Issues with server configuration remain a major problem. Researchers at Censys have identified over 8,000 hosts on the internet misconfigured to expose open directories.

These directories contain potentially sensitive data, such as database information, backup files, passwords, Excel worksheets, environment variables, and even some SSL and SSH private keys. Exposure of these types of data in such an accessible manner can offer threat actors an easy way into an organization's network.

Businesses are engaged in a constant cat-and-mouse game with hackers, attackers, and bad actors in order to stay secure.

Dominic Lombardi, VP of security and trust at Kandji believes that in order to stay ahead it's necessary to master basic IT and security hygiene, update and communicate your risk register, and work steadily toward a zero-trust security model. We spoke to him to discover more.

The financial impact of a ransomware attack can cost businesses up to 30 percent of their operating income, with smaller enterprises hit proportionally harder.

A new report from ThreatConnect looks at the financial impact of ransomware attacks on small ($500M), medium ($1.5B) and large ($15B) organizations within healthcare, manufacturing, and utilities.

In a drive for network transformation, 98 percent of enterprise IT leaders say they plan to increase their dependence and investment in cloud services.

The latest Enterprise Network Transformation report from SASE solutions company Aryaka finds that although an uncertain economy is impacting network and security team investments CIOs, CISOs and IT leaders are doubling down on investment in the cloud.

Despite relatively low awareness of passwordless technology, 65 percent of North American consumers report they’d be open to using new technology that makes their lives simpler.

A new report from 1Password shows that 80 percent say they care about their online privacy and actively take measures to protect it. But it's clear that they also believe we can do better than passwords for both security and ease of use.

A malware toolkit dubbed 'Decoy Dog' has command-and-control (C2) propagated to a Russian IP and is selectively targeting organizations worldwide -- and going undetected.

The Infoblox Threat Intelligence Group is the first to discover Decoy Dog and the company is collaborating with other companies in the security industry, as well as customers, to identify and disrupt this activity.

Popular online platforms such as Netflix, Facebook, and Steam are being used to spread cyber attacks as criminals focus on consumers' favorite online activities.

The latest consumer threat guide from F-Secure finds the most imitated social media platform used to spread phishing threats in 2022 was Facebook at 62 percent. Steam, the largest distribution platform for PC games, was the most popular gaming platform to spoof at 37 percent.

Recent supply chain attacks such as SolarWinds, Log4j and 3CX have highlighted the need to protect the software supply chain as well as the potential consequences of failing to properly assess the integrity of software.

A new report from software supply chain security management company Lineaje looks at the composition of open-source software and assesses the risks associated with its usage.

As information technology and operational technology increasingly converge it presents new challenges for organizations needing to keep their systems secure.

There's also been something of a shift in the focus of attacks with more emphasis on causing business disruption and damaging reputations.

As enterprises move to cloud and hybrid models they face a range of new challenges in protecting their data.

A new study from Enterprise Strategy Group (ESG), released by Commvault and Microsoft, finds that 53 percent of respondents say their IT environment was more complex than it was two years ago.

Phishing attack volumes increased by 102 percent in the first quarter of 2023 according to a new report from email security and threat detection company Vade.

In the first quarter of this year Vade detected 562.4 million phishing emails, passing the previous quarter's total by 284.8 million. January accounted for the highest volume of phishing emails in Q1 with 488.5 million.

In the 12 months from April 2022 to March 2023 the US and UK were the countries that suffered the most ransomware attacks.

However, the latest Malwarebytes ransomware report shows that the USA suffered a little over seven times more attacks in the last twelve months than the UK. It's perhaps not a coincidence that the USA's economic output, measured by gross domestic product (GDP), is also about seven times larger than the UK's.

A new report from cyber asset visibility and management company JupiterOne shows numbers of enterprise cyber assets have increased by 133 percent year-on-year, from an average of 165,000 in 2022 to 393,419 in 2023.

Organizations have also seen the number of security vulnerabilities, or unresolved findings, increase by 589 percent according to the report which analyzed more than 291 million assets, findings, and policies to establish the current state of enterprise cloud assets, including cloud and physical environments of devices, networks, apps, data, and users.

Cybersecurity teams are suffering from the economic squeeze with 63 percent of US security professionals having their department's budget cut in 2023 according to research from Pentest as a Service (PtaaS) company Cobalt.

Of those who encountered layoffs or budget cuts, almost all US (95 percent) and EMEA (84 percent) professionals say their role has changed. This has caused many in the US to feel burnt out (61 percent), more than those in EMEA (29 percent).

It used to be the case that all you had to worry about with ransomware was encrypted data, but the latest Cyberthreat Defense Report (CDR) from CyberEdge Group reveals that last year 78 percent of ransomware victims faced the consequences of one, two or three additional threats unless they paid the ransom.

Additional threats include launching distributed denial of service (DDoS) attacks (42 percent), notifying customers or the media of the data breach (42 percent), and publicly releasing exfiltrated data (40 percent).