Ian Barker

Organizations are being targeted by a mixture of simple, low effort and low-cost attacks along with more sophisticated, targeted campaigns, according to the latest quarterly Threat Intelligence Report from security and compliance specialist Mimecast.

Based on analysis of over 200 billion emails, the report looks at the four main categories of attack types discovered in the quarter: spam, impersonation, opportunistic, and targeted. This quarter's report finds that impersonation attacks are on this rise, accounting for 26 percent of total detections -- and now include voice phishing or 'vishing.'

Continue reading →

Migrating sensitive data to the cloud inevitably raises concerns surrounding compliance and security. Most turn to encryption as a solution, but that in itself raises issues over key management.

While many cloud service providers have allowed customers to bring their own keys (BYOK), Google Cloud Platform is linking up with the Fortanix Self-Defending Key Management Service (SDKMS) to become the first public cloud provider to enable customers to bring their own key management system (BYOKMS).

Continue reading →

Software bots are being used to automate repetitive processes in two thirds of businesses, but this can present risks depending on how properly their access to data is governed.

New research from SailPoint finds many organizations do not have the correct oversight into their day-to-day bot activities. Only five percent of respondents say they have 100 percent of bots, and their access, accounted for in their identity process.

Continue reading →

Ten organizations including Avira, the Electronic Frontier Foundation, Kaspersky, Malwarebytes and NortonLifeLock, have joined in a global initiative called the Coalition Against Stalkerware.

Stalkerware programs carry the possibility for intrusion into a person’s private life and are being used as a tool for abuse in cases of domestic violence and stalking. By installing these apps, abusers can get access to their victim's messages, photos, social media, geolocation, audio or camera recordings, and in some cases, this can be done in real-time.

Continue reading →

The camera applications within Google, Samsung and other Android smartphones could be vulnerable to attack, according to some new research.

Researchers at security platform Checkmarx found that in certain circumstances adversaries can take over smartphone camera apps to record videos, take photos, eavesdrop on conversations, and identify GPS coordinates, all without the user knowing.

Continue reading →

Digital identity platform ForgeRock is launching an Identity Platform-as-a-Service solution to help developers embed modern identity capabilities into their apps.

ForgeRock Identity Cloud provides a full suite of capabilities for identity requirements in any business environment utilizing the same APIs and SDKs as the ForgeRock Identity Platform, so customers can use ForgeRock in any deployment model, on premises, hybrid cloud, public cloud, or as-a-service.

Continue reading →

New research launched today by data erasure and mobile device diagnostics specialist Blancco Technology Group finds end-of-life devices are leaving businesses at risk of data breaches.

The survey of 1,850 senior leaders from the world's largest enterprises in APAC, Europe and North America finds 73 percent agree that the large volume of different devices at end-of-life leaves their company vulnerable to a data security breach, while 68 percent say they are very concerned about the risk of data breach from this equipment.

Continue reading →

Kubernetes is one of the leading choices for container users, but its benefits of scalability and abstraction also lead to increased complexity, which can make companies reluctant to deploy the technology.

Chaos engineering platform Gremlin is launching support for Kubernetes -- Docker support was launched last year -- so engineers can now use Gremlin to automate the process of identifying and targeting Kubernetes primitives such as nodes and pods, to find issues that can prove difficult to pinpoint at a given moment.

Continue reading →

Almost a third of US consumers (31 percent) think they are at risk of fraud when contacting a brand's customer service department, with 47 percent saying it's because they have to share personal information with a customer service agent.

In another report released for International Fraud Awareness Week, the Sitel Group and CallMiner have looked at consumers' experience and concerns around customer service fraud, voice assistants and information security.

Continue reading →

Despite high profile data breaches in 2019 and 33 percent of respondents having been a victim of fraud or identity theft, when asked if they update or change passwords following a data breach at a firm they deal with, 28 percent say only sometimes and nine percent say they don't update their passwords at all.

This is one of the findings of a Shred-it report for International Fraud Awareness Week which highlights the need for improvements in both digital and physical security.

Continue reading →

Big data offers major opportunities for many industries. But in areas like finance where personal information is involved using the information raises worries about privacy.

One solution to that is to anonymize the information in some way. To discover more about how this works we spoke to Randy Koch the CEO of ARM Insight, a company pioneering the use of synthetic data and assisting more than 1,000 financial institutions to monetize their data safely.

Continue reading →

Some 72 percent of retailers globally have experienced a cyberattack, with 61 percent experiencing one in the last year, yet 50 percent don't have a response plan in place to deal with data breaches.

This is among the findings of a new study carried out by the Ponemon Institute for Keeper Security, which also shows the average cyberattack on a retailer involving the loss of customer/employee data results in 7,772 individual records lost or stolen, with an average price tag of $1.9M from the disruption of normal operations.

Continue reading →

As we head into the peak holiday shopping season, 66 percent of Americans believe they could easily become a victim of fraud, while another 65 percent think they are at a higher risk of having their financial information exposed as a result of their holiday shopping.

A new report from digital risk protection company Terbium Labs also shows that 68 percent would hold their bank at least partly responsible for fraudulent activity, no matter how the compromise occurred.

Continue reading →

Mobile users are becoming far more willing to subscribe to a service than to make a one-time purchase according to a new report.

A study from mobile user acquisition specialist Liftoff has analyzed more than 349 billion impressions across 992 mobile apps, 5.35 billion clicks and 76.6 million total post-install events.

Continue reading →

Penetration testing is an essential tool for organizations to make sure their systems are safe and secure. It probes systems by attacking them in the way that a hacker would.

But for many, the concept of pentesting is something of a dark art, and the tools used to carry it out shaded in obscurity. One of the most popular tools among testers is Kali Linux but you could be forgiven for never having heard of it.

Continue reading →