Ian Barker

Researchers at Forescout's Vedere Labs have discovered a set of vulnerabilities targeting the PTC Axeda agent which is commonly used in medical and IoT devices.

The Axeda agent enables device manufacturers to remotely access and manage connected devices, making these vulnerabilities reminiscent of the Kaseya hack and the SolarWinds Orion compromise.

Continue reading →

A new study by one-stop hub platform Moxo (formerly Moxtra), looking at the finance, real estate and legal sectors, finds 90 percent of people's preferred method of communication when asking questions about their account and business transactions is digital (via a designated client portal), rather than scheduling an in-person appointment or phone call.

Moxo surveyed 1,500 clients and 1,500 internal- and external-facing employees and finds that 73 percent of employees believe digital solutions will be extremely important to improve business efficiency and 60 percent believe they will be extremely important in enhancing client service delivery and account management.

Continue reading →

Organizations are taking nearly two months to remediate critical risk vulnerabilities, with an average mean time to remediate (MTTR) across of 60 days.

A new report from smart vulnerability management firm Edgescan, based on analysis of over 40,000 web application and API assessments, three million network endpoint assessments, and circa 1000 penetration tests, finds high rates of known, patchable vulnerabilities that have working exploits in the wild.

Continue reading →

There has been a lot of buzz surrounding the adoption of artificial intelligence. According to a recent report from McKinsey 57 percent of companies are now using AI in at least one function. But how much is hype and how much is built on a sound commercial base?

We spoke to Mike Loukides, VP of emerging tech content at O'Reilly Media and author of O'Reilly Media's widely-cited AI Adoption in the Enterprise report, to discuss the current state of AI and what lies ahead.

Continue reading →

Fake news and disinformation has long been a problem on the internet and no more so than at present as both sides in the Ukraine conflict engage in an information war.

It's timely then for Surfshark to launch a free extension for Chrome and Firefox that detects and highlights website links from various media and other websites that are known to spread fake news and misinformation.

Continue reading →

The Russian invasion of Ukraine has sparked condemnation around the world and led to the imposition of a range of sanctions from the economic to the sporting and the cultural.

There have been calls to censor media linked to the Russian state too, with the European Union taking the step of banning the distribution of content from outlets like Russia Today.

Continue reading →

Kubernetes has been at the forefront of container deployment, allowing the automation of development, scaling and management, and supported on a wide range of public cloud platforms.

But as with any cloud deployment there are potential risks from mis-configuration, poorly managed access privileges and more. It's important therefore that when deploying Kubernetes security is given top priority.

Continue reading →

Kaspersky has been trying to distance itself from ties to the Russian state for several years, but the invasion of Ukraine has cast some doubt on its success.

The Cybernews site reports that Kaspersky Lab is protecting the resources of the Russian Ministry of Defense along with other high-profile Russian domains including Russia Today, TASS news agency, and Gazprom bank.

Continue reading →

In 2021, there was a surge of attacks targeting Active Directory domain controllers in order to gain the privileges that are needed to install backdoors, change security policies, and distribute ransomware or malware.

In recent days there have also been attacks targeting organizations in the Ukraine using the HermeticWiper malware which is implanted via Active Directory to destroy data on the machine.

Continue reading →

The latest Cyber Threat Landscape Report out this week from Deep Instinct reveals that bad actors are clearly investing in anti-AI and adversarial attack techniques and integrating these methods into their larger evasion strategy.

It also highlights a change in the way attacks are carried out and says we are now witnessing some groups opting to inflict maximum impact over a shorter time span. These short duration attacks are carried out with the goal of damaging data (its confidentiality and availability), destabilizing a business, and impairing business continuity.

Continue reading →

The financial, operational, and reputational risks of ransomware make it the top threat facing financial services organizations, a new report from F-Secure says.

The three most common routes used to spread ransomware are phishing, exposed remote desktop protocol (RDP) ports, and the exploitation of vulnerable software.

Continue reading →

Operational technology and industrial control systems saw a 110 percent increase in the number of vulnerabilities disclosed in the second half of last year.

The latest Biannual ICS Risk & Vulnerability Report from Claroty shows that remotely exploitable vulnerabilities are still causing problems, demonstrating the importance of securing remote connections.

Continue reading →

Malicious API traffic has increased 681 percent in the last year, set against a 321 percent increase in overall API traffic.

A new report from API security specialist Salt Security shows 95 percent of surveyed organizations have experienced an API security incident in the past 12 months.

Continue reading →

Only 23 percent of board of directors consider ransomware to be their top priority. Yet 59 percent of organizations have fallen victim to ransomware.

A new study from email security company Egress, independently conducted by Arlington Research, polled 500 IT leaders across the US and UK. It finds 52 percent of organizations allocate less than a quarter of their security budget to anti-phishing measures, yet 84 percent were hit by phishing and 42 percent had credentials stolen.

Continue reading →

According to a new report from SpyCloud, 70 percent of breached passwords are still in use and 64 percent of consumers repeat passwords across multiple accounts.

Researchers identified 1.7 billion exposed credentials, a 15 percent increase from 2020, and 13.8 billion recaptured personal identifiable information (PII) records obtained from breaches in 2021.

Continue reading →