What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-19 19:00:00 | How Ransomware Trends Are Changing Cyber Insurance (lien direct) | The world of cyber insurance is in a state of flux. The reason: ransomware creates huge financial impacts. And how it will change insurance in the future is unclear. The insurance industry is struggling to develop cyber liability insurance offerings. Meanwhile, history is proving to be a poor guide to what comes next. Welcome to […] | Ransomware | ||
|
2021-08-19 18:00:00 | What Does The Great Resignation Mean for Data Security? (lien direct) | You may not realize it yet, but we’re living through the latest zeitgeist. It’s the Great Resignation. You may have heard it being tossed around the media or witnessed it firsthand, or even been a part yourself. Either way, it’s happening across the United States. And it affects data security as much as it affects […] | |||
|
2021-08-19 16:00:00 | Critical Infrastructure Attack Trends: What Business Leaders Should Know (lien direct) | Amateur threat actors have been able to compromise critical infrastructure like industrial control systems (ICS) and other operational technology (OT) assets more often lately. Compromises of exposed OT assets rose over the past 18 months, according to threat researchers at Mandiant, with attackers using readily-available tools and common techniques to gain access to the systems. […] | Threat | ||
|
2021-08-18 16:00:00 | Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon (lien direct) | Recently, X-Force Red released a tool called Windows Feature Hunter, which identifies targets for dynamic link library (DLL) side-loading on a Windows system using Frida. To provide a defensive counter-measure perspective for DLL side-loading, X-Force Incident Response has released SideLoaderHunter, which is a system profiling script and Sysmon configuration designed to identify evidence of side-loading […] | Tool | ||
|
2021-08-18 13:00:00 | How AI Prevents Fatigue After Data Breaches (lien direct) | I have data breach fatigue. Every day, my inbox is flooded with dozens of emails about the newest data breaches and what causes them. Five years ago, I took note of every company listed and the mistakes made that led to the breach. Today, I barely skim them. How many times can I read that a […] | Data Breach | ||
|
2021-08-17 16:00:00 | Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang (lien direct) | Ransomware has become the number one cyber threat to organizations, making up nearly 25% of attacks IBM X-Force Incident Response remediated in 2020. Ransomware is making headlines on a regular basis due to the high impact of certain attacks on victims in critical industries. It’s unlikely that the pace of attacks will slow down in […] | Ransomware Threat | ||
|
2021-08-17 15:00:00 | How to Avoid Smishing Attacks Targeting Subscription Service Users (lien direct) | If you’re anything like me, you used delivery more during the pandemic than before. Both getting food brought to my door and meal kit boxes mean people don’t have to mask up and go out to the grocery store. But threat actors know that, too. Recent scams take advantage of people signing up for more […] | Threat | ||
|
2021-08-16 19:00:00 | How Number Recycling Threatens Your Privacy Online (lien direct) | There’s a lot to think about when you or your employees get new mobile phones — plans, hardware, cost. But one thing many people don’t think about is number recycling, a common practice among providers. Take a look at how it enables some of the lesser-known cell phone cyberattacks. What Can Someone Do with My […] | |||
|
2021-08-16 16:00:00 | 5 Ways to Defend Against Supply Chain Cyberattacks (lien direct) | Cutting corners happens, more so in high-stakes, high-speed jobs. But from employees honest enough to admit when they push vulnerable code live, we can put together a portfolio of products shipped broken. A new study by Osterman Research found a concerning trend — 81% of developers admitted to knowingly pushing vulnerable code live. And that […] | |||
|
2021-08-13 19:00:00 | Most Digital Attacks Today Involve Social Engineering (lien direct) | On May 14, the FBI marked a sobering milestone: the receipt of its six millionth digital crime complaint. It took just 14 months for the FBI’s Internet Crime Complaint Center (IC3) to reach its new threshold. Digital crime complaints are on the rise, and we have some ideas as to why. Check out what these […] | |||
|
2021-08-12 22:00:00 | Security Awareness Training: Beyond Cliche Advice for Remote Workers (lien direct) | I’ve read what seems like a million articles on how to make security awareness training more effective for remote workers. And honestly, they all seem to say the same thing. Teach employees the basics and give them a list of things they should do to keep your data safe. Almost every article includes the same […] | |||
|
2021-08-11 19:00:00 | A New Directive for Pipeline Operators Puts Cybersecurity in the Spotlight (lien direct) | It’s no secret that cyberattacks against critical infrastructure are increasing. The recent attacks against water treatment plants, pipelines, vital hospital systems and food processing facilities have all made recent headlines and demonstrate the vulnerability of all types of critical infrastructure providers. The attacks have caused chaos, value chain disruption and crippling fuel shortages, and we […] | Vulnerability | ||
|
2021-08-11 16:00:00 | Beyond Password Safety: How to Make Employee Sign-On Safe and Convenient (lien direct) | When did you last change your work password? Was it when the system prompted you? When you were first hired? Or maybe the answer doesn’t matter. When it comes to password safety, old adages don’t always apply anymore. Let’s take a look at what today’s business password management really needs by focusing on the valuable […] | |||
|
2021-08-06 16:00:00 | Spend Wisely (Not Just More) to Become Cyber Resilient (lien direct) | Spending on cybersecurity is hitting record highs. And that makes sense. Because of big changes in how work gets done (plus the rising cost of breaches and attacks, like ransomware), companies are spending more than ever. But simply throwing money at the problem in order to try to become more cyber resilient is not a […] | |||
|
2021-08-04 20:30:00 | ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group (lien direct) | This blog supplements a Black Hat USA 2021 talk given August 2021. IBM Security X-Force threat intelligence researchers continue to track the infrastructure and activity of a suspected Iranian threat group ITG18. This group’s tactics, techniques and procedures(TTPs) overlap with groups known as Charming Kitten, Phosphorus and TA453. Since our initial report on the group’s training […] | Threat Conference | APT 35 APT 35 | |
|
2021-07-30 19:00:00 | 5 Ways to Increase Password Safety (lien direct) | You make password decisions every week. Maybe you create a new account, reset a password or respond to a password change prompt. And each time you make a seemingly small or insignificant mistake in regard to password safety, such as not creating strong enough passwords or using the same password on multiple accounts, you increase […] | |||
|
2021-07-30 12:25:45 | Building Effective Business Cases to Cover Cybersecurity Costs (lien direct) | With the global average cost of a data breach totaling $3.86 million in 2020, the topic of security continues to be a major pressure point and a board-level agenda item. So why do security programs still seem to lack adequate funding, urgency and support until a breach or lawsuit occurs or auditors demand change? Verizon’s […] | Data Breach | ||
|
2021-07-29 21:00:00 | July 2021 Security Intelligence Roundup: Ransomware, Security by Design and How to Analyze in Windows With Frida (lien direct) | Getting and staying ahead of threat actors means knowing the cybersecurity landscape. Today, that still often means ransomware and changing the ways and places we work. July’s top stories include a supply chain attack from the REvil ransomware gang and how to fold security into design. We also have a deep dive into password safety, […] | Ransomware Threat | ||
|
2021-07-28 10:00:00 | Data Breach Costs at Record High, Zero Trust, AI and Automation Help Reduce Costs (lien direct) | Data breaches have been growing in numbers and scale, taking longer to detect and contain. The average total cost of a data breach is at its highest of 17 years, at $4.24 million. The year over year increase of 10% is the largest single year cost increase recorded in the last 7 years. IBM and […] | Data Breach | ||
|
2021-07-28 06:39:34 | What\'s New in the 2021 Cost of a Data Breach Report (lien direct) | Has cybersecurity ever been more important than it is right now? Even in these extraordinary times, with its focus on manufacturing vaccines and getting shots into arms, new research in the Cost of a Data Breach Report shows that the increasing cost of security breaches makes preventing and responding to these threats a critical concern. […] | Data Breach | ||
|
2021-07-26 16:00:00 | Double Encryption: When Ransomware Recovery Gets Complicated (lien direct) | Ever hear of double extortion? It’s a technique increasingly employed by ransomware attackers. A malware payload steals a victim’s plaintext information before launching its encryption routine. Those operating the ransomware then go on to demand two ransoms — one for a decryption utility and the other for the deletion of the victim’s stolen information from […] | Ransomware Malware | ||
|
2021-07-23 16:00:00 | How AI Will Transform Data Security (lien direct) | I’ve often wondered whether artificial intelligence (AI) in cybersecurity is a good thing or a bad thing for data security. Yes, I love the convenience of online stores suggesting the perfect items for me based on my search history, but other times it feels a bit creepy to have a pair of shoes I looked […] | |||
|
2021-07-23 00:00:00 | API Abuse Is a Data Security Issue Here to Stay (lien direct) | Just about every app uses an application programming interface (API). From a security standpoint, though, APIs also come with some common problems. Gartner predicted that API abuse will be the most common type of attack seen in 2022. So, what problems exactly do APIs face? And what can data security defenders do about it? Prevalent […] | |||
|
2021-07-22 22:00:00 | Thriving in Chaos: How Cyber Resilience Works (lien direct) | In cybersecurity as in most jobs, problems don’t happen one at a time, you’re bound to have a few at once. Speakers at the RSA Conference 2021 talked about this in terms of maintaining cyber resilience in chaos. So, what does the buzzword ‘cyber resilience’ really mean? And why is it important to be able […] | |||
|
2021-07-21 18:00:00 | This Chat is Being Recorded: Egregor Ransomware Negotiations Uncovered (lien direct) | Ransomware attacks are topping the charts as the most common attack type to target organizations with a constant drumbeat of attacks impacting industries across the board. In fact, IBM Security X-Force has seen a more than 10% increase in ransomware incident response requests compared to this time last year. Ransomware is well on its way […] | Ransomware | ||
|
2021-07-21 16:00:00 | Beyond Ransomware: Four Threats Facing Companies Today (lien direct) | The recent DarkSide attack makes it clear: no system is safe from ransomware. And while the attackers say they weren’t out to hurt anyone, only to make money, the impact is the same. It could lead to potential disruptions of critical services across the country. At the same time, it stokes fears that similar attacks […] | Guideline | ||
|
2021-07-20 19:00:00 | How to Fix the Big Problems With Two-Factor and Multifactor Authentication (lien direct) | Getting a second opinion is a great idea in both medicine and end-user cybersecurity. Two-factor authentication (2FA) and multifactor authentication (MFA) are powerful tools in the fight against all kinds of cyberattacks that involve end-user devices and internet-based services. There’s just one big problem: it’s far, far too common for people to use text messaging […] | |||
|
2021-07-20 17:00:00 | Avoid Blind Spots: Is Your Incident Response Team Cloud Ready? (lien direct) | The year 2020 — with all its tumult — ushered in a massive shift in the way most companies work. Much of that transformation included migrating to cloud, with some statisticians reporting that a full 50% of companies across the globe are now using cloud technology. In many ways, that’s good — cloud holds several […] | |||
|
2021-07-20 14:30:00 | How Data Discovery and Zero Trust Can Help Defend Against a Data Breach (lien direct) | As more companies start to use the cloud, the threat of a data breach and the rules and fines that go with it has only grown. Therefore, companies and agencies need to anticipate and adapt to their changing data and IT landscape. For that, a zero trust approach to data security and privacy might be […] | Data Breach Threat | ||
|
2021-07-19 19:00:00 | Two (or More) Is Better Than One: Digital Twin Tech for Cybersecurity (lien direct) | Throughout my lifetime, I’ve wondered on many occasions how my life would have changed had I made a different decision at a critical point — picked a different college, taken a different job or moved to another town. I’ve often wished that I could watch a movie of the different outcomes before making a decision, […] | |||
|
2021-07-19 16:00:00 | FragAttacks: Everything You Need to Know (lien direct) | A cybersecurity researcher discovered a new category of Wi-Fi vulnerabilities recently. But the surprising news is that this new category is actually very old. Called FragAttacks, these 12 Wi-Fi vulnerabilities have existed since the late 90s. But they’re new to the cybersecurity world because people only recently discovered and described them. Researchers unveiled the details on May […] | |||
|
2021-07-16 19:00:00 | 3 Myths About Threat Actors and Password Safety (lien direct) | You’ve seen the memes and the warnings on social media — answering questions about your life history is ruining your password safety. It’s giving the bad guys the information they need to figure out your passwords and get the answers to your security questions. But is that true? Are people lurking on social media waiting […] | Threat | ||
|
2021-07-16 16:00:00 | Cyber Insurers Might Be Making the Ransomware Problem Worse (lien direct) | In mid-May, one of the largest insurance companies in the U.S. paid $40 million to ransomware attackers. Two people familiar with the matter told Bloomberg that the malicious actors stole an undisclosed quantity of data and then effectively locked the insurer out of its network for two weeks. The company ignored the attackers’ demands at […] | Ransomware | ||
|
2021-07-16 13:00:00 | When \'Later\' Never Comes: Putting Small Business Cybersecurity First (lien direct) | Small- and medium-sized businesses can be victims of digital attacks as much as global ones can. In fact, 88% of small business owners think they’re open to a cyberattack. In response, startups must allocate time and resources to getting the right small business cybersecurity measures, right? If only business realities were that simple. Let’s talk about […] | |||
|
2021-07-16 02:00:00 | Are Your Employees\' Old Phone Numbers Creating Vulnerabilities? (lien direct) | In the last hour, I’ve used my phone to take pictures of my teenagers, spy on my dogs while I was out of the house, pay my electric bill and watch a funny video. Then, while buying some new dish towels (yet another use), I used my phone as an identity document without even realizing […] | |||
|
2021-07-15 21:00:00 | Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness (lien direct) | Security professionals keep busy. Before you can patch a vulnerability, you need to decide how important it is. How does it compare to the other problems that day? Choosing which jobs to do first using vulnerability management tools can be a key element of a smart security strategy. Software vulnerabilities are one of the root […] | Vulnerability | ||
|
2021-07-14 21:00:00 | How to Use Design Thinking for Next-Gen Privileged Access Management Architecture (lien direct) | As cyberattacks speed up and become more complex, defenders need to do the same. One large component of this is privileged access management, or PAM. But PAM itself is always evolving. So how does your security operations center (SOC) keep up? And, what are the best, most modern ways to implement PAM today? What Is […] | |||
|
2021-07-13 21:00:00 | What Is Domain-Driven Design? (lien direct) | In the ever-growing software ecosystem, successful products need to have great performance, security, maintainability and usability. For the people who deliver those products, quality assurance, time to market and cost matter most. They sometimes push security-related tasks to the side. After all, time is tight. It doesn’t matter if the system is secure if features […] | |||
|
2021-07-13 16:00:00 | Your Home Away From Home May Not Be as Cybersecure as You Think (lien direct) | Home is where the ‘smart’ is. A recent study revealed the average American household has 25 connected or Internet of Things (IoT) devices. The number of consumers who have smart home devices connected to their home internet has grown by 38% since the pandemic began. The findings don’t surprise Brad Ree, the chief technology officer […] | |||
|
2021-07-12 14:00:00 | RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation (lien direct) | In a recent collaboration to investigate a rise in malware infections featuring a commercial remote access trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in the first quarter of 2021. With over 1,300 malware samples collected, the teams analyzed the delivery of […] | Malware | ||
|
2021-07-08 20:30:00 | Don\'t Be Rude, Stay: Avoiding Fork&Run .NET Execution With InlineExecute-Assembly (lien direct) | Some of you love it and some of you hate it, but at this point it should come as no surprise that .NET tradecraft is here to stay a little longer than anticipated. The .NET framework is an integral part of Microsoft’s operating system with the most recent release of .NET being .NET core. Core […] | |||
|
2021-07-07 16:30:00 | What\'s Next for SIEM? A View From the 2021 Gartner SIEM Magic Quadrant (lien direct) | Security information and event management (SIEM) solutions continue to evolve, as shown in the 2021 Gartner Magic Quadrant for SIEM, which is a great representation of the changing security landscape and the evolution of key capabilities and experiences that are required to deliver top notch security outcomes. Security teams are busier than ever, as their […] | |||
|
2021-07-07 16:00:00 | REvil Ransomware Gang Launches Major Supply Chain Attack Through Kaseya, Downstream Impact May Affect Over 1,500 Customers (lien direct) | On July 2, 2021, Kaseya customers were notified of a compromise affecting the company’s VSA product in a way that poisoned the product’s update mechanism with malicious code. VSA is a remote monitoring and management tool for networks and endpoints intended for use by enterprise customers and managed service providers (MSPs). According to Kaseya, it […] | Ransomware Tool | ||
|
2021-07-07 13:00:00 | Attacks on Operational Technology From IBM X-Force and Dragos Data (lien direct) | Operational Technology Threats in 2021: Ransomware, Remote Access Trojans and Targeted Threat Groups Organizations with operational technology (OT) networks face many unique — and often complicated — considerations when it comes to cybersecurity threats. One of the main challenges facing the community is the convergence of an increasingly OT-aware and capable threat landscape with the […] | Threat | ||
|
2021-07-05 12:00:00 | The OSI Model and You Part 7: Stopping Threats at the Application Layer (lien direct) | A lot has changed since the creation of the Open Systems Interconnection (OSI) model. The OSI model dates back to the mid-1970s, designed to serve as a common basis for system interconnection and networking. It has been very useful in that regard, but we have to be aware a lot has changed since its inception. […] | |||
|
2021-07-01 19:00:00 | Confessions of a Famous Fraudster: How and Why Social Engineering Scams Work (lien direct) | In a world in which bad news dominates, social engineering scams that carry a promise of good news can be incredibly lucrative for cyber criminals. In one recent example, fraudsters set up a phony job posting using a real recruiter as the contact person for the hiring process. Applicants hoping for a chance at the […] | |||
|
2021-07-01 16:00:00 | Hunting for Windows “Features” with Frida: DLL Sideloading (lien direct) | Offensive security professionals have been using Frida for analyzing iOS and Android mobile applications. However, there has been minimal usage of Frida for desktop operating systems such as Windows. Frida is described by the author as a “Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.” From a security research and adversarial simulation perspective, Frida […] | |||
|
2021-06-30 16:00:00 | June 2021 Security Intelligence Roundup: Cybersecurity Certifications, The Problem With New Accounts and Defanging Phishing (lien direct) | Cybersecurity careers are a buzzy topic lately, with more people needed and salaries competitive. How do you make yourself stand out in this field and find a career you both love and do well? Meanwhile, when you’re not working you may very well be making a new streaming account to escape after a long day. […] | |||
|
2021-06-29 16:00:00 | A Fly on ShellBot\'s Wall: The Risk of Publicly Available Cryptocurrency Miners (lien direct) | IBM Security X-Force researchers studied the botnet activity of a malware variant that is used by cyber crime groups to illegally mine cryptocurrency. Examining two ShellBot botnets that appeared in attacks honeypots caught, the X-Force team was able to infect its own devices and become part of the live botnets, thereby gaining insight into how […] | Malware | ||
|
2021-06-28 12:00:00 | The OSI Model and You Part 6: Stopping Threats at the OSI Presentation Layer (lien direct) | Our travels through the OSI seven layers of networking have shown that each layer has specific weaknesses and angles of attack. In turn, each has its best defenses. Now, we’ve come to the OSI presentation layer. Here translation, encryption and compression all happen. What Is the Presentation Layer? The simplest way to describe the OSI presentation […] |
To see everything:
Our RSS (filtrered)
