What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-21 13:00:00 | Identity Management Beyond the Acronyms: Which Is Best for You? (lien direct) | With so many devices and users accessing networks, applications and data, identity access management (IAM) has become a cornerstone of cybersecurity best practices. The short explanation is that you must make sure everyone (and everything) is who they claim they are. You also need to make sure they are allowed to have the access they’re requesting. […] | |||
|
2021-09-20 19:00:00 | Zero Trust: Follow a Model, Not a Tool (lien direct) | The zero trust model is going mainstream, and for good reason. The rise in advanced attacks, plus IT trends that include the move to hybrid cloud and remote work, demand more exacting and granular defenses. Zero trust ensures verification and authorization for every device, every application and every user gaining access to every resource. This […] | Tool | ||
|
2021-09-20 16:00:00 | A Journey in Organizational Cyber Resilience Part 2: Business Continuity (lien direct) | Keeping a business up and running during a problem takes the right people for the job. When it comes to cyber resilience through tough times, many things come down to the human factor. We focused on that in the first piece in this series, but it also makes a big difference to the second topic: […] | |||
|
2021-09-20 13:00:00 | Health Care Interoperability: What Are the Security Considerations? (lien direct) | Anyone who has needed to schedule an appointment with a new doctor or meet with a specialist knows the hassle of making sure everyone in the health care chain has access to your health records. Digital record-keeping has made that a little easier, but that access still isn’t universal. Digital health care interoperability can still […] | |||
|
2021-09-17 19:00:00 | How to Protect Against Deepfake Attacks and Extortion (lien direct) | Cybersecurity professionals are already losing sleep over data breaches and how to best protect their employers from attacks. Now they have another nightmare to stress over — how to spot a deepfake. Deepfakes are different because attackers can easily use data and images as a weapon. And those using deepfake technology can be someone from […] | |||
|
2021-09-17 16:00:00 | How Estonia Created Trust in Its Digital-Forward Government (lien direct) | Cities are becoming smarter every day, and many state and local governments are pushing towards the digitalization of public services. Some North American cities are working hard to integrate online services and manage cybersecurity risk at the same time. Meanwhile, perhaps the best example of a digital city is in fact a digital country. The […] | |||
|
2021-09-17 13:00:00 | 6 Benefits of Using Privileged Access Management (lien direct) | When you think of access, passwords are likely the first thing that pops into your head. While passwords are a large and important part of managing access, there are other aspects to consider as well. Using the full spectrum offered by Privileged Access Management (PAM) can help. It’s easy to focus on the glitzier sides […] | |||
|
2021-09-16 19:00:00 | How DevSecOps Can Secure Your CI/CD Pipeline (lien direct) | Many companies today automate their software development life cycle with continuous integration and continuous delivery (CI/CD). It’s part of the broader DevOps movement to speed software development while reducing errors. Continuous integration builds and tests code automatically, while continuous delivery automates the entire software release process up to production. In order to secure it, industry […] | |||
|
2021-09-16 16:00:00 | How To Write a Good Cybersecurity Resume (lien direct) | A lot of cybersecurity jobs await out there for the qualified job seeker. According to Cyberseek, the United States had 464,200 cybersecurity job openings as of July 30, 2021. And with the skills gap, there are even more openings every day. But that doesn’t mean you’re guaranteed a job offer. So, how do you make […] | |||
|
2021-09-15 16:00:00 | Mission Probable: Access Granted (lien direct) | Your facilities are most likely vulnerable to a physical intrusion. This is not an indictment of any organization’s security program. If intruders have enough time and are motivated, they most likely can break into a building, even one that has security measures in place. Nonetheless, it is important to identify physical vulnerabilities before they lead […] | Guideline | ||
|
2021-09-15 13:00:00 | Cybersecurity Training: How to Build a Company Culture of Cyber Awareness (lien direct) | When I attended new employee orientation at a global technology company several decades ago, I remember very brief cybersecurity training. The gist was to contact someone in IT if we noticed any potential issues. While I was with the company, I only thought about cybersecurity when I passed the server room, and I could only peek […] | ★★★★ | ||
|
2021-09-15 10:05:00 | X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments (lien direct) | As cybercriminals remain steadfast in their pursuit of unsuspecting ways to infiltrate today’s businesses, a new report by IBM Security X-Force highlights the top tactics of cybercriminals, the open doors users are leaving for them and the burgeoning marketplace for stolen cloud resources on the dark web. The big takeaway from the data is businesses […] | |||
|
2021-09-14 19:30:00 | Starting Your AI Security Journey With Deep Learning (lien direct) | You’ve probably heard how using artificial intelligence (AI) can improve your cybersecurity — and how threat actors are using AI to launch attacks. You know that you need to use the same tools, if not better ones. AI security is about having the right tools, but also about having the right information. But you aren’t […] | Threat | ||
|
2021-09-14 16:30:00 | 10 Open-Source Intelligence Tools (That Actually Work With Your Existing Security Software) (lien direct) | Finding the Open Source Intelligence (OSINT) that affects your business or agency can help reduce your attack surface. You just have to find it first. Take a look at how OSINT works and how to secure it. According to the Office of the Director of National Intelligence, Open Source Intelligence (OSINT) “is publicly available information […] | |||
|
2021-09-14 13:00:00 | Privileged Access Management: The Future of Cyber Resilience (lien direct) | Attacks against critical infrastructure and government agencies have been surging. Some attackers want to extort money; others intend to steal data. But the victims all have one thing in common: they need to be able to fend off attacks and recover so they can continue to perform their functions. That’s where cyber resilience comes in, […] | |||
|
2021-09-13 19:30:00 | Cryptominers Snuck Logic Bomb Into Python Packages (lien direct) | Malware can show up where you least expect it. Researchers discovered a logic bomb attack in the Python Package Index (PyPI) repository, which is code repository for Python developers and part of the software supply chain. Attackers aimed to get honest software developers to include the bombs in their applications by accident. The researchers found […] | |||
|
2021-09-13 16:00:00 | A Journey in Organizational Cyber Resilience Part 1: The Human Factor (lien direct) | Organizational resilience is key to good business. Sometimes confused with enterprise resilience, we use the former term instead because it applies to a business or agency of any size. Let’s take a look at how to improve employees’ cybersecurity posture by providing practical ideas they can add to their everyday habits. The result: cyber resilience […] | |||
|
2021-09-13 13:00:00 | What\'s Behind the Leaks of Customer Data From Retailer Databases? (lien direct) | Retail data breaches involving customer data happen often today. However, they tend to be smaller insize than health care, finance or government breaches. So, the general public notices them less. Yet, they happen more often than realized. Why? And how can you defend against them? Human Error in Customer Data Theft All types of retail […] | |||
|
2021-09-10 19:00:00 | Private 5G Security: Consider Security Risks Before Investing (lien direct) | So, 5G is one of those once-in-a-generation types of leaps that will alter how we operate. However, 5G security comes with a lot of challenges. Private 5G networks require us to look at attack surface management in a different way. How do they change the way we need to defend our data? And, what is […] | |||
|
2021-09-10 16:00:00 | How Companies Can Prepare for Botnet Attacks on APIs (lien direct) | Organizations aren’t slowing down in their use of application programming interfaces (APIs). According to a survey covered by DEVOPSdigest, 61.3% of organizations used more APIs in 2020 than they did a year earlier. An even greater proportion (71.3%) said they plan to use even more APIs in 2021. Another 21.2% expected to use the same […] | |||
|
2021-09-10 13:00:00 | 5 Ways to Use Microlearning to Educate Your Employees About Cybersecurity (lien direct) | Trying to learn large amounts of information in one sitting is often overwhelming and leads to lower retention. Psychologist Hermann Ebbinghaus found in studying himself in the 1800s that only 20% of information learned is retained four weeks later. However, his retention increased from 80% to 90% when using microlearning. That means he took in […] | Guideline | ||
|
2021-09-09 15:50:00 | LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment (lien direct) | After a brief slowdown in activity from the LockBit ransomware gang following increased attention from law enforcement, LockBit is back with a new affiliate program, improved payloads and a change in infrastructure. According to IBM X-Force, a major spike in data leak activity on the gang’s new website indicates that their recruitment attempts have been […] | Ransomware | ||
|
2021-09-08 20:55:00 | Where Digital Meets Human: Letting HR Lead Cybersecurity Training (lien direct) | One of my favorite questions to ask when I’m interviewing a business decision-maker is if they are confident in their company’s current defenses. Most people tell me yes. So, I was surprised to read that an IDG Research Services survey commissioned by Insight Enterprises found that 78% of respondents reported that they do not think […] | |||
|
2021-09-08 19:00:00 | The Post-Quantum Cryptography World Is Coming: Here\'s How to Prepare (lien direct) | Have you ever sat in traffic and cursed the town planners? For years, you may have watched as the town approved new subdivisions and stores along the roads you drive often. And you wondered when they would add a new lane, extend a road or install a new stoplight. But think about this: If you’re […] | |||
|
2021-09-08 13:00:00 | Building Blocks: How to Create a Privileged Access Management (PAM) Strategy (lien direct) | Privileged access management (PAM) has long been central to a good enterprise cybersecurity strategy. However, its nature is changing. The pace of digital change is speeding up and reliance on the cloud increasing. So, businesses and agencies must develop new PAM strategies to keep up. Processes and tools that could support yesterday’s on-premises IT rarely […] | ★★★★ | ||
|
2021-09-03 16:10:00 | Fighting Cyber Threats With Open-Source Tools and Open Standards (lien direct) | Detecting cyber threats is usually the first critical step in the mitigation of cyber attacks. Common means to achieve this goal are rules or analytics that track network and system behaviors and raise alerts when potentially malicious attacks are identified. Once a potential threat is detected, the staff of the security operations center (SOC) investigates […] | Threat | ||
|
2021-09-03 16:05:00 | Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight (lien direct) | Ransomware actors are specializing, collaborating and assisting each other to conduct sophisticated attacks that are becoming increasingly difficult to prevent. Combating these groups effectively similarly requires a team approach — specialization, understanding tactics and techniques and how to counter them and cutting off activity at its source. Arguably, it has never been more imperative that […] | Ransomware | ||
|
2021-09-03 16:00:00 | What Biden\'s Cybersecurity Executive Order Means for Supply Chain Attacks (lien direct) | With cybersecurity guidelines coming down from the executive branch, industry and policymakers clearly both see the extent of the cyberattack problem. Take a look at the contents of the Biden administration’s May executive order and what it means for people working in the industry, especially in regards to supply chain attacks. The executive order covers […] | |||
|
2021-09-01 19:00:00 | The OWASP Top 10 Threats Haven\'t Changed in 2021 - But Defenses Have (lien direct) | The more things change, the more they stay the same. Despite a changing threat landscape and threat actors who keep upping their game, the vulnerabilities behind the threats remain consistent. The OWASP Top 10, ranked by the Open Web Application Security Project, lists the 10 most prominent and dangerous risks and threats for applications. The […] | Threat | ||
|
2021-09-01 16:00:00 | What Has Changed Since the 2017 WannaCry Ransomware Attack? (lien direct) | The cybersecurity world is still feeling the effects of the 2017 WannaCry ransomware attack today. While the majority of the damage occurred in the weeks after May 12, 2017, WannaCry ransomware attacks actually increased 53% from January 2021 to March 2021. While researching my in-depth article WannaCry: How the Widespread Ransomware Changed Cybersecurity, I learned […] | Ransomware | Wannacry Wannacry | |
|
2021-08-31 21:00:00 | August 2021 Security Intelligence Roundup: Pipeline Changes, Social Engineering and Software Supply Chain Attacks (lien direct) | Ransomware catches people’s attention in part because it feeds on emotion. People click on links without looking at them first, and this remains one of the most common vectors for attack. While it may seem like the internet is filled with the same advice over and over again, even the most attentive person can slip […] | |||
|
2021-08-31 16:30:00 | Reduce the Harm of a Data Breach With Data Security Analytics (lien direct) | Over the last year, the average total cost of a data breach increased nearly 10% to $4.24 million. That’s the highest average in the history of IBM Security’s annual Cost of a Data Breach Report. This was due to a number of factors. Increased remote working due to the COVID-19 pandemic and digital transformation both […] | Data Breach | ||
|
2021-08-31 13:00:00 | Cyberattacks Use Office 365 to Target Supply Chain (lien direct) | Malicious actors have a history of trying to compromise users’ Office 365 accounts. By doing so, they can tunnel into a network and use their access to steal sensitive information. But they need not stop there. They can also single out other entities with which the target does business for supply chain cyberattacks. Office-Related Cyberattacks […] | |||
|
2021-08-30 16:00:00 | Quantum Security and AI: Building a Future Together (lien direct) | Quantum computing is still cutting-edge, but that doesn’t mean it can’t be improved. What is quantum computing? Is it the same as quantum cryptography, a central tenet of so-called quantum security? And where does artificial intelligence (AI) fit in? What Is Quantum Security? Often when you hear about quantum computing in terms of security, it’s […] | |||
|
2021-08-27 19:00:00 | Young People Are the Key to Decreasing the Skills Gap (lien direct) | It’s time to look at the industry skills gap differently. More and more digital native young people could potentially be coming into the industry with the right skills, but several elements block their progress. Professionals already in place need to smooth the road for them. That might involve changing some assumptions about hiring, but in […] | |||
|
2021-08-27 16:00:00 | Why Privileged Access Management Is So Hard in the Cloud (lien direct) | Privileged access management (PAM) is in a bizarre place right now. On the one hand, organizations mostly understand the value of PAM. In a July 2019 study cited by Forbes, for instance, just 1% of respondents said that they don’t use any kind of PAM. More than eight of 10 of those respondents were happy […] | |||
|
2021-08-26 19:00:00 | Data Is Quicksand: Does Your Current Data Security Solution Pull You Out or Sink You Deeper? (lien direct) | If you grew up on Saturday morning cartoons, you probably worried about the Bermuda Triangle, piranhas in the tub and quicksand. It didn’t matter where you lived. One second, you’re hiking in the park behind your house, and the next you’re sinking like Indiana Jones. To make a massive jump, this is similar to the […] | |||
|
2021-08-26 16:00:00 | Data Poisoning: The Next Big Threat (lien direct) | Data poisoning against security software that uses artificial intelligence (AI) and machine learning (ML) is likely the next big cybersecurity risk. According to the RSA 2021 keynote presentation by Johannes Ullrich, dean of research of SANS Technology Institute, it’s a threat we should all keep an eye on. “One of the most basic threats when […] | Threat | ||
|
2021-08-26 13:00:00 | Red & Blue: United We Stand (lien direct) | Offensive and defensive security are typically viewed as opposite sides of the same fence. On one side, the offensive team aims to prevent attackers from compromising an organization, whereas on the other side the defensive team aims to stop attackers once they are inside. The fence, metaphorically speaking, is the adversary. The adversary’s moves, motives […] | |||
|
2021-08-25 16:00:00 | How to Quantify the Actual Cost of a Data Breach for Your Own Organization (lien direct) | As business leaders, we need to know what the biggest risks to our organizations are. All organizations face numerous disruptive challenges in today’s business environment that can create significant new business opportunities, but also can increase potential cybersecurity risks to the organizations. To address these issues, we need to focus our scarce resources on those […] | Data Breach Guideline | ||
|
2021-08-25 13:00:00 | Three Key Benefits of Adopting SASE With a Services Partner (lien direct) | According to a recent Forrester Consulting research report commissioned by IBM, 78% of security decision-makers plan to implement or are unsure how to implement Secure Access Service Edge (SASE) in the next 12 months. A SASE solution can make a lot of sense for digitally driven organizations where remote employees and partners need faster application […] | |||
|
2021-08-25 10:00:00 | Accelerate Your Journey to AWS with IBM Security (lien direct) | Security continues to be one of the top concerns for 90 percent of our clients adopting cloud. It’s further intensified with 75 percent of the clients embracing a multicloud deployment model. Cloud introduces a decentralized model that makes managing policies and keeping up with changing regulatory mandates challenging. In addition, cloud introduces additional risks, misconfigurations […] | |||
|
2021-08-24 19:00:00 | New CISA Blacklist: What It Means For You (lien direct) | Everyone makes mistakes once in a while. Maybe not all the time, but who hasn’t reused a password or ignored a software update? But any time someone ignores security best practices adds to your risk. The Cybersecurity and Infrastructure Security Agency (CISA) recognizes these risks and has released a Bad Practices page on its website. […] | |||
|
2021-08-24 16:00:00 | How to Protect Yourself From a Server-Side Template Injection Attack (lien direct) | Server-side templates provide an easy method of managing the dynamic generation of HTML code. But they can also fall victim to server-side template injection (SSTI). Take a look at the basics of server-side web templates, and how to detect, identify and mitigate SSTI in web applications. Server-side templates allow developers to pre-populate a web page […] | ★★★ | ||
|
2021-08-24 13:00:00 | Threat Modeling: The Key to Dealing With 5G Security Challenges (lien direct) | With 5G reshaping the smartphone market, 5G security needs to keep up. Almost one in three smartphones sold in the first quarter of 2021 can connect to a 5G network. That’s just one year after the world’s first commercial 5G network emerged in South Korea. Such growth helped annual shipment numbers of 5G-enabled smartphones exceed […] | |||
|
2021-08-23 19:00:00 | SSDF: The Key to Defending Against Supply Chain Cyberattacks (lien direct) | For reasons we all know, software supply chain attacks took on new meaning near the end of 2020. This hasn’t changed over this year. One of the best modern ways to combat these cyberattacks is to integrate a secure software development framework (SSDF) into a vendor’s software development life cycle (SDLC). Why is this such […] | |||
|
2021-08-23 18:30:00 | Pay Now or Pay Later: Don\'t Procrastinate When It Comes to Preventing Ransomware (lien direct) | Data breaches like ransomware can be catastrophic for some businesses. Not only do affected organizations lose revenue from the downtime that occurs during the incident, the post-breach costs can be significant. These costs can include everything from the time and resources it takes to detect how the compromise occurred and remediate the actual threat to […] | Ransomware Threat | ||
|
2021-08-20 18:00:00 | Behavior Transparency: Where Application Security Meets Cyber Awareness (lien direct) | How can you tell when software is behaving strangely if you don’t know what the right behavior is? That’s an important question when it comes to threat actors. After all, attackers often hijack honest software, networks and systems for dishonest ends. To stop them with security tools, the first step must be to have great […] | Threat | ||
|
2021-08-20 16:00:00 | New Collar: How Digital Badges and Skilling for Students Can Reduce the Skills Gap (lien direct) | As the mom of a recent high school graduate, I silently cringe when a well-meaning person asks where he is heading to college. I’d prefer they asked a more open-ended question about what his plans for the future are. In fact, my son is headed to a state university for a four-year degree in the […] | |||
|
2021-08-20 14:00:00 | How Biden\'s Cloud Security Executive Order Stacks Up to Industry Expectations (lien direct) | While we’re seeing the effects of larger, more expensive cyberattacks, those effects also ripple out into government policy. The growth of cloud security needs and products reflects the wider world in two major ways: the rise of remote work and increased U.S. federal interest. A recent executive order aims to improve the U.S. federal government’s […] |
To see everything:
Our RSS (filtrered)
