The sheer volume of data breaches continues to escalate at a phenomenal rate. Cyberattacks on all businesses, but particularly small to medium-sized businesses, are becoming more frequent, targeted, and complex. According to Accenture’s Cost of Cybercrime Study, 43% of cyberattacks are aimed at small businesses, but only 14% of those businesses are prepared to defend themselves.

The cyberthreat landscape is ever-evolving and the level of sophistication from cybercriminals is always increasing. Networks are not impenetrable. Alarmingly, 79 minutes is now the average time from when an attacker compromises a network to when they start to move laterally, infiltrating the rest of the network.

In a typical ransomware attack, an adversary attempts to deploy ransomware directly on the machines they wish to encrypt. However, ransomware groups are increasingly adopting a newer tactic to ensure the success of their campaigns: remote encryption.

This is the first article in a series focusing on syscall evasion as a means to work around detection by security tools and what we can do to combat such efforts. We’ll be starting out the series discussing how this applies to Linux operating systems, but this is a technique that applies to Windows as well, and we’ll touch on some of this later on in the series. In this particular installment, we’ll be discussing syscall evasion with bash shell builtins.

This is the third in a series of four posts on how to secure your hybrid workforce. For a complete overview of the topics discussed in this series, download The new perimeter: Access management in a hybrid world.

Today, I’m proud to share our 14th annual State of Software Security report. Our 2024 report shines a spotlight on the pressing issue of security debt in applications, and it provides a wake-up call to organizations worldwide. The demand for speed and innovation has resulted in the accumulation of risk known as security debt. As Chief Research Officer at Veracode, I’m deeply committed to empowering businesses to confront the challenges posed by security debt. Let’s dive in.

How do you approach bot management? For certain businesses, the optimal approach could involve selecting a single bot management software to meet their existing bot detection and management needs. For some companies, combining behavioural analytics for identifying malicious bot behaviour and a WAF (WAAP) to defend against vulnerability exploits, DDoS attacks, and API security breaches is essential.

Adding AI to your software development life cycle (SDLC) comes with great opportunities — and great dangers. Is the risk worth the reward? This was the topic of conversation when Sascha Wiswedel, Senior Solutions Engineer at Atlassian, and Simon Maple, Principal Developer Advocate at Snyk, teamed up to discuss security in the (AI-assisted) software development lifecycle.

A recent report from Mozilla found that the recent explosion of romantic AI chatbots is creating a whole new world of privacy concerns.

Raspberry Robin malware exploits vulnerabilities, hackers use news and media hosting sites to spread USB malware payloads, and Palo Alto reports a 49% increase in ransomware victims.