Trustwave SpiderLabs on October 29 will launch its second deeply researched look into the threats facing the retail sector. The 2024 Trustwave Risk Radar Report: Retail Sector will cover in detail the threats facing the industry, the most prominent adversaries in the field, and the commonly used methods to attack retailers. The main report is supported by two supplementary pieces.

In today’s fast-evolving cybersecurity landscape, organizations face an increasing barrage of sophisticated threats targeting endpoints, networks and every layer in between. CrowdStrike and Fortinet have formed a powerful partnership to deliver industry-leading protection from endpoint to firewall.

Not all security operation centers (SOCs) are equal. They have teams of different sizes, with varying skill levels, protecting a wide range of industries around the world. However, they have a few things in common — for one, they face many of the same threats, and many SOC teams struggle with the complexity of managing several disparate tools to detect and disrupt them. As the cybersecurity industry matures, SOC teams have more options to consolidate the security tools they use.

Also known as change monitoring, File Integrity Monitoring (FIM) solutions monitor and detect file changes that could indicate a cyberattack. They determine if and when files change, who changed them, and what can be done to restore files if those changes are unauthorized. As such, FIM solutions are useful for detecting malware and achieving compliance with regulations like PCI DSS and are a crucial part of any enterprise security stack.

I've spent over 35 years as a trainer in various capacities, so it might surprise you to hear me say that training alone isn't enough to change behaviours—particularly when it comes to security. This isn't just my opinion; it's a conclusion from our State of Human Risk Management in 2024 Report. To understand why training isn't the full solution, we need to delve into the field of human error. Mistakes—errors caused by wrongly applied knowledge—can often be corrected with training.

Windows event logs are a key source of important information about your Windows environments, including detailed records of user activities, system performance, and potential security issues. However, with the sheer volume of logs modern environments generate, it can be overwhelming for security teams to efficiently detect, triage, and respond to threats in real time.

Action Fraud, the UK’s national fraud and cyber crime reporting service, warns that more than 33,000 people have reported that their online accounts have been hacked over the past year. Most of these hacks were the result of phishing and other social engineering tactics. Action Fraud describes one technique that involves using a compromised account to target the victim’s friends.

Sixty-four percent of IT leaders have clicked on phishing links, a new survey by Arctic Wolf has found. Despite this, 80% of these same professionals are confident their organization won’t fall victim to a phishing attack. The survey found that 34% of organizations send simulated phishing emails to their employees at least once every two weeks, but only 15% of end users are aware of them. Likewise, the IT and security leaders surveyed said 83% of their employees fall for the phishing simulations.

Keeper Security is pleased to announce significant improvements to the Security Audit tab of the Admin Console for business users, as well as the Browser Extension for organizations and individuals alike. The updates include a refreshed User Interface (UI) for both, new functionality to refresh and reset Security Audit scores, the ability to generate a passphrase via the Browser Extension and more.

As apps become more complex and development speeds up with DevOps, cloud-native tech, and AI, having a comprehensive approach to managing application risk is more important than ever. Traditional methods just aren’t cutting it anymore. Security teams are overwhelmed by vulnerabilities, and developers aren’t getting the guidance they need on what to focus on first. This gap between security and development is leaving apps more vulnerable.