Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-05-06 15:00:00 |
Health Care Data: It\'s Your Personal \'National Security\' Information (lien direct) |
If you wanted to put all the pieces of a person’s profile together, health care data would likely be the most important piece of the personally identifiable information (PII) puzzle. It’s powerful. A heartbeat can open a door. This data is the most important type related to a person, the crown jewel of PII data […]
|
|
|
|
|
2021-05-06 13:00:00 |
Security by Design and NIST 800-160, Part 1: Managing Change (lien direct) |
Building a house requires a blueprint. When it comes to building systems, National Institute of Standards and Technology’s (NIST) documents about security by design are some of the most reliable blueprints. As systems become more complex, they’re also more likely to be fragile. Meanwhile, we continue to add new devices, apps and tools into our […]
|
|
|
|
|
2021-05-06 10:00:00 |
Zero Trust and Insider Threats: Was Brutus the Original Bad Actor? (lien direct) |
Insider threats have been a problem for as long as there have been insiders. What’s changed over time? Well, for one, Brutus and his conspirators didn’t exactly leave a trail of logs and flows when they plotted against Julius Caesar and the Roman Republic. Fast forward 2,000 years, and there’s a good news/bad news update […]
|
|
|
|
|
2021-05-05 22:00:00 |
Does Multifactor Authentication Keep Your Remote Workers Safe? (lien direct) |
Your eight-character password can be cracked in about eight hours, using brute force attacks — even if you add in numbers, mix up the cases and throw in a special character or three. Odds are high that eight-hour window will soon be even shorter. To combat this, many companies added multifactor authentication (MFA) into their […]
|
|
|
|
|
2021-05-05 16:00:00 |
Improving Data Security in Schools: Remote Learning Increases Security Threats (lien direct) |
This blog is the last in a series about improving data security in schools. When learning moved from the classroom to the dining room, schools scrambled to ensure students had the tools they needed. A study conducted by FutureSource Consulting found that the number of computing devices shipped to educational institutions in 2020 is expected […]
|
|
|
|
|
2021-05-05 04:30:00 |
Zero Trust: Confidently Secure Your Business to Grow Fearlessly (lien direct) |
What would your business be able to do if security risks were no longer a concern? What sort of products would you build for your customers? What types of experiences could you enable for your employees to be more effective? What would you change to power your business forward? As the general manager for IBM […]
|
|
|
|
|
2021-05-04 15:00:00 |
Adopting Microsegmentation Into Your Zero Trust Model, Part 2 (lien direct) |
This is the second part in a series on zero trust and microsegmentation. Be sure to check out Part 1 here. Organizations are increasingly using a zero trust approach combined with microsegmentation to carefully balance the needs of security and access. Companies work with most vendors on a purely transactional basis — those vendors simply […]
|
|
|
|
|
2021-05-04 12:00:00 |
(Déjà vu) It\'s an Operational Technology World, and Attackers Are Living in It (lien direct) |
In April 2021, the U.S. government announced a new effort to protect industrial control systems (ICS) from cyberattacks. For the cybersecurity community, the announcement may come as no surprise. Vulnerabilities in critical infrastructure such as ICS and the operational technologies (OT) that run them have made frequent headlines. From public water system threats to research […]
|
|
|
|
|
2021-05-04 12:00:00 |
Expert Interview: How to Secure Critical Infrastructure With Operational Technology (lien direct) |
In April 2021, the U.S. government announced a new effort to protect industrial control systems (ICS) from cyberattacks. For the cybersecurity community, the announcement may come as no surprise. Vulnerabilities in critical infrastructure such as ICS and the operational technologies (OT) that run them have made frequent headlines. From public water system threats to research […]
|
|
|
|
|
2021-05-04 10:05:00 |
Don\'t Make Headlines Over an Insider Incident: Lessons From the Frontlines (lien direct) |
On the path to becoming more cyber secure, organizations across the globe spend an estimated $60 billion per year to defend their assets, recruit talent and work to prevent and respond to cyberattacks. Moreover, security spending is expected to rise another 10% in 2021. But while much of an organization’s security focus and spending is […]
|
|
|
|
|
2021-05-03 22:30:00 |
Alert Fatigue: How AI Can Help You Address Your Most Important Alerts (lien direct) |
When someone says the word hurricane, I hear the shrill weather-alert warning sound in my head. Having grown up in Florida and now living in North Carolina, I’ve been through many hurricanes and have the routine down — stock up on supplies and hurricane snacks, bring in the patio furniture, fill up the cars with […]
|
|
|
|
|
2021-05-03 17:30:00 |
Social Engineering: Watch Out for These Threats Against Cybersecurity Experts (lien direct) |
Many of us remember our parents saying not to take candy from strangers. Today, we can apply a similar mindset to avoid social engineering. Social engineering is the threat that keeps on coming back. Threat actors are learning to use even cybersecurity researchers’ best intentions against them. Let’s take a look at tactics threat actors use to target […]
|
Threat
|
|
|
|
2021-04-30 15:00:00 |
How to Talk to Leadership About a Zero Trust Model That\'s Right For You (lien direct) |
This is the second blog in a series about zero trust. Lack of requisite budget can be a major roadblock when it comes to adding a zero trust model. Why is this so much of a problem? And, how can a SOC team make the C-suite see how zero trust helps the business? In the […]
|
|
|
★★★
|
|
2021-04-30 14:00:00 |
Why Data Monopolies Mean Breaches Hit Harder (And How to Help) (lien direct) |
Tech companies aren’t shy about how much they know about us. In fact, it’s right in my face every time I log on to my accounts: advertisements for running shoes I looked at online last week; condo rentals for the post-pandemic trip I’ve been quietly planning for months; and recommended dachshund Facebook groups likely based […]
|
|
|
|
|
2021-04-30 13:00:00 |
3 Ransomware Threats in 2021 and How to Protect Against Them (lien direct) |
I’m sure I’m not the only one who expected the world to magically get back to normal — whatever that is — when the ball dropped on 2021. After seeing a rise in threats last year, no more ransomware, or at least fewer attacks, was on my very long wish list for a wonderful new […]
|
Ransomware
|
|
|
|
2021-04-29 14:00:00 |
Is Multifactor Authentication Changing the Threat Landscape? (lien direct) |
Changes to the cybersecurity threat landscape are constant and dynamic: threat actor groups come and go, alter tactics, techniques and procedures (TTPs) and adjust to new defensive mechanisms. Over time, both cyber criminal gangs and nation-state actors endure arrests and swap individuals in what can appear to be an ongoing arms race between good and […]
|
Threat
|
|
|
|
2021-04-29 13:00:00 |
The Story of FakeChat (lien direct) |
Starting late December 2020, IBM Trusteer’s mobile threat research lab discovered and began closely tracking a new Android banking malware that appeared to be mostly targeting users in Spain. Per our analysis, the purpose of the malware is to steal credit card numbers, bank account credentials and other private information from its victims. Once a […]
|
Threat
Malware
|
|
★★
|
|
2021-04-29 10:00:00 |
Is VPN or Zero Trust Best for Remote Working Security? (lien direct) |
For the past few decades, a corporate virtual private network (VPN) was the go-to answer for connecting to work when away from the office. It was simple, affordable and relatively secure. But debate has been brewing for several years regarding whether or not the corporate VPN security is dead — or at least not the […]
|
|
|
|
|
2021-04-29 03:45:00 |
Improving Data Security in Schools: Privacy at a Distance (lien direct) |
This blog is the second in a series about improving data security in schools. Cyberattacks against colleges and universities can be fruitful. Few organizations hold the amount and variety of data that higher education does. Thousands, if not millions, of endpoints are ripe for compromise. A large state flagship university houses decades worth of student […]
|
|
|
|
|
2021-04-29 03:30:00 |
COVID-19 Supply Chain Attacks and More: Your April 2021 Security Intelligence Roundup (lien direct) |
The COVID-19 supply chain finds itself under fire in this month’s cybersecurity intelligence news. Learn about how another type of supply chain — the cloud through which we download a lot of our software — can also be a risk. And, how could your business make meaningful changes to your cybersecurity posture? Start on your […]
|
|
|
|
|
2021-04-28 20:00:00 |
The Sodinokibi Chronicles: A (R)Evil Cybercrime Gang Disrupts Organizations for Trade Secrets and Cash (lien direct) |
It likes big game hunting, it enjoys deploying Cobalt Strike and it dabbles in critical vulnerability abuse. It’s known as Sodinokibi/REvil, a ransomware strain that emerged in 2019 as the heir to the GandCrab ransomware, a malware family that supposedly retired from the cyber crime arena in mid-2019 after reportedly amassing illicit profits of over […]
|
Ransomware
Malware
Vulnerability
|
|
|
|
2021-04-27 15:00:00 |
Adopting Microsegmentation Into Your Zero Trust Model, Part 1 (lien direct) |
The idea to discuss microsegmentation and zero trust came to me while reading cybersecurity articles over cellular data as I was waiting in line one day. And, I wrote this article on different devices: on my laptop connected to my home wireless network; on my tablet over Wi-Fi. Each time I switched devices or wireless […]
|
|
|
|
|
2021-04-26 13:00:00 |
Cloud-Native IAM Controls Part 3: Following Cloud Governance Blueprints (lien direct) |
In many cases, one business unit sets up its own cloud-native identity and access management controls differently from another. One of your customers’ business units may need Red Hat, while another may need controls from a specific public cloud provider. The business unit may or may not be using the cloud-native identity and access management […]
|
|
|
|
|
2021-04-26 11:00:00 |
IoT Security: Be Aware of What You Connect at Home (lien direct) |
Home IoT device adoption has grown by leaps and bounds. It’s a time of connected gadgets everywhere, and with them, comes security risks. McKinsey predicts the total number of IoT-connected devices will be 43 billion by 2023, with the vast majority being consumer devices. Most of these new devices connect via home routers (another IoT […]
|
|
|
|
|
2021-04-25 16:00:00 |
Self-Assessment: How Can You Improve Financial Services Cybersecurity? (lien direct) |
It’s common knowledge that threat actors target banks. Not only might these attackers want to directly steal money, by doing this they’re also hitting the customers and the trust in the bank. If a financial institution suffers a loss, even insurance can only go so far to minimize the actual cost to the organization. The cost […]
|
Threat
|
|
|
|
2021-04-23 14:30:00 |
How Zero Trust Can Help Close the Cybersecurity Skills Gap (lien direct) |
Using a zero trust model can help tackle some of the major challenges in cybersecurity today, including the skills gap. In July 2020, Deloitte surveyed webinar attendees about their organizations’ plans to implement a zero trust model. The poll found that four challenges had disrupted the efforts of many employers. A lack of skilled workers […]
|
|
Deloitte
Deloitte
|
|
|
2021-04-23 14:00:00 |
Health Care Ransomware Strains Have Hospitals in the Crosshairs (lien direct) |
The language of digital attacks shares a lot with the language of disease: ‘viruses’ ‘infect’ computers, and stopping their spread can be like trying to keep down a contagious disease. The two worlds also come together when threat actors attack using health care ransomware. When every minute could change the fate of a patient, preventing […]
|
Threat
Ransomware
|
|
|
|
2021-04-23 10:00:00 |
Don\'t Forget: A Checklist for Offboarding Remote Employees Securely (lien direct) |
We all know about the threat of threat actors trying to access our corporate data. But with the rise of remote work, keeping an eye on employees during offboarding is an important area to watch, as well. In many cases, employees can still access sensitive data well after they leave the job. This is even […]
|
Threat
|
|
|
|
2021-04-22 16:00:00 |
Why You Need Attack Surface Management (And How To Achieve It) (lien direct) |
Attack surface management (ASM) has rightly become a major priority for business leaders and digital defenders alike. The number of connected things is growing, and that means attackers have far more entryways into your networks and systems. With ASM, you can respond proactively to threats to stop them before they start. What is ASM? So, […]
|
Guideline
|
|
|
|
2021-04-22 13:00:00 |
IBM Security Guardium Named Industry Leader for Third Consecutive Time (lien direct) |
KuppingerCole named IBM Security Guardium an overall business leader in their Leadership Compass on Database and Big Data Security Solutions. IBM was also again ranked as a leader in all three sections: product, innovation and market. With this in mind, take a look at how KuppingerCole measures today’s solutions and why good data security is so important. […]
|
Guideline
|
|
★★★★★
|
|
2021-04-22 10:00:00 |
Internet of Threats: IoT Botnets Drive Surge in Network Attacks (lien direct) |
As Internet of things (IoT) devices in homes, industrial environments, transportation networks and elsewhere continue to proliferate, so does the attack surface for malicious IoT network attackers. IoT attack activity in 2020 dramatically surpassed the combined volume of IoT activity observed by IBM Security X-Force in 2019. Turning our attention to the factors behind this […]
|
|
|
|
|
2021-04-21 22:30:00 |
Data Poisoning: When Attackers Turn AI and ML Against You (lien direct) |
Stopping ransomware has become a priority for many organizations. So, they are turning to artificial intelligence (AI) and machine learning (ML) as their defenses of choice. However, threat actors are also turning to AI and ML to launch their attacks. One specific type of attack, data poisoning, takes advantage of this. Why AI and ML Are at […]
|
Threat
Ransomware
|
|
|
|
2021-04-21 21:00:00 |
Cloud Native Tools Series Part 3: Get the Right Tools (lien direct) |
As we near the end of our journey into cloud native tools, let’s take a look at visibility. In a previous post, I discussed how business entities need to understand their end of the Amazon Web Services (AWS) shared security model to uphold their cloud defense duties. This knowledge can help them safeguard their digital […]
|
|
|
|
|
2021-04-20 18:00:00 |
What Is SIEM and How Does it Work? (lien direct) |
A hidden, lingering threat is a cybersecurity team’s worst nightmare. With security information and event management (SIEM), your team has fewer blind spots when it comes to detecting threats. If you asked a handful of experts for their SIEM definition, you’d get several different unique takes on the market definition. Here’s ours, along with how […]
|
Threat
|
|
|
|
2021-04-20 12:00:00 |
\'Inbox Zero\' Your Threat Reports: How to Combat Security Alert Fatigue (lien direct) |
At best, a new cybersecurity alert should trigger immediate action. But we all know in practice that work is not always clear cut. A new alert can find itself as just the latest un-addressed number in the inbox. In an inbox-zero case, the latest new alert is the most urgent task. But in a backed-up, […]
|
Threat
|
|
|
|
2021-04-20 10:00:00 |
Progressive Web Apps and Cookies: Taking a Bite Out of Security (lien direct) |
To prevent cookie theft, have cyber defense baked in. With progressive web apps (PWA) and other relatively new protective efforts in place, how can you be sure you’re defending against today’s attackers? Here’s what enterprise needs to know about the rumbling threat of pass-the-cookie attacks, how current cloud and mobile frameworks like PWAs can empower […]
|
Threat
|
|
|
|
2021-04-19 19:00:00 |
Cloud-Native IAM Controls Part 2: An Approach for Governance (lien direct) |
Some organizations with multicloud environments opt for a cloud service provider with native identity access management (IAM). However, these same people often struggle when it comes to adding the cloud-native controls into a larger enterprise IAM program. In part 1 of our cloud-native IAM controls blog, we explored why these controls are not enough for […]
|
|
|
|
|
2021-04-19 19:00:00 |
How VPNs Are Changing to Manage Zero Trust Network Access (lien direct) |
What do a growing number of cyberattacks, emerging tech, such as artificial intelligence, and cloud adoption have in common? They’re all helping fuel the rise of zero trust. Zero trust network access is, in turn, changing the way we access the internet for work. Let’s take a look at how another common tool today — the […]
|
Tool
|
|
|
|
2021-04-19 18:00:00 |
Why Business Password Management Remains a Struggle (lien direct) |
How secure is your password? Everyone has a favorite. Savvy people, of course, know better than to use something that can be easily guessed, like 12345 or ‘Password.’ But, once you latch on to a password you really like and is easy to remember, you use it again on a site you might not visit […]
|
|
|
|
|
2021-04-16 13:00:00 |
How AI in Cybersecurity Addresses Challenges Faced by Today\'s SOC Analysts (lien direct) |
Today’s security operations centers (SOC) have to manage data, tools and teams dispersed across the organization, making threat detection and teamwork difficult. There are many factors driving complex security work. Many people now work from home with coworkers in far-away places. The cost and maintenance of legacy tools and the migration to cloud also make […]
|
Threat
|
|
|
|
2021-04-16 11:30:00 |
Combating Sleeper Threats With MTTD (lien direct) |
During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019. Although these early versions did not contain the malicious backdoor (this was added in March […]
|
Threat
|
|
★★★
|
|
2021-04-16 10:00:00 |
Ransomware Attacks in 2021: Information Meets Emotion (lien direct) |
“If you want to go quickly, go alone, but if you want to go far, go together.” This African proverb opens the Sophos 2021 Threat Report, and in view of recent cybersecurity events, its meaning is very important when it comes to defending against ransomware attacks. As threat actors work together to provide ransomware-as-a-service, defenders […]
|
Threat
Ransomware
|
|
|
|
2021-04-15 15:00:00 |
How to Design and Roll Out a Threat Model for Cloud Security (lien direct) |
Today’s cloud security requires a new way of looking at threat models. Making a threat model can support your security teams before problems start. It helps them develop a strategy for handling existing risks, instead of detecting incidents at a later stage. Let’s walk through how to create a threat model that works for your […]
|
Threat
|
|
|
|
2021-04-15 13:00:00 |
Why Security Pros Can\'t Ignore Big Data Monopolies (lien direct) |
The rise of the cloud didn’t free us from concerns over who stores our data. Where matters, and major cloud providers and big data monopolies host a huge percentage of the world’s data. Thousands of organizations that store and manage personal, business and government data use big-name cloud providers. Smartphone platform companies house and process terabytes […]
|
|
|
|
|
2021-04-15 11:00:00 |
AI Security: How Human Bias Limits Artificial Intelligence (lien direct) |
For cybersecurity experts, artificial intelligence (AI) can both respond to and predict threats. But because AI security is everywhere, attackers are using it to launch more refined attacks. Each side is seemingly playing catch-up, with no clear winner in sight. How can defenders stay ahead? To gain context about AI that goes beyond prediction, detection […]
|
|
|
|
|
2021-04-14 22:00:00 |
The IT-OT Connection: How the Two Work Together (lien direct) |
Where hardware meets software, attackers can sneak in. More and more, threat actors are targeting Industrial Control Systems (ICS) and Operational Technology (OT). IBM X-Force found that the number of attacks against those types of assets increased by over 2,000% between 2018 and 2019, with the number of ICS and OT attacks in 2019 having […]
|
Threat
|
|
|
|
2021-04-14 19:30:00 |
Don\'t Stop At \'Delete:\' How Privacy Needs Are Shaping Data Destruction (lien direct) |
It’s just part of the job: at some point in a device’s lifecycle, data must be destroyed. While deleting files may mean users and apps can’t access them, simple deletion isn’t enough to truly destroy the data. To be most effective, secure data destruction has to be complete. This is especially true when your organization […]
|
|
|
|
|
2021-04-14 10:00:00 |
An Update: The COVID-19 Vaccine\'s Global Cold Chain Continues to Be a Target (lien direct) |
In December 2020, IBM Security X-Force released a research blog disclosing that the COVID-19 cold chain — an integral part of delivering and storing COVID-19 vaccines at safe temperatures — was targeted by cyber adversaries. After that first report, we recently discovered an additional 50 files tied to spear-phishing emails that targeted 44 companies in […]
|
|
|
|
|
2021-04-13 16:00:00 |
Turning Down the Noise: Adding Context to the SIEM With Modern Data Security (lien direct) |
Let’s say I tell you that my daughter crawled today. However, you don’t know if my daughter is an infant or 30 years old. If you ask, and I tell you my daughter is an infant, you still don’t know if she’s already been crawling or today marks the first time. If this is the […]
|
|
|
|
|
2021-04-13 11:00:00 |
Wake Me Up Before You Know Know … About the Latest Third-Party Data Breach (lien direct) |
“It has gotten to the point, unfortunately, where they are so frequent and common these days, that it’s like, here we go again,” Christopher Sitter says when I asked him about the prospect of a third-party data breach. Sitter is the senior director of information security at Juniper Networks. He manages all things incident response-related — […]
|
Data Breach
|
|
|