A new report from Vanta shows 67 percent of businesses say they need to improve security and compliance measures with 24 percent rating their organization's security and compliance strategy as reactive.

The expansion of attack surfaces in a post-pandemic hybrid world, combined with shrinking teams and budgets and the rapid rise of generative AI, are fueling an urgent need for companies to improve, and prove, their security posture.

Continue reading →

A new poll of over 500 security decision makers and developers shows a disconnect and even some distrust between CISOs and developers relating to how security-conscious each department is within the organization and what their roles are.

The Harris Poll conducted for Chainguard finds a majority of both developers and CISOs view software supply chain security as a top priority in their roles (70 percent and 52 percent respectively).

Continue reading →

Given all the interest in AI at the moment it's no surprise that cybercriminals are keen to cash in with a rise in AI themed attacks.

One way of doing this is with a .ai domain name. An unexpected beneficiary of this is the British Overseas Territory of Anguilla which has .ai as its country code.

Continue reading →

A major new threat has made its presence felt in the last few months. Cybercriminals have expanded the use of screen spoofing or overlay attacks from web applications to trusted mobile apps.

What’s more, the availability of as-a-service technology has lowered the threshold for attacks. We spoke to Dr. Klaus Schenk, SVP security and threat research at Verimatrix, to learn more about how these attacks work and what can be done to guard against them.

Continue reading →

The risks from shadow and unauthorized apps have been known for years, but new research from Armis finds employees of 67 percent of UK organizations are introducing risk to the business by downloading applications and software onto assets without the knowledge or management of IT or security teams.

In addition the study, carried out by Vanson Bourne, finds 39 percent of enterprises admit to feeling challenged by increasingly complicated regulations and governance requirements.

Continue reading →

A new report from access management platform Cerby highlights the critical need for best practices for businesses and political leaders to secure their accounts as the November 2024 US elections quickly approach.

Researchers analyzed social media platforms Facebook, Twitter (X), Instagram, TikTok, and YouTube across six key security parameters. The report provides detailed insights into gaps in their support for enterprise-grade authentication and authorization.

Continue reading →

Many people choose to browse the internet using a VPN because it offers a number of benefits including privacy and safety, and this is true whatever operating system you use.

With the launch of an all new app for Linux, Proton VPN is offering users of the open source OS greater functionality and a more intuitive interface. The Proton VPN Linux app natively supports Proton VPN's core security and privacy features.

Continue reading →

A new survey of 800 security and IT leaders from large organizations shows 76 percent of security and IT pros believe we are heading towards a cloud reckoning in terms of costs and security.

The study from Venafi finds that 84 percent believe Kubernetes will soon be the main platform used to develop all applications. But, three-quarters worry that the speed and complexity of Kubernetes and containers is creating new security blind spots.

Continue reading →

As businesses look to manage their cybersecurity risk, many have turned to insurance to cover the financial implications of a successful breach.

However, insurers naturally want to limit their own exposure to risk and the small print of the policy may limit some claims. In particular this can apply to IoT devices which represent a major unprotected attack surface in corporate networks.

Continue reading →

Passkeys are often touted as being the way to achieve a passwordless future. But as yet passkeys are supported by only a small number of websites. Passkeys are a safer, more efficient way of authenticating users, but it will be a long time before they become the norm -- if indeed they ever become the norm.

We talked to Darren Guccione, CEO and co-founder of Keeper Security, to discuss the use cases for passkeys, the barriers to mass adoption and how users can adopt and secure passkeys in conjunction with their passwords.

Continue reading →

A new report from Dashlane finds that password health and hygiene have improved globally over the past year, reducing the risk of account takeover for consumers and businesses.

However, reuse is still widespread leaving user accounts particularly vulnerable to password-spraying attacks if they’re not protected by strong multi-factor authentication.

Continue reading →

We're all familiar with link shortening services, those handy tools that allow you to shrink URLs down to a manageable size to make them easier to share.

Of course in the past these have been used for nefarious purposes too, hiding the true nature of a link to get people to click on phishing or malware messages. Now though researchers at Infoblox have uncovered something even more sinister, the operation of a shady link shortening service made especially for cybercrime.

Continue reading →

It's been another profitable year for the cybercriminal underworld. Once again, headlines have been regularly dominated by serious breaches such as the Royal Mail and Capita, whilst behind the scenes, criminal gangs have raked in huge profits.

The shadow economy of the dark web has continued to thrive and develop as a mirror of the legitimate business world. Threat actors are increasingly well-organized, from highly developed ransomware-as-a-service (RaaS) offerings to extremely lucrative vulnerability trading. Here, we'll delve into the most prominent trends driving the bustling dark web economy -- and how organizations can defend themselves against such threats.

Continue reading →

The UK cybersecurity workforce gap has reached a record high, with 73,439 professionals needed to adequately safeguard digital assets, representing a 29.3 percent increase over 2022.

Research by security professionals organization ISC2 shows the UK cybersecurity workforce has reached 367,300 people, an 8.3 percent increase from 2022, representing more than 28,000 new jobs.

Continue reading →

A new report from HP Wolf Security reveals cybercriminal marketplaces offering low-level attackers the tools needed to bypass detection and infect users in the form of so-called 'meal kits'.

These are pre-packaged malware kits which give low-level attackers all the ingredients to evade detection tools, making it easier for them to breach organizations and steal sensitive data.

Continue reading →