Editor's News

Yesterday, Illusive released its Analysing Identity Risks (AIR) 2022 report, which examines the unmanaged, misconfigured and exposed identity risks within organisations. The report shows that all organisations are vulnerable to attack, despite the deployment of privileged account management (PAM), multi-factor authentication (MFA) and other identity and access management (IAM) solutions. Illusive's security teams witnessed these blind spots firsthand in the financial services, healthcare, and retail sectors. According to Gartner®, “Many breaches are caused by security...

This week, the NHS reported a data leak incident to the Information Commissioner's Office, which puts third-party contractor cybersecurity risks in the spotlight.   What happened? A former employee of PSL Print Management, a consultancy used by the NHS, requested all emails and text messages regarding his employment at the company. PSL obliged, but sent him a USB stick that seemingly contained the company's entire email server contents, including thousands of patient letters that contained...

In December 2021, Gartner® reviewed its earlier predictions about API attacks, commenting, "On Target: 2017 Prediction — By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications…. As 2022 approaches, this prediction could arguably be counted as "missed" — but only because we underestimated the steep rise in attacks on APIs.   Now, Salt Security, the API security company, has announced it has received $140 million in Series...

The 8th of February marked the 19th Safer Internet Day which saw over 200 countries take a collaborative stance to make the Internet a safer and better place for all, particularly for younger people. Over the past 18 months, online activity sky-rocketed due to the disruptions caused by the pandemic. With many faced with lockdowns, the vast majority were restricted to the confines of our homes, with adults working remotely and children learning virtually. The...

Edgescan, the provider of the most comprehensive fullstack vulnerability management solution, today announces a partnership with Manicode Security, the secure coding education company. With a combination of lecture, security testing demonstration, and code review, Manicode classes are sure to entertain and educate app, web services, and mobile software developers and architects to the practices of secure development. Jim Manico is not your average trainer, nor is anyone in his team of highly qualified professors. With...

Salt Security, the API security company, has announced the global expansion of its Salt Security Essential Partner Program, with the company noting that it will be instrumental in ensuring customers around the world can protect the APIs fueling their digital transformations, application modernisations, cloud migrations, and other digital initiatives. The company state that it has always been 100% channel-focused – therefore making this programme more broadly available will expand the network of distributors, channel partners,...

New research from Adarma, the UK’s largest independent cyber threat management company, has discovered a major disconnect in the way organisations think and act in the face of ransomware. Adarma's nationwide ransomware study surveyed 500 C-level executives at UK businesses with over 2,000 employees and found that 58% of respondents have experienced a ransomware attack, with 94% of respondents reporting to be either concerned or very concerned about being hit by ransomware. However, the research also...

Kiteworks has announced the appointment of Andreas Deliandreadis as its new Vice President of Sales, EMEA. With more than 20 years in technology and cybersecurity sales and business development in EMEA markets, Deliandreadis is responsible for driving international revenue growth across Europe, the Middle East, and Africa (EMEA). “It is a great honour and privilege to be taking on this role for Kiteworks because EMEA is an exciting and fast developing market filled with vast...

Global connectivity specialist Eseye and agentless device security platform provider, Armis, have announced the general availability of a joint solution that enables organisations to deploy connected devices anywhere in the world with enterprise-class security and consistent, reliable cellular (4G/LTE/5G) connectivity.    The joint solution addresses how digital transformation has created a new generation of connected things that extend beyond traditional IT and across virtually every business and industry. The volume of these non-traditional assets has...

A 19-year-old security researcher named David Colombo detailed  how he was able to remotely unlock the doors, open the windows, blast music, and start keyless driving for dozens of Teslas, WIRED reported. The vulnerabilities he exploited to do so aren't in Tesla software itself, but in a third-party app. Salt Security's Michael Isbitsky, technical evangelist, explains what happened: The incident originated from a vulnerable open-source application, TeslaMate. The app enables Tesla owners to gather and...