The UK cybersecurity workforce gap has reached a record high, with 73,439 professionals needed to adequately safeguard digital assets, representing a 29.3 percent increase over 2022.

Research by security professionals organization ISC2 shows the UK cybersecurity workforce has reached 367,300 people, an 8.3 percent increase from 2022, representing more than 28,000 new jobs.

Continue reading →

A new report from HP Wolf Security reveals cybercriminal marketplaces offering low-level attackers the tools needed to bypass detection and infect users in the form of so-called 'meal kits'.

These are pre-packaged malware kits which give low-level attackers all the ingredients to evade detection tools, making it easier for them to breach organizations and steal sensitive data.

Continue reading →

"Are we secure?" For most security leaders, this is one of the most daunting questions they can be asked. While it may seem like a basic inquiry for those in leadership positions, for those on the ‘cybersecurity front line’, thinking in these terms is far too vague and oversimplifies a complex and ever-evolving threat landscape.

Instead, management and IT teams need to shift their thinking to a far more appropriate measure of security:  "Are we adversary aligned?" But what does adversary alignment really mean?

Continue reading →

A new survey of over 300 cybersecurity professionals from SlashNext looks at cybercriminal behavior and activity on the Dark Web particularly as it relates to leveraging Generative AI tools and chatbots and finds a startling 1,265 percent increase in malicious phishing emails since the launch of ChatGPT in November 2022.

It also shows a 967 percent increase in credential phishing in particular and that 68 percent of all phishing emails are text-based Business Email Compromise (BEC) attacks.

Continue reading →

Over the last two years, the average organization's cybersecurity program was prepared to preventively defend against, or block, just 57 percent of the cyberattacks it encountered. This means 43 percent of attacks launched are successful and need to be remediated after the fact.

This is among the findings of a new report from Tenable, based on a survey of over 800 IT and cybersecurity leaders carried out by Forrester Consulting.

Continue reading →

The shift to remote and hybrid working has led to many problems for IT teams, not least that it offers an expanded attack surface. Add in the threat from cybercriminals looking to capitalize on advanced AI capabilities to create malware and you have some major challenges.

We spoke to Doug Kersten, CISO of enterprise collaboration specialist Appfire, to discuss the key security challenges product and DevOps teams face today and how to overcome them.

Continue reading →

Nearly 87 percent of Android and 60 percent of iOS apps request access to device functions unrelated to their performance, according to new research by NordVPN.

Researchers analyzed the most popular mobile apps globally in 18 categories. They found that up to 14 percent of apps collect more unnecessary than necessary data for the apps' performance and only eight percent collect no unnecessary data. On average, every fifth requested permission was not actually needed for the app’s functionality.

Continue reading →

This week Malwarebytes has launched a new identity theft protection solution aimed at individuals, helping them secure their digital identities and defend against identity and online threats.

Called -- imagine how many meetings it must have taken! -- Identity Theft Protection, it includes real-time identity monitoring and alerts, robust credit protection and reporting and live agent-supported identity recovery and resolution services, all backed by up to a $2 million identity theft insurance policy.

Continue reading →

One of the effects of the pandemic and the shift to remote and hybrid working has been that organizations have become increasingly reliant on messaging tools like Teams and Slack.

But new research from CybSafe shows that 47 percent of workers have received no training in the use of these platforms and could be putting themselves and their employers at risk.

Continue reading →

Ethical hacking company HackerOne has announced that its ethical hacker community has surpassed $300 million in total all-time rewards on the HackerOne platform.

The company's 2023 Hacker-Powered Security Report also shows 30 hackers have earned more than a million dollars on the platform, with one hacker surpassing four million dollars in total earnings.

Continue reading →

OpenText Cybersecurity has released its sixth annual look at the threat landscape to reveal the most notorious malware trends.

This year four new ransomware gangs, believed to be a new generation of previous big players, top the list. Newcomer Cl0p takes the prize for this year's nastiest malware after commanding exorbitant ransom demands with its MOVEit campaign.

Continue reading →

We all know that you shouldn't share your passwords with anyone else. But the world is a complex place and there are occasions when it's necessary to send someone a login -- sharing access to a business social media account for example -- or other sensitive information.

Email, SMS, Post-it notes, etc are not secure ways to do this, so Proton is launching a new Secure Password Sharing feature for its Proton Pass password manager.

Continue reading →

It’s almost impossible to escape the hype around artificial intelligence (AI) and generative AI. The application of these tools is powerful. Text-based tools such as OpenAI’s ChatGPT and Google’s Bard can help people land jobs, significantly cut down the amount of time it takes to build apps and websites, and add much-needed context by analyzing large amounts of threat data. As with most transformative technologies, there are also risks to consider, especially when it comes to cybersecurity.

AI-powered tools have the potential to help organizations overcome the cybersecurity skills gap. This same technology that is helping companies transform their businesses is also a powerful weapon in the hands of cybercriminals. In a practice, that’s sometimes referred to as offensive AI, where cybercriminals use AI to automate scripts that exploit vulnerabilities in an organization’s security system or make social engineering attacks more convincing. There’s no doubt that it represents a growing threat to the cybersecurity landscape that security teams must prepare for.

Continue reading →

Securing the software supply chain presents many challenges. To make the process easier OX Security recently launched OX-GPT, a ChatGPT integration aimed specifically at improving software supply chain security.

We spoke to Neatsun Ziv, co-founder and CEO of OX Security, to discuss how AI can present developers with customized fix recommendations and cut and paste code fixes, allowing for quick remediation of critical security issues across the software supply chain.

Continue reading →

New research from Salt Labs highlights API security vulnerabilities uncovered in the social sign-in and Open Authentication (OAuth) implementations of multiple online companies.

Sites affected include Grammarly, Vidio, and Bukalapak. The flaw has now been fixed but could have allowed for credential leakage and enabled full account takeover. Salt Labs also reports that 1,000s of other websites using social sign-in mechanisms are likely to be vulnerable to the same type of attack, putting billions of individuals around the globe at risk.

Continue reading →