All the latest blog posts from the most relevant cyber security companies in the business.

October is National Cyber Security Awareness Month (NCSAM), which means it’s time to talk about passwords for the umpteenth time. Why beat this dead horse again? Because just about everyone still uses passwords, and even the most recent password security recommendations do not make them any stronger. This year, the recommendation was eight characters —…

The massive rise in popularity of social platforms has led to a huge upswing in social media scams — putting a growing pool of users at risk. Facebook had 2.23 billion monthly active users as of the second quarter of 2018, while photo-sharing site Instagram hit 1 billion monthly active users by June 2018, according…

Without a ransomware recovery strategy, companies sometimes end up paying to retrieve their data after an attack. At the same time, threat actors are growing more sophisticated in their ability to bypass both antivirus and anti-ransomware tools — thus, they’re also growing bolder. To stay ahead of the curve, organizations will need to develop more…

According to the 2018 IBM X-Force Threat Intelligence Index, the frequency and sophistication of malicious cryptocurrency mining, also called “cryptojacking,” has increased drastically in the past year. This mining is changing malicious actors’ priorities: While they had previously targeted companies’ data and financial assets, they are now seeking to extract value from organizations’ computing resources….

As the workforce becomes increasingly mobile, organizations must adapt their security strategies to account for the enlarged threat surface. While mobility undeniably helps organizations boost productivity, it also creates considerable weaknesses in the IT environment. How can companies strike a balance between giving employees the 24/7 access they need to perform their jobs and protecting…

Software development has shifted into overdrive to keep pace with the demand for rapid releases. To meet this challenge, the industry has moved in recent years to the far more agile development and operations (DevOps) model, which has enabled companies to push out releases faster and more efficiently. However, more code means more vulnerability alerts….

I joined a number of security professionals at the IBM Security Summit in London last month during the “Innovating With Cloud Security” breakout session, which was hosted by Martin Borrett, chief technology officer (CTO) of IBM Security Europe. The audience took part in discussions about typical cloud transformation journeys, security for and from the cloud,…

The largest ever distributed denial-of-service (DDoS) attack occurred in the spring of 2018. The attack lasted more than eight minutes and measured 1.3 Tbps, according to Threatpost. But it’s a record no one in the security industry expects to last long, as DDoS attacks continue to increase in length, strength and damage. This type of…

Organizations must manage known vulnerabilities in web applications. When it comes to application security, the Open Web Application Security Project (OWASP) Foundation Top 10 is the primary source to start reviewing and testing applications. The OWASP Foundation list brings some important questions to mind: Which vulnerability in the OWASP Foundation Top 10 has been the…