John P. Mello Jr. - Author

Password manager LastPass reveals intrusion into development system

LastPass has revealed that an unauthorised party gained access to its development environment through a compromised developer account.

Customers set to increase reliance on MSSPs in 2023

Security spending is not expected to slow much next year as organisations look to improve cloud defences and rely more on MSSPs.

Network mistakes and misconfigurations cost companies millions

Network misconfigurations cost companies an average of nine per cent of annual revenues, according to a study released by a network security company.

Attacks using Office macros decline in wake of Microsoft action

Microsoft's decision to turn off Office macros by default has had a significant impact on the use of the mini-programs by hackers.

Cyber crime escalates as barriers to entry crumble

An underground economy that mirrors its legitimate e-commerce counterpart is supercharging online criminal behaviour, according to HP findings.

Deloitte expands managed XDR platform with CrowdStrike and Splunk

Deloitte has announced an update to its XDR platform, designed to boost capabilities to collect intelligence, hunt for threats, and secure mobile devices.

SQL injection, XSS vulnerabilities continue to plague businesses

Errors that allow SQL injection and cross-site scripting attacks are still the top vulnerabilities that pen-testers find, especially at smaller companies.

SolarWinds creates new software build system in wake of Sunburst attack

Lessons learned from software supply chain breach lead to innovative and secure development scheme.

Open source software risks persist, according to new reports

Companies are still struggling to gain confidence in the security of their open source projects, but shifting security earlier in the development process shows promise.

12 months on, how the Colonial Pipeline attack has changed cyber security

On the one-year anniversary of the Colonial Pipeline attack, industry insiders reflect on the event's effect on cyber security practice and perception.

New Linux-based ransomware targets VMware servers

Researchers at Trend Micro have discovered some new Linux-based ransomware that's being used to attack VMware ESXi servers.

CISOs worried about material attacks, boardroom backing

CISOs are also less concerned about ransomware attacks, but many says their organisations are still not properly prepared for them.

Threat hunters expose novel IceApple attack framework

Suspected state-sponsored threat actor uses IceApple to target technology, academic and government sectors with deceptive software.

Wrongly configured Google Cloud API potentially creates dangerous functionality

Misconfiguration of the Google Cloud Platform API could create an exploitable behaviour that leads to service compromise.

Jamf beefs up enterprise security software for Mac

Network threat prevention, muscular analytics, and BYOD management are among new features offered in enhanced application suite.

Stories by John P. Mello Jr.