What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-05 13:00:00 | It\'s 2022: Do You Know Where Your Sensitive Data Is? (lien direct) | Looking at recent breaches and scandals, it’s not a mystery why organizations put a premium on good data security and governance practices. Yet, there is one aspect of data security and data governance that proves elusive. Sure, organizations have data activity monitoring (DAM) solutions, extended detection and response (XDR) tools, governance programs run by their […] | |||
|
2022-04-04 13:00:00 | Endpoint Security: Why It\'s Essential Now More Than Ever (lien direct) | The COVID-19 pandemic has made hybrid remote working the dominant model among professionals all over the world. Therefore, it’s essential for organizations to focus on endpoint security. By using the best endpoint security infrastructure, it is possible to protect remote workers from breaches while managing remote work. With a greater focus on flexible working methods, […] | |||
|
2022-03-31 13:00:00 | 2022 Banking & Finance Security Intelligence Roundup (lien direct) | The banking and finance industries deliver more services online now than ever before due to the pandemic. As a result, banking cybersecurity became more important than ever this year. Some of the threats to big data security in recent years included ransomware attacks, the growth of contactless payments, mobile malware attacks and even data breaches […] | Ransomware Malware | ||
|
2022-03-29 13:00:00 | National Backup Day: Don\'t Forget the Basics (lien direct) | This Thursday, March 31 at 9:30 a.m. MT/11:30 a.m. ET, join the National Cybersecurity Center, IBM Security X-Force’s Laurance Dine and Stephanie “Snow” Carruthers, and other security experts, for a World Backup Day discussion on best practices, preparedness and more. Catch the conversation on Twitter. National Backup Day is March 31, which serves as an […] | |||
|
2022-03-28 13:00:00 | Low-Code Is Easy, but Is it Secure? (lien direct) | Low-code and no-code solutions are awesome. Why? With limited or no programming experience, you can quickly create software using a visual dashboard. This amounts to huge time and money savings. But with all this software out there, security experts worry about the risks. The global low-code platform market revenue was valued at nearly $13 billion […] | |||
|
2022-03-24 13:00:00 | Blast From the Past: What the Y2K Bug Reveals About Cybersecurity Today (lien direct) | “The End of the World!?!” That’s what the cover of TIME Magazine said for its January 18, 1999 issue. Over two decades ago, the industrialized world was gripped by panic over the so-called Y2K bug. Also called the Millennium Bug, the year 2000 problem, Y2K problem, the Y2K glitch and other labels, some feared the […] | |||
|
2022-03-23 13:00:00 | IAM Secures the New, Perimeter-less Reality (lien direct) | Necessity may be the mother of invention, and it also drives change. To remain competitive in 2021, companies had to transform rapidly. Today, many of us work from home. Remote and hybrid work models have become the new normal. But what about security? In one recent survey, 70% of office workers admitted to using their […] | |||
|
2022-03-22 13:00:00 | IoT Security and the Internet of Forgotten Things (lien direct) | In 2017, the number of connected devices surpassed the world’s human population. That’s a lot of things. However, many of them were not built with security in mind. It didn’t take long for attackers to take advantage of Internet of Things (IoT) vulnerabilities. One case in 2016 saw threat actors take down Dyn, a company […] | Threat | ||
|
2022-03-21 20:30:00 | Threat Modeling Approaches: On Premises or Third Party? (lien direct) | What’s the difference between on-premises and cloud security threat modeling approaches? Both can help protect against cloud threats and have distinct benefits and risks. The latest tech developments are happening here in the cross-section of cybersecurity and cloud security. More and more treasured data is being kept and used to make data-driven decisions. So, defending […] | Threat | ||
|
2022-03-21 13:00:00 | Supply-Side Hackonomics: Supply Chain Attacks and Data Security (lien direct) | Most people now know far more about supply chains than they ever wanted to. Still, anyone could forgive you for not knowing the term ‘supply chain hack’. Often, when the media reports these types of attacks, they name them and broadcast the name of the company that was targeted around the world. That has helped […] | |||
|
2022-03-17 13:00:00 | Top 5 Cybersecurity Podcasts to Follow in 2022 (lien direct) | One of my favorite parts about talking to cybersecurity professionals is asking how they landed in the industry. Few tell me about a straight path to their career, like attending college or earning a certification. Most launch into an interesting tale of their non-traditional career paths. When I share these stories, I’m often asked how […] | |||
|
2022-03-16 22:00:00 | IOCs vs. IOAs - How to Effectively Leverage Indicators (lien direct) | Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […] | |||
|
2022-03-16 13:00:00 | Integrating IAM and SIEM to Boost Event and Anomaly Detection (lien direct) | Sending information from your identity and access management (IAM) system to your security information and event management (SIEM) system can help you to find events and anomalies that you might not find otherwise. This can help you detect that an attacker has breached your systems. Your SIEM system might already be collecting a lot of […] | |||
|
2022-03-15 20:45:00 | CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations (lien direct) | On March 1, 2022, ESET reported a third destructive data wiper variant used in attacks against Ukrainian organizations dubbed as CaddyWiper. CaddyWiper’s method of destruction is by overwriting file data with “NULL” values. This is the fourth sample of malware IBM Security X-Force has released public content for which has been reportedly targeted systems belonging […] | Malware | ||
|
2022-03-15 13:00:00 | It\'s Not Fair, But Cyber Crime Is Cheap (lien direct) | It may not be fair, but cyber crime is cheap. How cheap? You can buy ransomware for as little as $66, or hire a threat actor for $250. And if you look hard enough, you can even get a phishing kit for free on underground forums. Although these illicit methods may not be expensive, the […] | Ransomware Threat | ||
|
2022-03-14 13:00:00 | 93% of Organizations Have Network Vulnerabilities: Here\'s How to Beat the Odds (lien direct) | Cybersecurity is an ongoing battle, and the latest figures from penetration testers prove that the fight is far from over. According to Positive Technologies, 93% of all networks are open to breaches due to common vulnerabilities. However, there are proactive steps business owners can take to stay on the right side of that ratio. Take […] | |||
|
2022-03-10 14:00:00 | Starting at Home: Cybersecurity in the Hybrid Workplace (lien direct) | As people settle into the late stages of the pandemic, the hybrid workplace is not going anywhere. Therefore, the enterprise must address the increasing number of entry points into the network as more employees work remotely. In 2021, 61% of malware directed at organizations targeted remote employees via cloud apps. Since the onset of the pandemic, […] | Malware | ||
|
2022-03-09 14:00:00 | Is Anyone Doing Anything About the Explosion in Crypto Crime? (lien direct) | As cryptocurrency transactions continue to grow, it’s no surprise that crypto crime has also seen a huge upswing. In 2021, illicit addresses raked in $14 billion, up nearly 80% compared to 2020. Still, the backstories here are even more intriguing. For example, why isn’t crypto crime growth even larger given the rapid adoption of cryptocurrency […] | |||
|
2022-03-08 14:00:00 | Why You Need a Diversity and Inclusion Program in Cybersecurity (lien direct) | This is a time of major changes for businesses and agencies. That includes the move to the cloud and the shift to being digital-first. So, cybersecurity has moved to a front-and-center position in many companies and industries. When talking about security, it’s easy to focus on the tools and technologies. After all, they’re what we […] | |||
|
2022-03-07 14:00:00 | Data Fabric: What It Is and How It Impacts Cybersecurity (lien direct) | Data use and generation today are both awesome and daunting to manage. What is the best way to manage this mountain of dispersed and disparate data? A possible answer lies in the concept of ‘data fabric’ as a means to unify data. This is an integrated layer of data and connecting processes that “utilizes continuous […] | |||
|
2022-03-04 20:57:27 | New Wiper Malware Used Against Ukranian Organizations (lien direct) | On February 24, 2022, ESET reported another destructive wiper detected at a Ukrainian government organization dubbed as IsaacWiper. This is the third sample of malware IBM Security X-Force has analyzed which has been reportedly targeting systems belonging to Ukrainian organizations. IBM Security X-Force obtained a sample of the IsaacWiper ransomware and has provided the following […] | Ransomware Malware | ||
|
2022-03-03 14:00:00 | Expert Insights: What\'s Next for Ransomware? (lien direct) | Last year, many organizations stopped talking about when the workforce would be back full-time in the office. Instead, they focused on how we build a hybrid work model for the future. 2021 was active and interesting – for lack of a better word. There’s a lot to say in terms of cyber crime in general […] | |||
|
2022-03-02 14:00:00 | What to Look for in a Cybersecurity Resume (lien direct) | Staffing for cybersecurity has always presented a challenge. But with the old skills shortage combined with the new “Great Resignation,” hiring the right candidates has never been more important. The first step in looking at any prospective hire is to review resumes. People often don’t appreciate this process. It’s easy, for example, to overlook the best […] | |||
|
2022-02-25 20:00:00 | Trickbot Group\'s AnchorDNS Backdoor Upgrades to AnchorMail (lien direct) | IBM Security X-Force researchers have discovered a revamped version of the Trickbot Group’s AnchorDNS backdoor being used in recent attacks ending with the deployment of Conti ransomware. The Trickbot Group, which X-Force tracks as ITG23, is a cybercriminal gang known primarily for developing the Trickbot banking Trojan, which was first identified in 2016 and initially […] | |||
|
2022-02-24 17:00:00 | IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine (lien direct) | This post was written with contributions from IBM Security X-Force’s Christopher Del Fierro, Claire Zaboeva and Richard Emerson. On February 23, 2022, open-source intelligence sources began reporting detections of a wiper malware — a destructive family of malware designed to permanently destroy data from the target — executing on systems belonging to Ukrainian organizations. IBM […] | Malware | ||
|
2022-02-23 06:30:00 | Ransomware Resilience Tops Findings in X-Force Threat Intelligence Index 2022 (lien direct) | For the third year in a row, ransomware was the top attack type globally in 2021, despite some successes last year by law enforcement to take down ransomware groups. This was among the top findings of IBM Security’s latest research published in the tenth annual X-Force Threat Intelligence Index, a comprehensive overview of the global […] | Ransomware Threat | ||
|
2022-02-07 14:00:00 | Will the Metaverse Usher in a Universe of Security Challenges? (lien direct) | How much do you know about the metaverse? Everyone started talking about the metaverse in the summer of 2021. Facebook CEO Mark Zuckerberg kicked it off with his plan to focus his company on building what he imagined would be the future of social, business, leisure and culture: the metaverse. He even changed the name […] | |||
|
2022-02-03 14:00:00 | New Year, Same Risks? Six Cyber Resilience Resolutions for a Safer 2022 (lien direct) | 2021 was a banner year for cyber attacks. Compared to 2020, last year saw a 50% increase in attacks per week on corporate networks, even as the total cost of managing a cyber attack rose by 10%, according to IBM’s Cost of a Data Breach Report 2021. Add in the ongoing shift to hybrid work […] | Data Breach | ||
|
2022-02-02 17:00:00 | TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware (lien direct) | Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […] | Malware | ||
|
2022-02-01 14:00:00 | Identity Fraud: 9 Consumer Scams (and How to Stop Them) (lien direct) | With remote work, e-commerce activity and sophisticated breach capabilities at an all-time high, there is a perfect storm brewing. Identity fraud is not going away anytime soon. Take a look at nine common types of identity fraud, the warning signs and some identity management advice. This way, you can reduce the risk of falling victim […] | |||
|
2022-01-31 16:00:00 | Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data (lien direct) | Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The […] | |||
|
2022-01-31 14:00:00 | Why Local Governments Remain at Risk of Cyber Crime (lien direct) | While big-name incidents fill the headlines, local governments and agencies face cyber crime at an alarming rate. In a very direct way, this impacts everyone’s life. The pandemic has forced state and local groups to deploy defenses at a distance over their networks and apps. But local security is often not encrypted and insecure, with […] | |||
|
2022-01-28 14:00:00 | When it Comes to Stopping IoT Security Camera Breaches, Focus on Procurement (lien direct) | Earlier this year, an enterprise security camera system maker suffered a data breach. The incident, which involved the compromise of a Jenkins server, enabled a group of attackers to bypass the company’s authorization system, including its two-factor authentication processes. Those responsible for the compromise then abused their access to release the photos and videos of […] | |||
|
2022-01-28 12:30:00 | What You Need to Know About Data Encryption Right Now (lien direct) | You might feel like you’ve heard these imperatives a million times: “You need to encrypt your data.” “Your information isn’t secure unless you encrypt it.” “You need to eat your fruits and vegetables.” But if you’re like a lot of people, you roll your eyes because you have the good intention of taking care of […] | |||
|
2022-01-27 14:00:00 | Active Ransomware Recovery: Five Steps for Success (lien direct) | When it comes to ransomware, it’s a matter of when not if. The data tells the tale. Both the volume and types of ransomware attacks are on the rise. Plus, attackers aren’t just after enterprises. They now target businesses of all shapes and sizes. That way, they increase their chances of breaching security perimeters and […] | Ransomware | ||
|
2022-01-26 14:00:00 | 10 Years Later, What Did LulzSec Mean for Cybersecurity? (lien direct) | While working on several articles on the WannaCry attacks for my job as a cybersecurity journalist, I learned about LulzSec, which ranked among the most notable attacks of the 2010s. I wanted to find out more about the group that committed major cybersecurity attacks on many household-name companies over a chaotic 50 days in 2011. […] | Wannacry Wannacry | ||
|
2022-01-25 14:00:00 | Why Your Business Continuity Plan Should Cover Communication and Office Access (lien direct) | Imagine a scenario where your company’s digital infrastructure goes offline. Your servers are unreachable, the company website is offline, internal communication stops working and employees are locked out of offices because keycard security systems are down. Your entire company—literally everything it does—just stops. It’s a nightmare scenario, but if you’re prepared with a business continuity […] | |||
|
2022-01-24 14:00:00 | What CISA Incident Response Playbooks Mean for Your Organization (lien direct) | What does the latest U.S. federal ruling on cybersecurity mean for you? The recent executive order and U.S. Cybersecurity & Infrastructure Security Agency (CISA) commentary on it could provide a good framework for defending against ransomware and other attacks. In its executive order on ‘Improving the Nation’s Cybersecurity,’ the White House directed the Secretary of […] | Ransomware | ★★ | |
|
2022-01-24 13:00:00 | TrickBot Bolsters Layered Defenses to Prevent Injection Research (lien direct) | This post was written with contributions from IBM X-Force’s Limor Kessem and Charlotte Hammond. The cyber crime gang that operates the TrickBot Trojan, as well as other malware and ransomware attacks, has been escalating activity. As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through […] | Ransomware Malware | ||
|
2022-01-21 17:00:00 | Magecart Attacks Continue to \'Skim\' Software Supply Chains (lien direct) | Did your company or e-commerce firm recently buy third-party software from a value-added reseller (VAR) or systems integrator? Did you vet the vendor code? If not, you could be at risk for a Magecart group attack. Magecart is an association of threat actor groups who target online shopping carts, mostly from within the e-commerce platform […] | Threat | ||
|
2022-01-21 14:00:00 | What Your Team Can Learn From the DHS Cybersecurity Hiring Program (lien direct) | Employees looking for cybersecurity jobs with the federal government can now use a new system and process. The Department of Homeland Security (DHS) recently launched its Cybersecurity Talent Management System (CTMS), which is more than a new system or website. The CTMS represents a new approach to hiring in the industry. Cyberattacks are on the […] | |||
|
2022-01-20 14:00:00 | Reactive Cybersecurity: How to Get it Right (lien direct) | Cyberattacks happen. What you do afterward can affect your cybersecurity posture for years to come. But it can also affect your ongoing success as a business, your good name and your compliance with the laws that govern your industry. You can only realize the full benefits of cybersecurity with the one-two punch of strong proactive […] | |||
|
2022-01-19 21:00:00 | Cybersecurity Trends: IBM\'s Predictions for 2022 (lien direct) | After the challenging year of 2021, we look forward to what’s next in 2022. Over the past two years, we’ve seen a tremendous shift in how consumers and businesses accomplish tasks with the continued shift to digital and cloud. As a result of disappearing perimeters and increased digital data, cybersecurity attacks have, not surprisingly, increased. […] | |||
|
2022-01-19 14:00:00 | Insider Threats: How to Combat Workplace Disinformation (lien direct) | Who hasn’t heard about disinformation or fake news? And for those responsible for security, who hasn’t heard about the risk of insider threats? Both issues are well known, but how disinformation can affect cyber risk management might not be so obvious. This article won’t tell you who’s right or wrong in a political debate. Instead, […] | |||
|
2022-01-18 14:00:00 | 3 Cloud Security Trends to Watch in 2022 (lien direct) | Many organizations have cloud security on their minds going into 2022. In April 2021, for instance, Gartner predicted that global end-user spending on cloud management and security services would reach $18 million the following year. That’s a growth of 30% over the previous two years. The forecasts discussed above raise an important question. Where exactly […] | |||
|
2022-01-17 17:00:00 | What It Takes to Build the Blue Team of Tomorrow (lien direct) | A good defense takes some testing. Ethical hacking involves pitting two teams together for the sake of strengthening digital security defenses. The red team attempts to bypass digital security barriers. By doing so, they reveal both misconceptions and flaws in their employer’s attack detection. Then, the blue team tries to defend against the red team’s […] | |||
|
2022-01-17 14:00:00 | The State of Credential Stuffing Attacks (lien direct) | Credential stuffing has become a preferred tactic among digital attackers over the past few years. As reported by Help Net Security, researchers detected 193 billion credential stuffing attacks globally in 2020. Financial services groups suffered 3.4 billion of those attacks. That’s an increase of more than 45% year over year in that sector. In H1 […] | |||
|
2022-01-14 17:00:00 | Small Business Cybersecurity: What Will Be Different in 2022? (lien direct) | Every year, new tips come out about small business cybersecurity. But the advice for 2022 isn’t all that different from previous years. For instance, the U.S. Small Business Administration (SBA) talks about phishing, viruses, ransomware, strong passwords and protecting confidential information this year. Their tips on staying safe are an excellent resource that businesses should […] | |||
|
2022-01-14 14:00:00 | The Great Resignation: How to Acquire and Retain Cybersecurity Talent (lien direct) | If you’ve been following reports and whispering with industry colleagues, you know what’s going on: the cybersecurity skills gap is difficult to close, and the Great Resignation is here. The 2021 (ISC)2 workforce study gives us a mixed picture of what to expect: The Cybersecurity Workforce Estimate states there are 4.19 million cybersecurity workers worldwide, […] | |||
|
2022-01-13 16:00:00 | The Best Threat Hunters Are Human (lien direct) | “You won’t know you have a problem unless you go and look.” Neil Wyler, who is known as ‘Grifter’ in the hacker community, made that statement as a precursor to an unforgettable story. An organization hired Grifter to perform active threat hunting. In a nutshell, active threat hunting entails looking for an attacker inside an […] | Threat |
To see everything:
Our RSS (filtrered)
