Ian Barker

In the second quarter of this year malware events increased over 25 percent, botnets doubled and exploit activity grew by nearly 150 percent, according to a new report.

The report from managed security services provider Nuspire, based on threat intelligence analyzed from Nuspire's trillion traffic logs from client sites and associated with thousands of devices from around the world, shows a substantial increase in botnet activity near the end of Q2, attributed to Torpig Mebroot botnet, a banking trojan designed to scrape and collect credit card and payment information from infected devices.

Continue reading →

A new study reveals that while 80 percent of enterprises are using open source software (OSS) -- set to rise to 99 percent in the next year -- a mere one percent say they aren't worried about security.

The report from Synopsys, based on research by Enterprise Strategy Group (ESG), shows that in response to high profile supply chain attacks 73 percent of respondents say they have increased their efforts significantly to secure their organizations' software supply chain.

Continue reading →

The power of software supply chain attacks was amply demonstrated by SolarWinds but two years on some organizations are still vulnerable thanks to the use of source code management (SCM) systems.

IBM's X-Force Red ethical hacking team has been able to successfully gain access to SCM systems during an adversary simulation engagement in most cases.

Continue reading →

Despite the fast changing nature of the world of cybersecurity, it seems that when it comes to vulnerabilities there's still a place for the golden oldies.

New research by Rezilion find that more that 4.5 million internet-facing devices are still vulnerable to vulnerabilities discovered between 2010 to 2020. What's more, for most of these vulnerabilities, active scanning/exploitation attempts have taken place in the past 30 days too.

Continue reading →

Governments are keen for enterprises to improve their cyber resilience, but research from Skurio finds just under half of private and public sector organisations surveyed say that lack of resources and in-house expertise prevent their organisation from keeping up with and protecting against new cyber threats.

We talked to Jeremy Hendy, CEO of Skurio, about the barriers to businesses becoming more cyber resilient and the calls to action for C-suite, info-security departments, and the industry

Continue reading →

When the pandemic-inspired lockdowns hit in 2020, businesses rushed to established technologies like VPNs in order to support remote working.

But new research conducted by Gartner Peer Insights for Citrix Systems shows 96 percent of IT leaders think these technologies no longer cut it and are rethinking their approach.

Continue reading →

The Log4j vulnerability first hit the headlines in December last year. Since then we've heard less about it, but it hasn't gone away, like most vulnerabilities it has a long tail.

A recent report from the Cybersecurity Safety Review Board takes a comprehensive look at the vulnerability and what can be learned from it.

Continue reading →

It might still be a bit early to begin thinking about next year, but new research from Intel 471 analyzes recent and commonly used tactics, techniques and procedures (TTPs) that have been adopted by prominent threat actors.

It also looks at how these threats have affected enterprises, along with predictive intelligence assessments on threats that organizations should be prepared to thwart over the next year.

Continue reading →

A large majority of companies are only at an entry level in terms of their cloud security capabilities according to a new study.

The research, carried out for cloud infrastructure security company Ermetic by Osterman Research, surveyed 326 organizations in North America with 500 or more employees and who spend a minimum of $1 million or more each year on cloud infrastructure.

Continue reading →

Most business leaders (57 percent) believe an enterprise integration strategy is critical to their organization, while 61 percent of CIOs and more than half of system architects and developers said a standardized, enterprise integration strategy is a top priority.

However, only seven percent of respondents have succeeded in implementing an enterprise integration strategy, according to a new study from Digibee, while 93 percent of decision-makers admit they have no formal integration strategy in place.

Continue reading →

According to a new study 93 percent of enterprise IT leaders say the application modernization process is challenging due to staffing, tools, training and other issues.

The survey from Asperitas finds 30 percent of IT leaders say identifying the right tools and technologies is the most difficult part of the process, while 20 percent say it's finding staff with the right experience.

Continue reading →

According to a new report 94 percent of companies have experienced security problems in production APIs in the past year, with 20 percent saying the organization suffered a data breach as a result.

The latest State of API Security Report from Salt Security also finds that found that API attack traffic has more than doubled in the past 12 months with a 117 percent increase. In the same period overall API traffic grew 168 percent, highlighting the continued explosion of enterprise API usage.

Continue reading →

The latest OT/IoT security report from Nozomi Networks shows that wiper malware and IoT botnets dominate threats to industrial control systems.

Researchers have observed the robust usage of wiper malware, and seen the emergence of an Industroyer variant, dubbed Industroyer2, developed to misuse the IEC-104 protocol, which is commonly used in industrial environments.

Continue reading →

Researchers at Sonatype have identified multiple malicious Python packages that contain ransomware scripts.

The packages are named after a legitimate, widely known library called 'Requests', with names like 'requesys', 'requesrs' and 'requesr', in order to trick developers into installing the wrong version.

Continue reading →

A new study reveals that 87 percent of the ransomware found on the dark web can be delivered via malicious macros in order to infect targeted systems.

The research from Venafi, in partnership with criminal intelligence provider, Forensic Pathways, looked at 35 million dark web URLs and forums to uncover a thriving ransomware community with highly damaging macro-enabled strains readily available.

Continue reading →