Over the years, security vendors have pushed companies to integrate their tools into the DevOps pipeline with the promise of being able to move faster and be more secure.

However, as businesses have matured their DevSecOps practices the more they have been hit by mountains of reported vulnerabilities and problems that have slowed them down. So, has DevSecOps failed in its promise? We talked to Eitan Worcel, CEO at Mobb, to find out.

According to a new study, 89 percent of cybersecurity professionals agree that their company's sensitive data is increasingly vulnerable to new AI technologies.

The study of 700 respondents across cybersecurity roles, conducted by Vanson Bourne for Code42, also finds that 87 percent are concerned their employees may inadvertently expose sensitive data to competitors by inputting it into GenAI. In addition 87 percent are concerned their employees are not following their GenAI policy.

Over 70 percent of respondents to a new survey say they feel their current security stack is highly effective against image-based and QR code phishing, however, 76 percent report being compromised by these types of attacks within the past year.

The study of 300 IT and security professionals across a variety of industries and geographies, from Osterman Research for IRONSCALES, shows almost 93 percent of IT and security professionals are aware of image-based phishing attacks targeting their organizations, and nearly 79 percent say the same about QR code attacks.

Towards the end of last year the American Airlines pilot union was hit with a ransomware attack. This is just one of a growing number of attacks targeting the aviation sector.

What makes the aviation industry such an attractive target and how can it protect itself? We spoke to Marty Edwards, deputy CTO for OT/IoT at Tenable, to find out.

Staff at various levels work in multiple cybersecurity functions according to the latest report from IANS research and recruitment specialist Artico Search.

It finds 42 percent have responsibilities that span multiple cybersecurity domains. Of the AppSec staff, 74 percent also contribute to product security and 67 percent are involved in identity and access management (IAM).

There is an increasing level of crossover and connectivity between IT, operational technology (OT) and IoT assets, which raises the risk of cyberattacks originating in IT systems and then spreading into OT environments.

To help businesses address this risk Tenable is launching a new exposure management platform that provides holistic visibility into assets across IT and OT environments.

A new study reveals that 92 percent of companies surveyed had experienced a breach in the past year due to vulnerabilities of applications developed in-house.

The report from Checkmarx shows that in recent years the responsibility for application security has shifted away from dedicated security teams and is now shared between AppSec managers and developers.

Globally, the average number of DDoS attacks per customer grew by 94 percent in 2023, according to a new report from Radware.

"The technological race between good and bad actors has never been more intense," says Pascal Geenens, Radware's director of threat intelligence. "With advancements like Generative AI, inexperienced threat actors are becoming more proficient and skilled attackers more emboldened. In 2024, look for attack numbers to climb and attack patterns, like the shift in Web DDoS attacks, to continue to evolve."

Sadly, there has never been a better phrase than ‘survival of the fittest’ to describe cyber criminal groups. They are constantly refining their tactics to cause greater disruption and earn even bigger profits. The ransomware ecosystem is a resilient and lucrative business model, and attacks are causing huge pain for organizations.

Just look at the recent attack on the British Library. The attack rendered the British Library’s website inoperative, and it’s been reported the institution may have to spend £7 million to recover. The Rhysida group, who were responsible for the attack, disseminated hundreds of thousands of confidential documents on the internet, encompassing both customer and employee information.

As commercial adoption of cloud technologies continues, cloud-focused malware campaigns have increased in both sophistication and number.

A new report from Cado Security is based on analysis of real-world techniques employed by attackers using honeypot infrastructure. Last year Cado introduced 'Cloudypots', a new, more sophisticated, high-interaction honeypot system.

The nature of cybersecurity is such that much of the work goes on in the background. People notice when there's a problem but not when there isn't.

A new report from CybSafe shows that 31 percent of enterprise workers in the US and UK would like to see more transparency around what the cybersecurity team does.

Tails 6.0, the newest version of the privacy-focused Linux distribution, is now available for download. It is notable for being the first version of Tails to be based on Debian 12 (Bookworm) and use the GNOME 43 desktop environment. This update also introduces a host of new features, security enhancements, and usability improvements, alongside updated versions of the majority of the software included in Tails.

In Tails 6.0, users will find a new error detection feature for the Persistent Storage, which alerts them about errors when reading or writing from the Tails USB stick. This helps in diagnosing hardware failures and prompts users to backup their Persistent Storage before it's too late. The update also brings automatic mounting of external devices. When an external storage device is plugged in, Tails 6.0 mounts it automatically, and if the device contains an encrypted partition, it offers to unlock the encryption automatically.

A new report reveals that 81 percent of organizations have public-facing neglected cloud assets with open ports, making them prime targets for attackers who routinely perform reconnaissance to detect exposed ports and known vulnerabilities.

The report from Orca Security is based on analysis of data from billions of cloud assets on AWS, Azure, Google Cloud, Oracle Cloud, and Alibaba Cloud scanned by the Orca Cloud Security Platform in 2023.

The percentage of codebases with high-risk open source vulnerabilities -- those that have been actively exploited, have documented proof-of-concept exploits or are classified as remote code execution vulnerabilities -- increased from 48 percent in 2022 to 74 percent in 2023, according to new research.

The Open Source Security and Risk Analysis (OSSRA) report from Synopsys is based on findings from more than 1,000 commercial codebase audits across 17 industries. While codebases containing at least one open source vulnerability remain consistent year-on-year at 84 percent, significantly more codebases contained high-risk vulnerabilities in 2023.

A new survey from Viakoo shows that only 50 percent of IT leaders are confident in their Internet of Things security and that 55 percent of IoT cyber incidents could have been prevented with better security measures.

In addition 71 percent say they wish they had started their IoT security efforts differently in order to remediate issues faster.