What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-26 21:00:00 | Token Resistance: Tackling the New NFT Threat Landscape (lien direct) | Nonfungible tokens (NFTs) are big business — but come with significant cyber- and crypto-security risk. Part of the problem is that the NFT landscape is poorly understood. They also make up part of a massively overpriced blockchain-based network that could open the door to new security threats. So, how do companies prepare for the coming […] | Threat | ||
|
2021-05-10 21:20:00 | Shedding Light on the DarkSide Ransomware Attack (lien direct) | It has been well over a decade since cybersecurity professionals began warning about both nation-state and financially motivated cyber-kinetic attacks. Concerned about a cybersecurity threat that would have the potential to destroy physical assets and human lives, many looked to sound the alarm in industrial organizations, tracking the vulnerabilities that could lead to a compromise […] | Ransomware Threat Guideline | ||
|
2021-05-10 18:00:00 | What Is Extended Detection and Response (XDR)? (lien direct) | For many decades now, emerging threats have put organizations at risk. As the IT landscape evolved and threat actors found new ways to attack, security teams needed to find new ways to detect and respond to threats. Today, this evolving theme of complexity continues. And the list of point solutions being deployed to overcome these […] | Threat | ||
|
2021-05-03 17:30:00 | Social Engineering: Watch Out for These Threats Against Cybersecurity Experts (lien direct) | Many of us remember our parents saying not to take candy from strangers. Today, we can apply a similar mindset to avoid social engineering. Social engineering is the threat that keeps on coming back. Threat actors are learning to use even cybersecurity researchers’ best intentions against them. Let’s take a look at tactics threat actors use to target […] | Threat | ||
|
2021-04-29 14:00:00 | Is Multifactor Authentication Changing the Threat Landscape? (lien direct) | Changes to the cybersecurity threat landscape are constant and dynamic: threat actor groups come and go, alter tactics, techniques and procedures (TTPs) and adjust to new defensive mechanisms. Over time, both cyber criminal gangs and nation-state actors endure arrests and swap individuals in what can appear to be an ongoing arms race between good and […] | Threat | ||
|
2021-04-29 13:00:00 | The Story of FakeChat (lien direct) | Starting late December 2020, IBM Trusteer’s mobile threat research lab discovered and began closely tracking a new Android banking malware that appeared to be mostly targeting users in Spain. Per our analysis, the purpose of the malware is to steal credit card numbers, bank account credentials and other private information from its victims. Once a […] | Malware Threat | ★★ | |
|
2021-04-25 16:00:00 | Self-Assessment: How Can You Improve Financial Services Cybersecurity? (lien direct) | It’s common knowledge that threat actors target banks. Not only might these attackers want to directly steal money, by doing this they’re also hitting the customers and the trust in the bank. If a financial institution suffers a loss, even insurance can only go so far to minimize the actual cost to the organization. The cost […] | Threat | ||
|
2021-04-23 14:00:00 | Health Care Ransomware Strains Have Hospitals in the Crosshairs (lien direct) | The language of digital attacks shares a lot with the language of disease: ‘viruses’ ‘infect’ computers, and stopping their spread can be like trying to keep down a contagious disease. The two worlds also come together when threat actors attack using health care ransomware. When every minute could change the fate of a patient, preventing […] | Ransomware Threat | ||
|
2021-04-23 10:00:00 | Don\'t Forget: A Checklist for Offboarding Remote Employees Securely (lien direct) | We all know about the threat of threat actors trying to access our corporate data. But with the rise of remote work, keeping an eye on employees during offboarding is an important area to watch, as well. In many cases, employees can still access sensitive data well after they leave the job. This is even […] | Threat | ||
|
2021-04-21 22:30:00 | Data Poisoning: When Attackers Turn AI and ML Against You (lien direct) | Stopping ransomware has become a priority for many organizations. So, they are turning to artificial intelligence (AI) and machine learning (ML) as their defenses of choice. However, threat actors are also turning to AI and ML to launch their attacks. One specific type of attack, data poisoning, takes advantage of this. Why AI and ML Are at […] | Ransomware Threat | ||
|
2021-04-20 18:00:00 | What Is SIEM and How Does it Work? (lien direct) | A hidden, lingering threat is a cybersecurity team’s worst nightmare. With security information and event management (SIEM), your team has fewer blind spots when it comes to detecting threats. If you asked a handful of experts for their SIEM definition, you’d get several different unique takes on the market definition. Here’s ours, along with how […] | Threat | ||
|
2021-04-20 12:00:00 | \'Inbox Zero\' Your Threat Reports: How to Combat Security Alert Fatigue (lien direct) | At best, a new cybersecurity alert should trigger immediate action. But we all know in practice that work is not always clear cut. A new alert can find itself as just the latest un-addressed number in the inbox. In an inbox-zero case, the latest new alert is the most urgent task. But in a backed-up, […] | Threat | ||
|
2021-04-20 10:00:00 | Progressive Web Apps and Cookies: Taking a Bite Out of Security (lien direct) | To prevent cookie theft, have cyber defense baked in. With progressive web apps (PWA) and other relatively new protective efforts in place, how can you be sure you’re defending against today’s attackers? Here’s what enterprise needs to know about the rumbling threat of pass-the-cookie attacks, how current cloud and mobile frameworks like PWAs can empower […] | Threat | ||
|
2021-04-16 13:00:00 | How AI in Cybersecurity Addresses Challenges Faced by Today\'s SOC Analysts (lien direct) | Today’s security operations centers (SOC) have to manage data, tools and teams dispersed across the organization, making threat detection and teamwork difficult. There are many factors driving complex security work. Many people now work from home with coworkers in far-away places. The cost and maintenance of legacy tools and the migration to cloud also make […] | Threat | ||
|
2021-04-16 11:30:00 | Combating Sleeper Threats With MTTD (lien direct) | During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019. Although these early versions did not contain the malicious backdoor (this was added in March […] | Threat | ★★★ | |
|
2021-04-16 10:00:00 | Ransomware Attacks in 2021: Information Meets Emotion (lien direct) | “If you want to go quickly, go alone, but if you want to go far, go together.” This African proverb opens the Sophos 2021 Threat Report, and in view of recent cybersecurity events, its meaning is very important when it comes to defending against ransomware attacks. As threat actors work together to provide ransomware-as-a-service, defenders […] | Ransomware Threat | ||
|
2021-04-15 15:00:00 | How to Design and Roll Out a Threat Model for Cloud Security (lien direct) | Today’s cloud security requires a new way of looking at threat models. Making a threat model can support your security teams before problems start. It helps them develop a strategy for handling existing risks, instead of detecting incidents at a later stage. Let’s walk through how to create a threat model that works for your […] | Threat | ||
|
2021-04-14 22:00:00 | The IT-OT Connection: How the Two Work Together (lien direct) | Where hardware meets software, attackers can sneak in. More and more, threat actors are targeting Industrial Control Systems (ICS) and Operational Technology (OT). IBM X-Force found that the number of attacks against those types of assets increased by over 2,000% between 2018 and 2019, with the number of ICS and OT attacks in 2019 having […] | Threat | ||
|
2021-04-07 19:00:00 | Using the Threat Modeling Manifesto to Get Your Team Going (lien direct) | Secure software development requires a ‘shift left’ — paying attention to security and privacy early in the life cycle. Threat modeling is a very useful activity for achieving this goal, but for a variety of reasons, organizations struggle to introduce it. Last year, a group of industry and academy experts got together with the goal […] | Threat | ||
|
2021-04-05 11:00:00 | Cookie Hijacking: More Dangerous Than it Sounds (lien direct) | Multifactor authentication (MFA) is a great way to prevent threat actors from using stolen credentials to access your network. But with remote work becoming the norm and the attack surface widening with more apps, devices and systems connecting than ever before, threat actors are working overtime to beat MFA. Cookie hijacking in particular is a […] | Threat | ||
|
2021-04-01 12:00:00 | IBM Named a Strong Performer in The Forrester Wave™: External Threat Intelligence Services, Q1 2021 (lien direct) | How can organizations keep up with today’s evolving threat landscape, highlighted by targeted phishing attacks, profit-seeking ransomware and advanced persistent threats (APTs)? The simple answer is better threat intelligence. Please stop me if this is something you’ve heard before. As cyberattacks continue to become more wide-ranging and complex, so too has the type of threat […] | Ransomware Threat | ||
|
2021-03-31 10:00:00 | Threat Actors\' Most Targeted Industries in 2020: Finance, Manufacturing and Energy (lien direct) | IBM Security’s annual X-Force Threat Intelligence Index uses data derived from across our teams and managed customers to gather insights about the topmost targeted industries every year, helping organizations manage risk and resource investment in their security programs. When it comes to managing digital risk and facing potential cyberattacks, each industry faces its own unique […] | Threat | ||
|
2021-03-22 17:00:00 | Health Care Cybersecurity: Costly Data Breaches, Ensuring PII Security and Beyond (lien direct) | As hospitals get smarter, threat actors have more routes inside. IBM’s recent research on the health care industry shows how smart tools, which could be very valuable for today’s medical facilities, also need healing of their own. What should hospital IT security teams look out for? Our overview of the state of cybersecurity in the health […] | Threat | ||
|
2021-03-11 16:53:19 | Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts (lien direct) | IBM X-Force threat intelligence has been observing a rise in Dridex-related network attacks that are being driven by the Cutwail botnet. Dridex is delivered as a second-stage infector after an initial document or spreadsheet arrives via email with booby-trapped macros. Recipients who activate the macros unknowingly launch malicious PowerShell scripts that will download additional malware. […] | Threat | ||
|
2021-03-10 22:31:47 | Top 10 Cybersecurity Vulnerabilities of 2020 (lien direct) | What cybersecurity vulnerabilities new and old should organizations look out for this year? Let IBM X-Force be your guide to today’s top cybersecurity threats with this detailed report. First, scanning for and exploiting vulnerabilities emerged as the top infection vector of 2020, according to the 2021 X-Force Threat Intelligence Index. In other words, attackers are […] | Threat | ||
|
2021-03-02 14:00:00 | \'Clear and Present Danger\': Why Cybersecurity Risk Management Needs to Keep Evolving (lien direct) | The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms race to breach and protect, cybersecurity risk — and cybersecurity risk management — are always changing. As a recent report by World Economic Forum shows, businesses and other entities should know […] | Threat | ||
|
2021-02-24 11:00:00 | 2021 X-Force Threat Intelligence Index Reveals Peril From Linux Malware, Spoofed Brands and COVID-19 Targeting (lien direct) | From the front lines of incident response engagements to managed security services, IBM Security X-Force observes attack trends firsthand, yielding insights into the cyber threat landscape. Every year, X-Force collates billions of data points to assess cybersecurity threats to our customers. This report — the X-Force Threat Intelligence Index 2021 — represents our latest edition of […] | Threat | ||
|
2021-02-15 18:29:34 | Unleash the Power of MITRE for a More Mature SOC (lien direct) | The MITRE adversarial tactics, techniques and common knowledge (ATT&CK) framework brings pooled knowledge from across the cyber defense community, including revealing what threat actors are up to and how best you can defend against them. Let’s take a look at what MITRE offers and how this framework goes hand-in-hand with developing a security operations center (SOC) […] | Threat | ||
|
2021-02-15 16:00:00 | Network Segmentation Series: What is It? (lien direct) | This is the first in a series of three blog posts about network segmentation. Many businesses are looking to augment their defenses by changing their approach to network security. Take the heightened awareness around building zero trust networks, for instance. Embracing the shift to zero trust will require users to address the threat of lateral movement. […] | Threat | ||
|
2021-02-12 13:30:00 | Why Every Company Needs a Software Update Schedule (lien direct) | Software without the most recent patch is like an unlocked door for threat actors. They know the openings are there and can just walk in. But patching and a software update schedule can make sure that door stays locked. Applying patches isn’t difficult. Click a few buttons, reboot and you are good to go. Even […] | Threat Patching | ||
|
2021-02-09 13:00:00 | Cloud Security Considerations to Watch Out for During Mergers and Acquisitions (lien direct) | Staying vigilant through each phase of a mergers and acquisitions (M&A) process can help businesses overcome cloud threats. Threat actors have hit victims during M&As in the past, such as the data breach that affected more than 500 million customers in 2018. Such cases force businesses to look into data exposure before and after M&As, […] | Data Breach Threat | ★★★★ | |
|
2021-02-05 18:00:00 | Moving Threat Identification From Reactive to Predictive and Preventative (lien direct) | In a previous post, we focused on organizations’ characteristics, such as sector, geography, risk and impact, when discussing the pillars of building a threat identification program. Now, we move deeper into the concept and expand upon the threat identification process through example scenarios, helping translate the conceptual framework into daily practice. It’s Always About Business […] | Threat | ||
|
2021-02-05 14:00:00 | 5 Ways Companies Can Protect Personally Identifiable Information (lien direct) | Protecting personally identifiable information (PII) is one of the key aspects of a security expert’s job. What does personally identifiable information include? Social Security numbers, birth dates and places, financial accounts and more can give threat actors a foothold to identify someone or steal their money or identity. This data could also be used to […] | Threat | ||
|
2021-02-03 18:30:00 | Consider the Human Angle in Your Threat Modeling (lien direct) | When it comes to threat modeling, many businesses plan as if there were only a few possible scenarios in which cybersecurity or privacy-related incidents could occur. We need to plan for more cybersecurity hazards than just basic social engineering, insider threats and product vulnerabilities. Both our businesses and our customers face threats that are messier than […] | Threat | ||
|
2021-02-03 14:00:00 | A Look at HTTP Parameter Pollution and How To Prevent It (lien direct) | With HTTP Parameter Pollution (HPP) attacks, threat actors can hide scripts and processes in URLs. First discovered in 1999, this technique can also allow threat actors to pollute the parameters in the URL and the request body. This could lead to behavior changes in the app, such as cross-site scripting, privilege changes or granting unwanted […] | Threat Guideline | ||
|
2021-02-01 23:30:00 | Password Safety: Rethink Your Strong Password (lien direct) | “Use longer, stronger passwords.” This is a directive we’ve been accustomed to hearing for decades. Many of us are using strong passwords with a combination of uppercase letters, lowercase letters, numbers and special characters. The speed at which threat actors can brute force our long passwords has ramped up. In a brute force password attack, […] | Threat | ||
|
2021-01-28 14:00:00 | What You Need to Know About Scam Text Messages in 2021 (lien direct) | The threat of scam text messages may now seem distant, even quaint. With all the new, exotic and sophisticated attacks that have arisen in the past decade, surely text message attacks are low on the list. But, they can still be a big problem. Short message service (SMS) scams are social engineering attacks that work […] | Threat | ||
|
2021-01-25 13:00:00 | Credential Stuffing: AI\'s Role in Slaying a Hydra (lien direct) | One data breach can lead to another. Because so much of the data stolen in breaches ends up for sale on the dark web, a threat actor can purchase authentication credentials — the emails and passwords — of the organization’s employees without having to steal them directly. With that information in hand, threat actors have […] | Data Breach Threat Guideline | ||
|
2021-01-15 18:00:00 | Misconfigurations: A Hidden but Preventable Threat to Cloud Data (lien direct) | Working in the cloud has many advantages. But to handle your information safely, you should know how to defend against the common problem of misconfigurations leaving cloud data open to thieves. What are the Benefits of Cloud Computing? Many groups are expanding their use of the cloud. In November 2019, Gartner announced its prediction that […] | Threat | ★★ | |
|
2021-01-14 21:30:00 | Preparing a Client Environment for Threat Management (lien direct) | A key part of making any threat management program successful is ensuring it maps properly to the client’s needs. In the past, this has been challenging for many groups providing threat management to their internal teams. The challenge has largely been in making sure the proposed program and the suite of solutions find and call […] | Threat | ||
|
2021-01-12 14:00:00 | Peaks and Valleys: The Mental Health Side of Cybersecurity Risk Management (lien direct) | There is one risk cybersecurity experts often overlook: burnout. We can build on threat detection and incident response capabilities and use cybersecurity risk management frameworks, such as NIST CSF, to improve our overall risk posture all we want without ever looking inward. Because burnout is internal, we may not always see it. But left unmanaged, it can […] | Threat | ||
|
2021-01-11 23:00:00 | What is STRIDE and How Does It Anticipate Cyberattacks? (lien direct) | STRIDE threat modeling is an important tool in a security expert’s arsenal. Threat modeling provides security teams with a practical framework for dealing with a threat. For example, the STRIDE model offers a proven methodology of next steps. It can suggest what defenses to include, the likely attacker’s profile, likely attack vectors and the assets […] | Tool Threat | ||
|
2021-01-07 20:00:00 | Why Red Team Testing Rules the Cloud (lien direct) | Red team testing is a key way to help prevent data breaches today. Most cyber defense focuses on spotting openings and fixing general risks in your environment. Red teaming not only reduces risks, but also prevents possible breaches. Methods, such as threat modeling, static analysis and dynamic testing, reduce the attack surface but do not […] | Threat | ||
|
2020-12-22 19:00:00 | 7 Cybersecurity Tools On Our Holiday Wish List (lien direct) | The holiday season is upon us. After a difficult year, and facing an even more challenging year ahead, digital defense experts don’t have visions of sugar plums dancing in their heads. Instead, they dream of cybersecurity tools and other resources to help them cope with a wild threat landscape. Here’s our ultimate holiday wish list. […] | Threat | ||
|
2020-12-10 11:00:00 | How Open Security Can Make Threat Management More Efficient (lien direct) | Security operations center (SOC) teams struggle with an array of challenges. Too many tools can make the work too complex; and recruiting and retaining personnel can be hard amidst a skills shortage. Experts need to focus on using their skills to their fullest. But, an open approach can improve threat management in a way that […] | Threat | ||
|
2020-12-03 11:00:00 | IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain (lien direct) | At the onset of the COVID-19 pandemic, IBM Security X-Force created a threat intelligence task force dedicated to tracking down COVID-19 cyber threats against organizations that are keeping the vaccine supply chain moving. As part of these efforts, our team recently uncovered a global phishing campaign targeting organizations associated with a COVID-19 cold chain. The cold […] | Threat | ||
|
2020-12-02 13:33:40 | Why You Might Need to Outsource Your Privileged Access Management Program (lien direct) | The crown jewels of cybercrime are the level of access privileged users have to your company’s most critical data and assets. Therefore, monitoring them with a Privileged Access Management (PAM) program is key. After all, with this access in hand, threat actors can quickly and easily breach your systems, expand their privileges and do what […] | Threat | ||
|
2020-11-19 12:00:00 | Cybersecurity Framework: How To Create A Resilience Strategy (lien direct) | A cyber resilience framework, or cybersecurity framework, is a crucial component of modern-day business. In the face of rising threats from malware, phishing and high-tech threat actors, a cyber resilient company can position itself as a secure model for data protection customers can trust. Despite the growing security risks in a remote working world, many […] | Threat | ||
|
2020-11-12 18:30:00 | A Quick Guide to Effective SIEM Use Cases (lien direct) | Part of successfully setting up your security operations center (SOC) is defining your SIEM use cases. Use cases help and support security analysts and threat monitoring goals. What is a use case? A use case can be a mix of multiple technical rules within the SIEM tool, or can be a mix of actions from […] | Threat | ||
|
2020-10-29 16:30:00 | Threat Analysis: How the Rapid Evolution of Reporting Can Change Security (lien direct) | With the advancements in data reporting gleaned from security information and event management (SIEM) tools and adjacent solutions, every security team today can face information overload and paralysis. To gain clarity within this murk, the practice of threat analysis has emerged and continues to evolve with time. With it, security professionals can find and fix the […] | Threat |
To see everything:
Our RSS (filtrered)
