Ian Barker

Since Microsoft began the default blocking of macros in documents sent over the internet there's been an increase in the use of HTML files to deliver malware.

Research by Trustwave Spiderlabs reveals a rise in so called 'HTML smuggling' using HTML5 attributes that can work offline by storing a binary in an immutable blob of data within JavaScript code. The embedded payload then gets decoded into a file object when opened via a web browser.

Continue reading →

The number of CVEs reported via ICS advisories has increased each year, with 2020-2021 seeing a 67.3 percent increase in CISA ICS CVEs, while 2021-2022 saw a two percent increase, according to a new report from SynSaber.

The growing volume of vulnerabilities highlights continued efforts to secure the ICS systems critical to a nation's energy, manufacturing, water, and transportation infrastructure. There's also a growing focus on regulation which means operators in critical infrastructure are under more pressure to analyze, mitigate, and report on new and existing vulnerabilities

Continue reading →

Rolling out digital transformation projects involves navigating increasingly strict data protection regulations, while at the same time coping with risk and inefficiency associated with data silos and copy-based data integration.

Today a pioneering national standard approved by the Standards Council of Canada has been published aimed at providing organizations with a framework to accelerate the delivery of digital innovation projects.

Continue reading →

Unmanaged device usage continues to increase, with only 43 percent of respondents to a new survey claiming to be actively monitoring 75 percent or more of their endpoints. For organizations with 1,000-4,999 devices, 34 percent are unmanaged, and more than half report experiencing several cyberattacks as a result of poorly managed endpoint devices.

The study, from Syxsense, of more than 380 IT and cybersecurity professionals shows that despite these blind spots most survey respondents believe endpoint security (56 percent) and management (58 percent) are getting easier compared to two years ago.

Continue reading →

New research released today by Barracuda shows 75 percent of organizations surveyed have experienced a successful email-borne attack in the last 12 months.

What's more the study, carried out by Vanson Bourne, finds recovering from an email-borne security attack costs victims more than $1 million on average and 69 percent of those hit by ransomware say the attack started with an email.

Continue reading →

Digital transformation projects often rely on the updating or replacing of apps, but that can put a brake on the speed of progress.

Many enterprise apps rely on established systems like Java which have been around for a long time but still remain popular. We spoke to Kim Weins, VP of products at open source web development platform Vaadin, to find out more about the challenges of bringing enterprise apps up to date.

Continue reading →

ChatGPT is very much flavor of the month at the moment, with many companies looking to add the AI technology into their products and Google launching its own alternative, Bard.

The latest to embrace the potential is Logpoint which is launching ChatGPT integration for its Security Orchestration, Automation and Response (SOAR) product.

Continue reading →

While technology to secure devices has been widely adopted, more progress is needed to protect identity, networks and applications, according to the first-ever Cybersecurity Readiness Index from Cisco.

Respondents rank identity and device management as two of the three top cybersecurity threats. With the widespread adoption of technology like multi-factor authentication (MFA), criminals are increasingly targeting the solutions employed to protect users and devices.

Continue reading →

Google is using today's Safer Internet Day to announce a number of new security and privacy initiatives.

Among these are new ways to fill out passwords easily and securely in Chrome, more privacy protection for the Google app, improvements to Google Password Manger, and an expansion of SafeSearch to protect against explicit images.

Continue reading →

Critical infrastructure organizations accounted for 51 percent of ransomware victims in 2022, with construction being the most targeted sector overall.

Analysis by the KrakenLabs team at Outpost24 has identified 2,363 victims disclosed by various ransomware groups on Data Leak Sites (DLS) in 2022, with an estimated $450 million paid in ransom by victims.

Continue reading →

Cybercriminals don't need to be clever and use inventive hacking exploits to breach systems as organizations are making things too easy for them, says a new report.

Intelligence-led computer security testing company SE Labs has released its annual Cyber Threat Intelligence report with a warning that CEOs need to take cybersecurity seriously or risk falling into the clutches of criminals eager to take their data and their money.

Continue reading →

The cybersecurity world is a constantly evolving one. In recent years though we've seen the rise of new technologies like AI and quantum computing that, while they may revolutionize legitimate businesses, also have worrying implications for security.

We spoke to Kevin Kennedy, vice president of products at detection and response company Vectra AI, to find out more about the risks and what organizations can do about them.

Continue reading →

Netflix recently announced a crackdown on the sharing of account details and has introduced a paid sharing option to allow multiple users. It isn't surprising then that there's a thriving Dark Web market for streaming account details.

Research from AtlasVPN shows that account logins for popular streaming services are being sold for an average of $11.

Continue reading →

IT and security professionals spend an average of 4,300 hours annually achieving or maintaining compliance, according to a new study.

The survey, from automation platform Drata of 300 IT and security professionals in fast-growing organizations across the US, finds 87 percent of respondents have faced consequences as a result of not having continuous compliance, these include slowed sales cycles, security breaches, business interruption, loss of a business relationship, a damaged reputation, or fines.

Continue reading →

This summer, Gartner introduced Continuous Threat Exposure Management (CTEM). This is a set of processes and capabilities that allow organizations to create a system for review of exposures that is faster than the periodic project-based approach.

With endless threats and vulnerabilities hammering today's organizations, exposure management that evaluates the accessibility, exposure and exploitability of all digital and physical assets is necessary to govern and prioritize risk reduction for enterprises.

Continue reading →