What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-23 13:00:00 | How to Respond to Non-Malicious Data Breaches (lien direct) | >It’s easy to assume most, if not all, data breaches are malicious. Surely, attackers strike on purpose. However, almost two-thirds of data breaches start from mistakes, not an intent to cause harm. According to the Cost of Insider Threats Report from Ponemon, negligent employees create around 62% of security incidents, costing an average of $307,111 […] | Threat | ||
|
2022-05-19 13:00:00 | Malicious Reconnaissance: What It Is and How To Stop It (lien direct) | >You spend your days getting ready to stop threat actors. But even as you wonder, attackers could already be ‘casing the joint’. Before any well-organized attack, skillful or professional attackers quietly snoop around, looking for chances to gain access. It’s called malicious reconnaissance — the unauthorized active monitoring or probing of any information system to […] | Threat | ||
|
2022-05-09 13:00:00 | New DOJ Team Focuses on Ransomware and Cryptocurrency Crime (lien direct) | While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence […] | Ransomware Threat | ★★★ | |
|
2022-05-05 15:35:00 | X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021 (lien direct) | From 2020 to 2021, there was a 33% increase in the number of reported incidents caused by vulnerability exploitation, according to the 2022 X-Force Threat Intelligence Index. A large percentage of these exploited vulnerabilities were newly discovered; in fact, four out of the top five vulnerabilities in 2021 were newer vulnerabilities. Vulnerability exploitation was the […] | Vulnerability Threat | ||
|
2022-04-28 13:00:00 | What Are the Biggest Phishing Trends Today? (lien direct) | According to the 2022 X-Force Threat Intelligence Index, phishing was the most common way that cyber criminals got inside an organization. Typically, they do so to launch a much larger attack such as ransomware. The Index also found that phishing was used in 41% of the attacks that X-Force remediated in 2021. That’s a 33% […] | Threat | ||
|
2022-03-22 13:00:00 | IoT Security and the Internet of Forgotten Things (lien direct) | In 2017, the number of connected devices surpassed the world’s human population. That’s a lot of things. However, many of them were not built with security in mind. It didn’t take long for attackers to take advantage of Internet of Things (IoT) vulnerabilities. One case in 2016 saw threat actors take down Dyn, a company […] | Threat | ||
|
2022-03-21 20:30:00 | Threat Modeling Approaches: On Premises or Third Party? (lien direct) | What’s the difference between on-premises and cloud security threat modeling approaches? Both can help protect against cloud threats and have distinct benefits and risks. The latest tech developments are happening here in the cross-section of cybersecurity and cloud security. More and more treasured data is being kept and used to make data-driven decisions. So, defending […] | Threat | ||
|
2022-03-15 13:00:00 | It\'s Not Fair, But Cyber Crime Is Cheap (lien direct) | It may not be fair, but cyber crime is cheap. How cheap? You can buy ransomware for as little as $66, or hire a threat actor for $250. And if you look hard enough, you can even get a phishing kit for free on underground forums. Although these illicit methods may not be expensive, the […] | Ransomware Threat | ||
|
2022-02-23 06:30:00 | Ransomware Resilience Tops Findings in X-Force Threat Intelligence Index 2022 (lien direct) | For the third year in a row, ransomware was the top attack type globally in 2021, despite some successes last year by law enforcement to take down ransomware groups. This was among the top findings of IBM Security’s latest research published in the tenth annual X-Force Threat Intelligence Index, a comprehensive overview of the global […] | Ransomware Threat | ||
|
2022-01-21 17:00:00 | Magecart Attacks Continue to \'Skim\' Software Supply Chains (lien direct) | Did your company or e-commerce firm recently buy third-party software from a value-added reseller (VAR) or systems integrator? Did you vet the vendor code? If not, you could be at risk for a Magecart group attack. Magecart is an association of threat actor groups who target online shopping carts, mostly from within the e-commerce platform […] | Threat | ||
|
2022-01-13 16:00:00 | The Best Threat Hunters Are Human (lien direct) | “You won’t know you have a problem unless you go and look.” Neil Wyler, who is known as ‘Grifter’ in the hacker community, made that statement as a precursor to an unforgettable story. An organization hired Grifter to perform active threat hunting. In a nutshell, active threat hunting entails looking for an attacker inside an […] | Threat | ||
|
2022-01-05 14:00:00 | The 5 Most Hotly Contested Security Trends and Questions (lien direct) | The worst thing that organizations can do is take a hard stance with their cybersecurity efforts. The digital threat landscape is constantly evolving. If organizations settle into a viewpoint, they could elevate one source of risk into something unrealistic—all while missing other digital threats. This reflects just how much assumptions drive cybersecurity-related decisions. Forbes put […] | Threat | ||
|
2022-01-04 14:00:00 | Protecting Your Data From a Unique Threat: Misinformation (lien direct) | It’s the target for attackers. It drives unique insights and innovation. Data is the most valuable asset your organization has. Now, more than ever before, your company’s information faces a unique threat — one for which many cybersecurity teams aren’t prepared — misinformation. The value of data isn’t lost on most cybersecurity leaders, but data […] | Threat Guideline | ||
|
2021-12-30 14:00:00 | Intelligent Adversary Engagement: Deceiving the Attacker (lien direct) | Traditional security isn’t always enough to keep attackers at bay. When it comes to sneaking into networks, detection will often only come after malicious traffic reaches systems such as next-generation firewalls and intrusion detection and prevention systems. Meanwhile, threat actors have free range. But if you can trick the attacker attempting to trick you, it’s […] | Threat | ||
|
2021-12-21 14:00:00 | What Cybersecurity Professionals Are Wishing for This Holiday Season (lien direct) | After another tough year in the cybersecurity trenches, security professionals deserve a well-earned holiday, along with some powerful gifts to help them cope with the new year’s daunting threat landscape and the security challenges to come. Here’s our rundown of what cybersecurity professionals are wishing for this holiday season. 1. An Artificial Intelligence Ethical Hacking […] | Threat | ||
|
2021-12-15 11:00:00 | Nation State Threat Group Targets Airline with Aclip Backdoor (lien direct) | In March 2021, IBM Security X-Force observed an attack on an Asian airline that we assess was likely compromised by a state-sponsored adversary using a new backdoor that utilizes Slack. The adversary leveraged free workspaces on Slack, a legitimate messaging and collaboration application likely to obfuscate operational communications, allowing malicious traffic, or traffic with underlying […] | Threat | ||
|
2021-12-06 17:00:00 | 7 Holiday Cybersecurity Tips to Try Before The Year Ends (lien direct) | The holiday rush is upon us, and so is the risk of cyberattack. Threat actors often get to work during the holidays. IT staff is heading out for vacation, and everyone is in a hurry. This means we might skimp on security. Still, there are some holiday cybersecurity tips that will help make the season […] | Threat | ||
|
2021-12-01 19:15:00 | Roundup: Ransomware, the Future of the Cloud and Cyber Careers (lien direct) | Digital threats can have physical consequences. As we’ve seen this year, the United States government is taking the threat of ransomware seriously. That’s especially the case when it comes to physical infrastructure. If your business — like many — lives at the intersection of the Internet of Things and the things that make our world […] | Ransomware Threat | ★★★★ | |
|
2021-12-01 08:00:00 | X-Force Threat Intelligence: Monthly Malware Roundup (lien direct) | Today’s reality means that organizations need to be constantly vigilant against security breaches. Having a robust incident response plan in place is vital. IBM Security X-Force is a team dedicated to delivering the latest threat intelligence, research and analysis reports that help you manage risk in your organization. This monthly malware roundup offers a summary […] | Malware Threat | ||
|
2021-11-22 17:00:00 | A Journey in Organizational Resilience: Insider Threats (lien direct) | Very much like privacy concerns, insider threats may not be the first issue to come to mind when building an enterprise cyber resilience plan. However, they should be. Here is why: because as we noted in the first piece of this series, you want to be able to bend while others break. An insider threat […] | Threat | ||
|
2021-11-10 14:00:00 | Breach and Attack Simulation: Hack Yourself to a More Secure Future (lien direct) | Getting breached is the surest way to learn your organization’s cybersecurity vulnerabilities. And that’s why you need to hack yourself before threat actors do. A cyber breach and attack simulation, also called red teaming, is best to understand vulnerabilities in practice, rather than just theory. What can you do before, during and after a simulated […] | Hack Threat | ||
|
2021-11-05 16:00:00 | How to Deal With Unpatched Software Vulnerabilities Right Now (lien direct) | According to the 2021 X-Force Threat Intelligence Index, scanning for and exploiting vulnerabilities was the top infection vector of 2020. Up to one in three data breaches stemmed from unpatched software vulnerabilities. Take a look at this list of vulnerabilities or design flaws with no official Microsoft fix. In any case, one in three might […] | Threat | ★★ | |
|
2021-11-02 13:00:00 | Taking Threat Detection and Response to the Next Level with Open XDR (lien direct) | The challenges facing today’s security industry can easily be described as a perfect storm: increasingly sophisticated cyber attackers combined with the proliferation of security tools to cover an expanding attack surface driven by remote work and cloud adoption. These dynamics can lead to disconnected insights and data, putting even more pressure on the existing shortage […] | Threat Guideline | ||
|
2021-10-28 17:00:00 | 2021 Cyber Resilient Organization Study: Rise of Ransomware Shows the Need for Zero Trust and XDR (lien direct) | “How many millions did you pay threat actors in a ransomware attack?” “Which investments most significantly improved cyber resiliency for your organization?” “Do you have a cybersecurity incident response plan that’s applied consistently across your enterprise?” The answers to these and other key questions produced several notable findings in the latest 2021 Cyber Resilient Organization […] | Ransomware Threat | ★★★★ | |
|
2021-10-25 19:30:00 | Nobelium Espionage Campaign Persists, Service Providers in Crosshairs (lien direct) | In an advisory released on October 24, Microsoft announced ongoing campaigns it has attributed to the Nobelium state-sponsored threat group. IBM X-Force tracks this group as Hive099. If the name sounds familiar, that’s because it is the same group that targeted SolarWinds in 2020. The U.S. government has identified Nobelium as part of Russia’s foreign […] | Threat | ||
|
2021-10-21 16:00:00 | Database Security Best Practices: The Essential Guide (lien direct) | In 2021, an F-35 fighter jet is more likely to be taken out by a cyberattack than a missile. In the digital age, the threat of an attack is everywhere and constantly growing. If your company or agency fails to adhere to database security best practices, you risk a lot. Items at risk include your […] | Threat | ||
|
2021-10-20 21:30:00 | Detections That Can Help You Identify Ransomware (lien direct) | One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed […] | Ransomware Threat | ||
|
2021-10-08 13:00:00 | The Case for Cybersecurity Education for Engineers (lien direct) | Engineering and cybersecurity are two distinct disciplines, each demanding its own rigorous education and training. But should there be crossover? Should engineers or engineering students invest in cybersecurity education as well? What are the opportunities for engineers to gain expertise in protecting against threat actors in the software realm? As the world becomes more complex […] | Threat | ||
|
2021-10-06 19:30:00 | Phishing Attacks Are Top Cyber Crime Threat, Easier Than Ever to Create and Deploy (lien direct) | Why is one of cyber crime’s oldest threats still going strong? The Anti-Phishing Working Group (APWG) reports that January 2021 marked an unprecedented high in the APWG’s records, with over 245,771 phishing attacks in one month. IBM X-Force’s 2021 Threat Intelligence Index found that phishing led to 33% of cyber attacks organizations had to deal […] | Threat | ★★ | |
|
2021-10-01 13:00:00 | Cybersecurity Awareness Month: It\'s Time to Ditch the Fear (lien direct) | Cybersecurity awareness month is here. Each year, it’s important to explore any new tactics the industry can leverage to raise awareness. The threat landscape is evolving and expanding too quickly for us to keep up. So, we can’t afford to rely on the same awareness gambits year after year. For as long as the […] | Threat | ||
|
2021-09-14 19:30:00 | Starting Your AI Security Journey With Deep Learning (lien direct) | You’ve probably heard how using artificial intelligence (AI) can improve your cybersecurity — and how threat actors are using AI to launch attacks. You know that you need to use the same tools, if not better ones. AI security is about having the right tools, but also about having the right information. But you aren’t […] | Threat | ||
|
2021-09-03 16:10:00 | Fighting Cyber Threats With Open-Source Tools and Open Standards (lien direct) | Detecting cyber threats is usually the first critical step in the mitigation of cyber attacks. Common means to achieve this goal are rules or analytics that track network and system behaviors and raise alerts when potentially malicious attacks are identified. Once a potential threat is detected, the staff of the security operations center (SOC) investigates […] | Threat | ||
|
2021-09-01 19:00:00 | The OWASP Top 10 Threats Haven\'t Changed in 2021 - But Defenses Have (lien direct) | The more things change, the more they stay the same. Despite a changing threat landscape and threat actors who keep upping their game, the vulnerabilities behind the threats remain consistent. The OWASP Top 10, ranked by the Open Web Application Security Project, lists the 10 most prominent and dangerous risks and threats for applications. The […] | Threat | ||
|
2021-08-26 16:00:00 | Data Poisoning: The Next Big Threat (lien direct) | Data poisoning against security software that uses artificial intelligence (AI) and machine learning (ML) is likely the next big cybersecurity risk. According to the RSA 2021 keynote presentation by Johannes Ullrich, dean of research of SANS Technology Institute, it’s a threat we should all keep an eye on. “One of the most basic threats when […] | Threat | ||
|
2021-08-23 18:30:00 | Pay Now or Pay Later: Don\'t Procrastinate When It Comes to Preventing Ransomware (lien direct) | Data breaches like ransomware can be catastrophic for some businesses. Not only do affected organizations lose revenue from the downtime that occurs during the incident, the post-breach costs can be significant. These costs can include everything from the time and resources it takes to detect how the compromise occurred and remediate the actual threat to […] | Ransomware Threat | ||
|
2021-08-20 18:00:00 | Behavior Transparency: Where Application Security Meets Cyber Awareness (lien direct) | How can you tell when software is behaving strangely if you don’t know what the right behavior is? That’s an important question when it comes to threat actors. After all, attackers often hijack honest software, networks and systems for dishonest ends. To stop them with security tools, the first step must be to have great […] | Threat | ||
|
2021-08-19 16:00:00 | Critical Infrastructure Attack Trends: What Business Leaders Should Know (lien direct) | Amateur threat actors have been able to compromise critical infrastructure like industrial control systems (ICS) and other operational technology (OT) assets more often lately. Compromises of exposed OT assets rose over the past 18 months, according to threat researchers at Mandiant, with attackers using readily-available tools and common techniques to gain access to the systems. […] | Threat | ||
|
2021-08-17 16:00:00 | Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang (lien direct) | Ransomware has become the number one cyber threat to organizations, making up nearly 25% of attacks IBM X-Force Incident Response remediated in 2020. Ransomware is making headlines on a regular basis due to the high impact of certain attacks on victims in critical industries. It’s unlikely that the pace of attacks will slow down in […] | Ransomware Threat | ||
|
2021-08-17 15:00:00 | How to Avoid Smishing Attacks Targeting Subscription Service Users (lien direct) | If you’re anything like me, you used delivery more during the pandemic than before. Both getting food brought to my door and meal kit boxes mean people don’t have to mask up and go out to the grocery store. But threat actors know that, too. Recent scams take advantage of people signing up for more […] | Threat | ||
|
2021-08-04 20:30:00 | ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group (lien direct) | This blog supplements a Black Hat USA 2021 talk given August 2021. IBM Security X-Force threat intelligence researchers continue to track the infrastructure and activity of a suspected Iranian threat group ITG18. This group’s tactics, techniques and procedures(TTPs) overlap with groups known as Charming Kitten, Phosphorus and TA453. Since our initial report on the group’s training […] | Threat Conference | APT 35 APT 35 | |
|
2021-07-29 21:00:00 | July 2021 Security Intelligence Roundup: Ransomware, Security by Design and How to Analyze in Windows With Frida (lien direct) | Getting and staying ahead of threat actors means knowing the cybersecurity landscape. Today, that still often means ransomware and changing the ways and places we work. July’s top stories include a supply chain attack from the REvil ransomware gang and how to fold security into design. We also have a deep dive into password safety, […] | Ransomware Threat | ||
|
2021-07-20 14:30:00 | How Data Discovery and Zero Trust Can Help Defend Against a Data Breach (lien direct) | As more companies start to use the cloud, the threat of a data breach and the rules and fines that go with it has only grown. Therefore, companies and agencies need to anticipate and adapt to their changing data and IT landscape. For that, a zero trust approach to data security and privacy might be […] | Data Breach Threat | ||
|
2021-07-16 19:00:00 | 3 Myths About Threat Actors and Password Safety (lien direct) | You’ve seen the memes and the warnings on social media — answering questions about your life history is ruining your password safety. It’s giving the bad guys the information they need to figure out your passwords and get the answers to your security questions. But is that true? Are people lurking on social media waiting […] | Threat | ||
|
2021-07-07 13:00:00 | Attacks on Operational Technology From IBM X-Force and Dragos Data (lien direct) | Operational Technology Threats in 2021: Ransomware, Remote Access Trojans and Targeted Threat Groups Organizations with operational technology (OT) networks face many unique — and often complicated — considerations when it comes to cybersecurity threats. One of the main challenges facing the community is the convergence of an increasingly OT-aware and capable threat landscape with the […] | Threat | ||
|
2021-06-16 21:00:00 | Why a Phishing Attack Is Still Profitable - And How To Stop One (lien direct) | As the business world continues to grapple with an expanding definition of new normal, the phishing attack remains a common tactic for attackers. Why are phishing attacks still happening? How can we prevent them? We spoke to a threat analyst who has the answers. In May 2020, X-Force research uncovered a precision-targeting (or spear phishing) […] | Threat | ||
|
2021-06-16 19:00:00 | The Hottest Cybersecurity Must-Reads for the Busy Security Practitioner (lien direct) | You’re busy. We get that. Let’s suppose you’re like most of your colleagues in security. In that case, it’s almost like Groundhog Day. It starts with chasing the latest threat and protecting your company or agency from attacks. It ends with you wondering where the last eight (or more) hours went. This leaves you little […] | Threat | ||
|
2021-06-04 12:00:00 | Ransomware Attack Response Should Extend Beyond Money to Your Team\'s Morale (lien direct) | A ransomware attack can hurt employee morale in unique ways compared to other types of attacks. Depending on how the company reacts, employee morale can drop, and security teams become less effective. While recovering from any malware incident can cost a significant amount of money, too many companies respond to ransomware by funding threat actors […] | Ransomware Malware Threat | ||
|
2021-06-01 09:00:00 | Zero Trust or Bust: What It Is and Why It Matters to Data Security (lien direct) | How many different ways can data be compromised? First, both external and internal threats can target it. External threats can come in the form of malware or ransomware. Meanwhile, internal threats can come from malicious insiders working from behind trusted accounts. Insiders can become a threat simply by clicking a phishing link or being tricked […] | Malware Threat | ||
|
2021-05-31 14:00:00 | Strike First: The Benefits of Working With an Ethical Hacker (lien direct) | With cybersecurity attacks on the rise, companies must explore new ways to stay one step ahead of threat actors. IDG Research Services found that 78% of IT leaders are not confident in their companies’ security postures, which lead 91% of organizations to increase cybersecurity funding for 2021. As part of this increased focus, many companies are turning […] | Threat Guideline | ||
|
2021-05-28 18:00:00 | Hackers Launch Cyberattack via U.S. Aid Agency Email Accounts (lien direct) | Microsoft announced a Russian threat group (ITG05, aka Nobellium, APT28) also thought to be behind the SolarWinds attack conducted an email campaign masquerading as the U.S. Agency for International Development. Microsoft reports that while organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries. The earlier campaign […] | Threat | APT 28 |
To see everything:
Our RSS (filtrered)
