What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-04 15:00:00 | It et OT Cybersecurity: une approche holistique IT and OT cybersecurity: A holistic approach (lien direct) |
> Dans le domaine de la cybersécurité, les technologies de l'information (TI) et les technologies opérationnelles (OT) présentent des défis distincts que les organisations doivent naviguer.Assurer la sécurité de ces domaines distincts est primordial pour renforcer votre cyber-résilience globale.En suivant les meilleures pratiques décrites dans cet article, vous pouvez minimiser les vulnérabilités potentielles et garder votre posture de sécurité forte.[& # 8230;]
>In the realm of cybersecurity, both information technology (IT) and operational technology (OT) present distinct challenges that organizations must navigate. Ensuring the security of these distinct domains is paramount to bolstering your overall cyber resilience. By following the best practices outlined in this article, you can minimize potential vulnerabilities and keep your security posture strong. […] |
Vulnerability Industrial | ★★★ | |
|
2023-11-15 14:00:00 | Pentesting vs Pentest en tant que service: quel est le meilleur? Pentesting vs. Pentesting as a Service: Which is better? (lien direct) |
> Dans le paysage de la cybersécurité en évolution rapidement en évolution rapide, les organisations recherchent constamment les moyens les plus efficaces de sécuriser leurs actifs numériques.Les tests de pénétration (pentisting) sont devenus une solution principale pour identifier les vulnérabilités potentielles du système tout en renforçant les lacunes de sécurité qui peuvent conduire à une attaque.Dans le même temps, un nouveau participant dans l'arène de sécurité est à la pente [& # 8230;]
>In today’s quickly evolving cybersecurity landscape, organizations constantly seek the most effective ways to secure their digital assets. Penetration testing (pentesting) has emerged as a leading solution for identifying potential system vulnerabilities while closing security gaps that can lead to an attack. At the same time, a newer entrant into the security arena is Pentesting […] |
Vulnerability | ★★ | |
|
2023-11-14 14:00:00 | L'évolution des ransomwares: leçons pour l'avenir The evolution of ransomware: Lessons for the future (lien direct) |
> Les ransomwares font partie de l'écosystème de la cybercriminalité depuis la fin des années 1980 et restent une menace majeure dans le cyber paysage aujourd'hui.Les attaques en évolution des ransomwares deviennent de plus en plus sophistiquées à mesure que les acteurs de la menace tirent parti des vulnérabilités, de l'ingénierie sociale et des menaces d'initiés.Bien que l'avenir des ransomwares regorge de menaces inconnues, nous pouvons nous tourner vers [& # 8230;]
>Ransomware has been part of the cyber crime ecosystem since the late 1980s and remains a major threat in the cyber landscape today. Evolving ransomware attacks are becoming increasingly more sophisticated as threat actors leverage vulnerabilities, social engineering and insider threats. While the future of ransomware is full of unknown threats, we can look to […] |
Ransomware Vulnerability Threat | ★★★ | |
|
2023-10-10 17:20:00 | Cruisant de manière critique de zéro (jour): exploiter le service de streaming du noyau Microsoft Critically Close to Zero(Day): Exploiting Microsoft Kernel Streaming Service (lien direct) |
> Le mois dernier, Microsoft a corrigé une vulnérabilité dans le serveur de streaming Microsoft Kernel, un composant de noyau Windows utilisé dans la virtualisation et le partage des appareils de caméra.La vulnérabilité, CVE-2023-36802, permet à un attaquant local de dégénérer les privilèges du système.Ce billet de blog détaille mon processus d'exploration d'une nouvelle surface d'attaque dans le noyau Windows, en trouvant un [& # 8230;]
>Last month Microsoft patched a vulnerability in the Microsoft Kernel Streaming Server, a Windows kernel component used in the virtualization and sharing of camera devices. The vulnerability, CVE-2023-36802, allows a local attacker to escalate privileges to SYSTEM. This blog post details my process of exploring a new attack surface in the Windows kernel, finding a […] |
Vulnerability | ★★ | |
|
2023-10-09 13:00:00 | Aller au-delà du balayage de vulnérabilité pour renforcer votre surface d'attaque Moving beyond vulnerability scanning to strengthen your attack surface (lien direct) |
> Garder une longueur d'avance sur les violations potentielles est une priorité absolue pour les équipes de sécurité au sein des organisations de toutes tailles.La numérisation de la vulnérabilité est depuis longtemps le fondement de ces efforts, permettant aux entreprises d'identifier les faiblesses de leur posture de sécurité.Cependant, à mesure que les cyberattaques se développent en sophistication et en échelle et avec un grand nombre de vulnérabilités communes et [& # 8230;]
>Staying one step ahead of potential breaches is a top priority for security teams within organizations of all sizes. Vulnerability scanning has long been a foundation of these efforts, allowing businesses to identify weaknesses in their security posture. However, as cyberattacks grow in sophistication and scale and with a large number of Common Vulnerabilities and […] |
Vulnerability | ★★ | |
|
2023-10-06 11:00:00 | X-Force découvre la campagne Global NetScaler Gateway Creasenal X-Force uncovers global NetScaler Gateway credential harvesting campaign (lien direct) |
> Ce poste a été rendu possible grâce aux contributions de Bastien Lardy et Ruben Castillo.En septembre 2023, X-Force a découvert une campagne où les attaquants exploitaient la vulnérabilité identifiée dans CVE-2023-3519 pour attaquer les passerelles Netscaler non corrigées pour insérer un script malveillant dans le contenu HTML de la page Web d'authentification pour capturer des informations d'identification des utilisateurs.Le [& # 8230;]
>This post was made possible through the contributions of Bastien Lardy and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The […] |
Vulnerability | ★★★ | |
|
2023-06-05 13:00:00 | Comment stimuler la cybersécurité grâce à une meilleure communication How to Boost Cybersecurity Through Better Communication (lien direct) |
> La sécurité serait facile sans les utilisateurs. & # 160;Cette déclaration est aussi absurde que vraie.Il est également vrai que les entreprises ne seraient pas possibles sans les utilisateurs.En plus de traiter tous les nouveaux risques, vulnérabilité et vecteur d'attaque qui arrivent, les pros de la cybersécurité ont besoin [& # 8230;]
>Security would be easy without users. That statement is as absurd as it is true. It’s also true that business wouldn’t be possible without users. It’s time to look at the big picture when it comes to cybersecurity. In addition to dealing with every new risk, vulnerability and attack vector that comes along, cybersecurity pros need […] |
Vulnerability | ★★ | |
|
2023-03-30 13:00:00 | X-Force empêche zéro jour d'aller n'importe où [X-Force Prevents Zero Day from Going Anywhere] (lien direct) | > Ce blog a été rendu possible grâce aux contributions de Fred Chidsey et Joseph Lozowski.La base de données de vulnérabilité et d'exploitation X-Force montre que le nombre de jours zéro publiés chaque année est en augmentation, mais X-Force a observé que seuls quelques-uns de ces jours zéro sont rapidement adoptés par les cybercriminels chaque année.Tandis que [& # 8230;]
>This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only a few of these zero days are rapidly adopted by cyber criminals each year. While […] |
Vulnerability | ★★★ | |
|
2023-03-13 13:00:00 | The Role of Customer Service in Cybersecurity (lien direct) | >The old adage “cybersecurity is everyone’s job” is more true than you might imagine. While not every department is tasked with threat hunting or reviewing detailed vulnerability disclosures, each has a role in protecting the organization from fraudsters and cyber criminals alike. Customer service is uniquely positioned as the face of the company. These departments […] | Vulnerability Threat | ★★★ | |
|
2023-01-23 14:00:00 | Log4j Forever Changed What (Some) Cyber Pros Think About OSS (lien direct) | >In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath of applications and services. Nearly anything from popular consumer and enterprise platforms to critical infrastructure […] | Vulnerability | ★★ | |
|
2022-09-22 13:00:00 | Does Follina Mean It\'s Time to Abandon Microsoft Office? (lien direct) | As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m […] | Malware Vulnerability | ||
|
2022-05-05 15:35:00 | X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021 (lien direct) | From 2020 to 2021, there was a 33% increase in the number of reported incidents caused by vulnerability exploitation, according to the 2022 X-Force Threat Intelligence Index. A large percentage of these exploited vulnerabilities were newly discovered; in fact, four out of the top five vulnerabilities in 2021 were newer vulnerabilities. Vulnerability exploitation was the […] | Vulnerability Threat | ||
|
2022-04-27 17:02:00 | Electron Application Attacks: No Vulnerability Required (lien direct) | While you may have never heard of “Electron applications,” you most likely use them. Electron technology is in many of today’s most popular applications, from streaming music to messaging to video conferencing applications. Under the hood, Electron is essentially a Google Chrome window, which developers can modify to look however they prefer. Since Chrome is […] | Vulnerability | ||
|
2021-12-18 05:40:00 | Log4Shell Vulnerability Risks for OT Environments - and How You Can Better Protect Against Them (lien direct) | You’d have to look far and wide to find an IT professional who isn’t aware of (and probably responding to) the Log4Shell vulnerability. The Operational Technology (OT) sector is no exception, yet the exact exposure the vulnerability poses to OT technology is yet to be fully uncovered. The vulnerability was first made public earlier this […] | Vulnerability | ||
|
2021-12-11 18:50:00 | Update on Apache Log4j Zero-Day Vulnerability (lien direct) | IBM Security is following a recent disclosure regarding an Apache vulnerability in the Log4j Java library dubbed Log4Shell (or LogJam). X-Force Exchange has further details on the exploit. Millions of applications use the Java-based Log4j library to log activity, including several prominent web services. Apache has issued a patch with an update to the latest […] | Vulnerability | ||
|
2021-12-03 11:00:00 | Data Security: Defending Against the Cache Poisoning Vulnerability (lien direct) | Do you trust your cache? To meet the demands of the end-users and speed up content delivery, content caching by web servers and content delivery networks (CDN) has become a vital part of the modern web. To explain how this can create vulnerabilities when it comes to data security requires first asking another question. Namely, […] | Vulnerability | ||
|
2021-11-16 17:00:00 | Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform (lien direct) | In an age where organizations have established a direct dependence on software to run critical business operations, it’s fundamental that they are evaluating their software development lifecycles and that of their extended environment — third-party partners — against the same standards. Concerns around vulnerability management are gaining more government attention around the world in order […] | Vulnerability | ||
|
2021-10-27 16:00:00 | The Weaponization of Operational Technology (lien direct) | Contributed to this research: Adam Laurie and Sameer Koranne. Given the accelerating rise in operational technology (OT) threats, this blog will address some of the most common threats IBM Security X-Force is observing against organizations with OT networks, including ransomware and vulnerability exploitation. IBM will also highlight several measures that can enhance security for OT […] | Ransomware Vulnerability | ||
|
2021-10-26 16:00:00 | Facing Tech Burnout? Here\'s How Employers Can Help (lien direct) | Cybersecurity demands skill and experience. But it also calls for an engaged, motivated and energetic team. And that’s why tech burnout among staff is not only a mental health problem for the employees, it’s also a cybersecurity vulnerability for their employer. What Is Burnout, Anyway? The word ‘burnout’ was first used by psychologist Herbert Freudenberger […] | Vulnerability | ||
|
2021-10-15 16:00:00 | What Happens to Information After a Data Breach? (lien direct) | We’ve grown accustomed to it by now — a few million accounts broken into here, another hundred million there. After a company data breach, what happens to all the data? Where does it go? And how does this impact your vulnerability analysis? In June 2020, stolen Facebook user data suddenly popped up for sale on […] | Vulnerability | ||
|
2021-08-11 19:00:00 | A New Directive for Pipeline Operators Puts Cybersecurity in the Spotlight (lien direct) | It’s no secret that cyberattacks against critical infrastructure are increasing. The recent attacks against water treatment plants, pipelines, vital hospital systems and food processing facilities have all made recent headlines and demonstrate the vulnerability of all types of critical infrastructure providers. The attacks have caused chaos, value chain disruption and crippling fuel shortages, and we […] | Vulnerability | ||
|
2021-07-15 21:00:00 | Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness (lien direct) | Security professionals keep busy. Before you can patch a vulnerability, you need to decide how important it is. How does it compare to the other problems that day? Choosing which jobs to do first using vulnerability management tools can be a key element of a smart security strategy. Software vulnerabilities are one of the root […] | Vulnerability | ||
|
2021-06-22 20:15:00 | How One Application Test Uncovered an Unexpected Opening in an Enterprise Call Tool (lien direct) | Working as security consultants is highly rewarding. Companies depend on us to view their environment from the perspective of an attacker and find vulnerabilities that could enable threats to succeed. One of the most impactful parts of our role is when we’re the first to find a major vulnerability that could lead to a widespread […] | Tool Vulnerability Guideline | ||
|
2021-04-28 20:00:00 | The Sodinokibi Chronicles: A (R)Evil Cybercrime Gang Disrupts Organizations for Trade Secrets and Cash (lien direct) | It likes big game hunting, it enjoys deploying Cobalt Strike and it dabbles in critical vulnerability abuse. It’s known as Sodinokibi/REvil, a ransomware strain that emerged in 2019 as the heir to the GandCrab ransomware, a malware family that supposedly retired from the cyber crime arena in mid-2019 after reportedly amassing illicit profits of over […] | Ransomware Malware Vulnerability | ||
|
2021-04-08 16:30:00 | How Vulnerability Management Can Stop a Data Breach (lien direct) | Vulnerability management may not be the sexiest topic. But, while buzzier topics are certainly important, vulnerability management may just be the key to an effective data security strategy. According to a Ponemon Institute report, 42% of nearly 2,000 surveyed IT and security workers indicated that they had suffered a data breach in the last two […] | Data Breach Vulnerability | ||
|
2020-10-29 16:00:00 | What\'s My Priority? The Key Pillars of Threat Intelligence (lien direct) | Often, in the world of information security and risk management, the question facing threat intelligence teams is amidst this sea of vulnerability disclosures, which ones matter the most to my organization? Which can impact us the most? And, how do I best explain threats to internal stakeholders in a way that helps minimize risk? Reducing […] | Vulnerability Threat | ||
|
2020-08-19 10:00:00 | New Vulnerability Could Put IoT Devices at Risk (lien direct) | Society relies so heavily on technology that the number of internet connected devices used globally is predicted to grow to 55.9 billion by 2025. Many of these devices span parts of Industrial Control Systems (ICS) that impact the physical world, assist us in our daily lives at home and monitor and automate everything from energy […] | Vulnerability | ||
|
2020-08-17 10:00:00 | New Ponemon Report: A Programmatic Approach to Vulnerability Management for Hybrid Multicloud (lien direct) | X-Force Red is unveiling a new research study, conducted by the Ponemon Institute, that highlights vulnerability management challenges for on-premises and cloud environments: in other words, hybrid multicloud. The report, “The State of Vulnerability Management in the Cloud and On-Premises,” is based on a global survey of 1,848 IT and IT security professionals in North […] | Vulnerability | ||
|
2020-08-06 11:35:00 | Shellshock In-Depth: Why This Old Vulnerability Won\'t Go Away (lien direct) | Shellshock is a bug in the Bash command-line interface shell that has existed for 30 years and was discovered as a significant threat in 2014. Today, Shellshock still remains a threat to enterprise. The threat is certainly less risky than in the year of discovery. However, in a year in which security priorities have […] | Vulnerability Threat | ||
|
2020-02-20 12:30:26 | To Rank or Not to Rank Should Never Be a Question (lien direct) | Scanning is an important part of any vulnerability management program, but it should always be accompanied by vulnerability ranking to ensure teams are patching the most impactful issues first. | Vulnerability Patching | ||
|
2019-12-16 11:00:37 | TP-Link Archer Router Vulnerability Voids Admin Password, Can Allow Remote Takeover (lien direct) | If exploited, this router vulnerability can allow a remote attacker to take control of the router's configuration without authentication, putting personal and business data at risk. | Vulnerability | ||
|
2019-05-16 12:00:02 | The Decline of Hacktivism: Attacks Drop 95 Percent Since 2015 (lien direct) | >Despite the rise in vulnerability reporting, cryptojacking attacks and attacks on critical infrastructure, one threat trend has been on the decline: hacktivism. Where have all the hacktivists gone? | Vulnerability Threat | ||
|
2019-04-08 10:00:03 | Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control (lien direct) | >IBM X-Force found a zero-day buffer overflow vulnerability in one of the most common routers on the market that could let malicious third parties take control of the device from a remote location. | Vulnerability | ||
|
2019-03-19 12:00:02 | Why You Should Integrate IoT Security Into Your Vulnerability Management Program (lien direct) | >Many IT professionals and executives alike are not addressing IoT security at the same level at which it's creating tangible business risks. | Vulnerability | ||
|
2019-03-15 20:45:02 | How Patch Posture Reporting Improves Security Landscapes (lien direct) | >If your vulnerability management tools do not report on your company's patch posture, you may be missing crucial holes in your software that are ripe for exploitation. | Vulnerability | ||
|
2019-03-07 13:05:02 | Comprehensive Vulnerability Management in Connected Security Solutions (lien direct) | >To stay ahead of attackers, organizations should consider vulnerability management solutions that integrate with SIEM tools, network and threat modeling capabilities, and patch management systems. | Vulnerability Threat | ||
|
2019-02-20 11:00:02 | Calling Into Question the CVSS (lien direct) | >X-Force Red believes vulnerabilities should be ranked based on the importance of the exposed asset and whether the vulnerability is being weaponized by criminals, not necessarily its CVSS score. | Vulnerability | ||
|
2018-11-09 12:50:02 | How Can Companies Move the Needle on Enterprise Cloud Security Risks and Compliance? (lien direct) | >Traditional vulnerability assessments don't always show the full picture of cloud security, compliance and risk. How can enterprises get ahead of the curve? | Vulnerability | ||
|
2018-10-10 19:10:02 | Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers (lien direct) | >X-Force observed attackers using known Drupal vulnerabilities, including Drupalgeddon, to target websites and the underlying infrastructure that hosts them, leveraging Shellbot to open backdoors. | Vulnerability Threat | ||
|
2018-09-13 12:00:04 | New Gartner Report Recommends a Vulnerability Management Process Based on Weaponization and Asset Value (lien direct) | Garner's new report recommends factoring severity, asset value and active exploits into your vulnerability management process. | Vulnerability | ||
|
2018-08-14 10:16:01 | A Black Hat Veteran Reflects on the Hot Topics at This Year\'s Conference (lien direct) | Topics of discussion at this year's Black Hat conference included the Internet of Things (IoT) in smart cities, the latest advancements in vulnerability management and more. | Vulnerability | ||
|
2018-07-30 10:31:00 | How to Get the Most Out of DEF CON and Black Hat 2018 (lien direct) | >The IBM X-Force Red team is well-represented at DEF CON and Black Hat 2018, hosting sessions and panels about smart city security, vulnerability management and more. | Vulnerability | ||
|
2018-07-19 11:15:05 | Why the Best Defense Is a Good Offensive Security Strategy (lien direct) | >Offensive security activities like cyberattack simulations, penetration testing and vulnerability assessments can help companies identify and remediate flaws before cybercriminals can exploit them. | Vulnerability | ||
|
2018-07-12 12:15:04 | Why It\'s Time to Cross Out the Checklist Approach to Vendor Security (lien direct) | When it comes to vendor security, all the handshakes and paperwork that go into a business deal tend to get in the way of proper audits and thorough vulnerability assessments. | Vulnerability |
1
We have: 44 articles.
We have: 44 articles.
To see everything:
Our RSS (filtrered)
