any environment.

Continue reading →

Issues with server configuration remain a major problem. Researchers at Censys have identified over 8,000 hosts on the internet misconfigured to expose open directories.

These directories contain potentially sensitive data, such as database information, backup files, passwords, Excel worksheets, environment variables, and even some SSL and SSH private keys. Exposure of these types of data in such an accessible manner can offer threat actors an easy way into an organization's network.

Continue reading →

In 2020 alone, 61 percent of businesses migrated their workloads to the cloud, with 48 percent actively choosing to store their most important data in the cloud.

But because cloud storage is out of sight it can sometimes be difficult to understand just how much data there is stored out there.

Continue reading →

Today, developers are used to running applications in the cloud. They are accustomed to using software containers and building applications using microservices components connected by APIs. Gartner estimates that more than 90 percent of global organizations will be running containerized applications in production by 2027, up from less than 40 percent in 2021. Similarly, the company has predicted that 70 percent of organizations will complement continuous delivery for their applications with continuous infrastructure automation to improve business agility by 2025.

From an infrastructure perspective, this means Kubernetes. However, Kubernetes was initially built to manage stateless application components rather than the rest of the infrastructure that goes to make up IT systems. For the other elements involved, such as databases, containerization had to be made to fit.

Continue reading →

Businesses are engaged in a constant cat-and-mouse game with hackers, attackers, and bad actors in order to stay secure.

Dominic Lombardi, VP of security and trust at Kandji believes that in order to stay ahead it's necessary to master basic IT and security hygiene, update and communicate your risk register, and work steadily toward a zero-trust security model. We spoke to him to discover more.

Continue reading →

Vivaldi Technologies has unveiled Vivaldi 6.0 for Windows, Mac, Linux and Android, a major new release of its customizable web browser.

Version 6.0 lands with two heavyweight new features: an additional layer of tab organization called Workspaces, and support for custom icons on the browser toolbar.

Continue reading →

The financial impact of a ransomware attack can cost businesses up to 30 percent of their operating income, with smaller enterprises hit proportionally harder.

A new report from ThreatConnect looks at the financial impact of ransomware attacks on small ($500M), medium ($1.5B) and large ($15B) organizations within healthcare, manufacturing, and utilities.

Continue reading →

In a drive for network transformation, 98 percent of enterprise IT leaders say they plan to increase their dependence and investment in cloud services.

The latest Enterprise Network Transformation report from SASE solutions company Aryaka finds that although an uncertain economy is impacting network and security team investments CIOs, CISOs and IT leaders are doubling down on investment in the cloud.

Continue reading →

Despite relatively low awareness of passwordless technology, 65 percent of North American consumers report they’d be open to using new technology that makes their lives simpler.

A new report from 1Password shows that 80 percent say they care about their online privacy and actively take measures to protect it. But it's clear that they also believe we can do better than passwords for both security and ease of use.

Continue reading →

Most businesses will complete regular risk assessments as standard practice. They’re crucial to reducing the threat of financial or reputational loss and give you an overview of the high-risk areas you must address.

One type of risk analysis that is critical but sometimes overlooked is a cybersecurity risk assessment. In today’s digital-first world, it’s difficult to overstate the importance of analyzing and addressing threats to your IT security. Making it a regular occurrence is also advised because cybercriminals are finding new holes in your defenses every day.

To address these threats, full and frequent cybersecurity audits are necessary to review:

Continue reading →

A malware toolkit dubbed 'Decoy Dog' has command-and-control (C2) propagated to a Russian IP and is selectively targeting organizations worldwide -- and going undetected.

The Infoblox Threat Intelligence Group is the first to discover Decoy Dog and the company is collaborating with other companies in the security industry, as well as customers, to identify and disrupt this activity.

Continue reading →

Popular online platforms such as Netflix, Facebook, and Steam are being used to spread cyber attacks as criminals focus on consumers' favorite online activities.

The latest consumer threat guide from F-Secure finds the most imitated social media platform used to spread phishing threats in 2022 was Facebook at 62 percent. Steam, the largest distribution platform for PC games, was the most popular gaming platform to spoof at 37 percent.

Continue reading →