Ian Barker

Business email compromise (BEC) attacks are a major issue and are reckoned to have accounted for over a third of all financial losses from cyberattacks in 2021.

While not as common as phishing, BEC is a serious threat and it's not just in English-speaking countries. Abnormal Security has identified two groups using executive impersonation to execute BEC attacks on companies worldwide.

Continue reading →

Call for Code creator, David Clark Cause, founding partner IBM, charitable partner United Nations Human Rights, and program affiliate the Linux Foundation are launching the 2023 Call for Code program to encourage the development of AI-powered technology projects that address sustainability issues.

This year's Call for Code will challenge global developers, students, and startups to build and contribute to solutions that help accelerate sustainability by improving resource management, reducing pollution and protecting biodiversity.

Continue reading →

Misconfigurations are often a source of security issues, especially when they relate to an organization's firewalls.

FireMon is launching a new, free firewall assessment tool that provides organizations with a comprehensive diagnostic report outlining the health of a firewall policy, complete with best practices and suggestions to improve their security posture.

Continue reading →

The final quarterly analysis of 2022's threat landscape from Nuspire confirms that last year saw the most threat activity in history.

While Q4 saw dips across all three sectors Nuspire monitors -- malware, botnets and exploits -- the net sum for the year shows a marked increase, especially in the case of exploits, which nearly doubled.

Continue reading →

When it comes to software development, quality testing is among the first items on the chopping block during budget cuts. It is often viewed as a cost center, and nothing more than a box to tick on the road to getting software out the door.

Chief quality architect Mush Honda of quality management platform Katalon, sees it differently. We spoke to him to find out why he thinks quality testing is an essential catalyst for company growth by helping companies retain customers, who can easily switch to competitors at the first sign of online hiccups.

Continue reading →

In 2022, the number of DDoS attacks grew 150 percent globally compared to the previous year, while the number of attacks in the Americas rose even faster, increasing 212 percent compared to 2021.

These figures are from the 2022 Global Threat Analysis Report released today by Radware which also shows the frequency of DDoS attacks saw a significant uptick. Globally, organizations mitigated an average of 29.3 attacks per day during the fourth quarter of 2022, 3.5 times more compared to 8.4 attacks per day at the end of 2021.

Continue reading →

A new report from provider of Java web application platforms, Vaadin, looks at how enterprises build, deploy, and modernize Java applications in 2023 and also reveals trends and future plans for the use of Java in enterprise applications.

Java is used heavily for both internal (64 percent) and customer-facing (62 percent) applications, which include both SaaS and internet-based services. However, Almost half of Java applications still need modernization.

Continue reading →

Today Canonical has announced the general availability of real-time Ubuntu 22.04 LTS. This enterprise-grade offering is aimed at the industrial, telecom, automotive, aerospace and defense sectors, as well as public sector and retail.

Real-time Ubuntu allows organizations to run their most demanding workloads and develop a wide range of time-sensitive applications on the open-source operating system.

Continue reading →

More and more connected systems are being used to deliver the essentials of our everyday lives. From the water and power that comes into our homes to the medical treatment we receive, the 'Extended Internet of Things' (XIoT) is involved.

A new report on the state of XIoT security from Claroty's Team82 researchers shows vulnerabilities in these cyber-physical systems disclosed in the second half of 2022 declined by 14 percent since hitting a peak in 2021. At the same time vulnerabilities found by internal research and product security teams have increased by 80 percent over the same period, indicating that vendors are taking the risk seriously.

Continue reading →

Privileged access management (PAM) solutions are too complex, with 68 percent of organizations paying for features they don't need, according to a new report.

The report from Keeper Security finds 91 percent of organizations employ PAM and 84 percent of global IT leaders say they want to simplify their PAM solutions in 2023.

Continue reading →

The latest report from JFrog looks at the most prevalent vulnerabilities in 2022 with an in-depth analysis of open source security vulnerabilities that have most impact for DevOps and DevSecOps teams.

The report shows that the severity of six of the top 10 CVEs was overrated, meaning they scored higher in the NVD rating than in JFrog's own analysis. In addition the CVEs appearing within enterprises most frequently are low-severity issues that were simply never fixed.

Continue reading →

Traditionally used by intelligence agencies and the military, the OSINT technique is used to gather information about people, organisations or companies from freely accessible sources, then analyse the data obtained and draw useful conclusions and information from it.

But IT security experts can also benefit from the technique to discover potential vulnerabilities and remediate them before they're exploited by attackers.

Continue reading →

Developers need access to many devices and internal services in order to build software. But many of these devices and services are exposed to the public web, creating gaps in security.

Add in the challenges of securing remote working and it's clear that there's a tricky balancing act needed to enable development while keeping the organization secure. We spoke to Avery Pennarun, CEO and co-founder of VPN service Tailscale, to find out how this can be achieved.

Continue reading →

Phishing emails usually try to trick the user into opening an attachment or visiting a website. Often this is by instilling a sense of urgency -- telling you your account is about to expire, for example.

Researchers at NordVPN have uncovered a new tactic involving email birthday cards. After all, if it's your birthday and you've opened several eCards already you're not going to think there's anything phishy about another one.

Continue reading →

Phishing volumes increased 36 percent, with 278.3M unique phishing emails in the fourth quarter of 2022, while malware volumes increased 12 percent QoQ, accounting for 58.9M emails, in the same period.

The latest Phishing and Malware Report from Vade shows the company detected 278.3 million unique phishing emails in Q4, surpassing the previous quarter’s total by 74.4 million. December saw the biggest jump in phishing emails, up 260 percent, as threat actors tried to cash in on the holiday period, this echoes a similar pattern at the end of 2021.

Continue reading →