Featured

It’s unfortunate, but true: SaaS attacks continue to increase. You can’t get around it, COVID-19 accelerated the already exploding SaaS market and caused industries not planning on making a switch to embrace SaaS. With SaaS apps becoming the default system of record for organizations, it has left many struggling to secure their company’s SaaS estate. CISOs and security professionals work to limit this burgeoning threat landscape, however, it’s a work in progress.   One slight misconfiguration...

Mobile banking is the safest way to bank for UK consumers, RiskOps platform for financial risk management Feedzai revealed in their Q2 2022 Financial Crime Report, based on the analysis of over 18 billion global banking transactions throughout 2021. According to the report, banking represented 88% of all banking transactions in the U.K. during this period; however, fraud rates were over 50% lower using a mobile device compared with desktop, laptop, telephone, or in-person transactions...

The IT Security Guru has teamed up with Synopsys, a recognised leader in application security, to bring you the webinar, 'Secure Your Cloud Environment from Evolving Threats'. As the migration to the cloud continues at an unabated pace, the threats in the cloud are also increasing proportionally and evolving constantly. Data breaches, misconfiguration risks, weak identity and access management controls, insider threats, multi-cloud infrastructure, and increasing complexity are just a few of the many challenges...

Now in its ninth successive year, the much-anticipated annual European Cybersecurity Blogger Awards, sponsored by KnowBe4 and Qualys, is now open for nominations. The awards have always been committed to celebrating the cybersecurity industry’s most coveted bloggers, vloggers, podcasters and social media influencers. Previous award winners have included renowned blogging and podcast stars such as Troy Hunt, the creator of Have I Been Pwned, Graham Cluley, Carole Theriault and Geoff White.   To be part of...

There is often confusion between Cloud Access Security Brokers (CASB) and SaaS Security Posture Management (SSPM) solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critical data. For identifying and classifying sensitive information, like Personally Identifiable Information (PII), Intellectual Property (IP), and business records, CASBs definitely help. However, as the number of SaaS apps increase, the amount of misconfigurations and...

One week later and International Women's Day is still fresh in our minds. There is still some way to go but every day that we challenge the stigma and bias that impact women in the workplace. Obrela Security Industries have launched a campaign to celebrate women in the cybersecurity industry. You can read their blog here The persistent cyber skills shortage is getting worse. Despite gender representation generally improving over the past 5 years, there...

This week, smart vulnerability management provider Edgescan has published the findings of its 2022 Vulnerability Statistics Report, which for the 7th year running offers a comprehensive view of the state of vulnerability management globally. The report reveals that organizations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate (MTTR) across the full stack set at 60 days. High rates of “known” (i.e. patchable) vulnerabilities which have...

https://vimeo.com/683449370/53eb067506   Armis, unified asset visibility and security company, announced the discovery of three zero-day vulnerabilities in APC Smart-UPS devices that can allow attackers to gain remote access. If exploited, these vulnerabilities, collectively known as TLStorm, allow threat actors to disable, disrupt, and even destroy APC Smart-UPS devices and attached assets, researchers have warned.   Uninterruptible power supply (UPS) devices provide emergency backup power for mission-critical assets in data centres, industrial facilities, hospitals, and more....

With 85% of data breaches caused by social engineering or human error, creating a company-wide security culture has risen up the agenda for many organisations. However, the phrase can be problematic in itself – as definitions vary, with some even equating it to security awareness training. KnowBe4 says it wants to change this and recognise the multi-faceted nature of security culture. For the first time, KnowBe4 has defined security culture as “the ideas, customs, and...

Salt Security released its Salt Labs State of API Security Report, Q1 2022. The bi-annual report found that 95% of surveyed organisations have experienced an API security incident in the past 12 months. The research showed that 34% of respondents - all of whom are running production APIs - lack any kind of API security strategy. This lack of defence presents significant business risk to enterprises in the form of slowed business innovation, compromised consumer...