Articles about cybersecurity

CISOs are under the microscope to prove they can reduce vulnerabilities in the software development life cycle -- particularly, that they can do so from the start of code creation. As such, CISOs are searching for the most effective way to ensure the security awareness of their developers before they take on the responsibility of writing and introducing code.

Secure Code Warrior's co-founder and CTO, Matias Madou, believes that a 'gatekeeping' standard -- where developers are incrementally given access to more sensitive projects -- is the key to building a strong foundation for secure coding processes.

Continue reading →

Machine learning (ML) and AI tools raise concerns over mis- and disinformation. These technologies can 'hallucinate' or create text and images that seem convincing but may be completely detached from reality. This may cause people to unknowingly share misinformation about events that never occurred, fundamentally altering the landscape of online trust. Worse -- these systems can be weaponized by cyber criminals and other bad actors to share disinformation, using deepfakes to deceive.

Deepfakes -- the ability to mimic someone using voice or audio and to make them appear to say what you want -- are a growing threat in cybersecurity. Today the widespread availability of advanced technology and accessible AI allows virtually anyone to produce highly realistic fake content.

Continue reading →

Deepfakes are becoming more and more sophisticated, earlier this year a finance worker in Hong Kong was tricked out of millions following a deepfake call.

With the deepfake fast becoming a weapon of choice for cybercriminals, we spoke to Bridget Pruzin, senior manager -- compliance and risk investigations and analysis at Convera, to learn why she believes a 'Swiss cheese' approach, layering controls like unique on-call verification steps and involving in-person verification, is crucial to effectively defend against these scams.

Continue reading →

Cybersecurity has never been something to set once and leave running in the background -- it is a constantly evolving landscape. While the migration of data and applications to the cloud provides numerous business benefits, many organisations struggle to secure their networks against rapidly changing cyber threats. Ransomware attackers have understood the value of targeting smaller organisations and tailoring attacks to take advantage of businesses they believe will pay up immediately (and often with the backing of cyber insurance) rather than invest in defences. 

Tight security for data and resources is now the difference between operations running smoothly or being disrupted to the point that businesses are forced to close entirely. But how can SMBs achieve comprehensive security management and threat intelligence on a budget? Partnerships and alliances provide the solution.

Continue reading →

Every day it seems we read another story about one company or another being targeted by cybercriminals. It makes some of us wonder: am I safe online? The good news is that we can all be cybersecure -- and it doesn’t take a degree in computer science to make it happen!

Cybersecurity For Dummies is the down-to-earth guide you need to secure your own data (and your company’s, too).

Continue reading →

Microsoft researchers have revealed a series of medium-severity vulnerabilities within OpenVPN, an essential open-source VPN solution embedded in myriad routers, PCs, and smart devices worldwide. The vulnerabilities, if exploited, could allow attackers to execute remote code and escalate privileges, gaining unauthorized access to potentially millions of devices.

The research team demonstrated how these vulnerabilities could be chained together to form a potent attack sequence, culminating in attackers taking complete control over affected devices. This complex attack vector requires user authentication and a sophisticated understanding of OpenVPN’s architecture, highlighting the need for robust security measures.

Continue reading →

The exposure of an organization's sensitive data or personal customer records can be detrimental to a company’s reputation. It may also result in severe financial implications due to regulatory fines and associated legal fees. Therefore, organizations must enhance their cybersecurity landscape as cybercrime and ransomware attacks increase exponentially.

This is supported by findings from the recent UK Cyber Security Breach Survey 2024, which states that 50 percent of UK businesses reported to have suffered a cyber-attack or breach in the last 12 months. Equally concerning is the global average cost of a breach which reached up to $4.45 million in 2023 according to Statista.

Continue reading →

The world's critical national infrastructure remains on high alert. The National Cyber Security Centre in the UK and agencies in the US, Australia, Canada and New Zealand have all detailed how threat actors have been exploiting native tools and processes built into computer systems to gain persistent access and avoid detection.

We spoke to Chase Richardson, lead principal for cybersecurity and data privacy at Bridewell to discuss the critical trends and emerging dangers that cyber teams need to continue to watch out for?

Continue reading →

New research suggests that managed service providers (MSPs), which have historically expected to manage IT infrastructure for their customers, are increasingly expected to protect this infrastructure too.

The study from CyberSmart of 250 senior leaders at UK-based MSPs, finds that 65 percent of MSP customers now expect their provider to manage either their cybersecurity infrastructure or both their cybersecurity and IT infrastructure.

Continue reading →

People can make mistakes, well-intentioned or otherwise, in any walk of life or industry. It happens all the time.

Take the cybersecurity industry, for example. Just over two weeks ago, the well-publicized Microsoft outage caused by CrowdStrike's corrupted software update wreaked havoc across the world.

Continue reading →

Recent attacks have highlighted the vulnerability of industrial control systems to attack and a new report has found 18,000 exposed devices that are likely used to control industrial systems.

The report, from internet intelligence platform Censys, focuses on ICS devices in the US and UK and also finds that almost 50 percent of the human-machine interfaces associated with water and wastewater systems (WWS) identified could be manipulated without any authentication required.

Continue reading →

While CISOs are often responsible for technology implementation, they are not getting the support they need at a strategic level according to a new report.

The study from LevelBlue looks at the dynamics among enterprise C-suite executives to better understand issues that prevent risk reduction, stall or complicate compliance, and create barriers to cyber resilience.

Continue reading →

In today's digital landscape, an organisation's C-suite and senior executives hold the most valuable corporate data and sign-off authorities, representing the highest potential risk over email. Whether it's inbound spear phishing attacks or outbound mistakes resulting in a damaging data breach, the C-suite are vulnerable.

But what do cybercriminals want from these individuals, are breaches always a result of external actors, and what can organisations do to protect their top decision-makers?

Continue reading →

While digital certificates are an essential part of day-to-day security they also present challenges. They can expire or be revoked, or even forged.

We spoke to Bert Kashyap, CEO of passwordless security platform SecureW2, to learn more about certificate-related vulnerabilities and what IT and security teams can do to deal with them effectively.

Continue reading →

Ransomware groups continue to refine their craft, building and scaling business models that resemble legitimate corporate enterprises according to a new report.

The latest Ransomware Radar Report from Rapid7 finds smaller organizations are becoming a more frequent target too. Companies with annual revenues around $5 million are falling victim to ransomware twice as often as those in the $30-50 million range and five times more frequently than those with a $100 million revenue.

Continue reading →