What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-24 22:00:00 | Data Security Along Every Stage of the Journey (lien direct) | Let’s say you’re planning a train robbery in the Old West. Your posse can jump on board at the station, on the route or at the last stop. The same is true of today’s data robbers. There are three main states in which data exists across an enterprise: at rest, in motion and in use. As […] | ★★★★★ | ||
|
2021-06-24 16:00:00 | Shifting Left With Analytics to Identify Software Supply Chain Anomalies (lien direct) | If your work touches on the world of software development, you’ve likely heard the saying ‘software is eating the world’ by engineer/investor Marc Andreessen. He argued that building software was becoming the business and that it has completely taken over companies. But while many can stand to benefit greatly from the brave new world where […] | |||
|
2021-06-23 19:00:00 | Ursnif Leverages Cerberus to Automate Fraudulent Bank Transfers in Italy (lien direct) | Contributed to this research: Segev Fogel, Amir Gendler and Nethanella Messer. IBM Trusteer researchers continually monitor the evolution and attack tactics in the banking sector. In a recent analysis, our team found that an Ursnif (aka Gozi) banking Trojan variant is being used in the wild to target online banking users in Italy with […] | |||
|
2021-06-23 15:00:00 | “Our IT teams have an Incident Response Plan. We\'re prepared for a cyberattack.” Maybe not. (lien direct) | Phishing attacks, insider threats, denial of service disruptions, malware and ransomware — cybersecurity incidents like these happen on a daily basis. For most of these incidents, the onsite IT team will remediate based on a pre-developed plan and process. And for many of these incidents, that’s a solid approach. But those incident response plans and […] | Ransomware Malware | ||
|
2021-06-22 20:15:00 | How One Application Test Uncovered an Unexpected Opening in an Enterprise Call Tool (lien direct) | Working as security consultants is highly rewarding. Companies depend on us to view their environment from the perspective of an attacker and find vulnerabilities that could enable threats to succeed. One of the most impactful parts of our role is when we’re the first to find a major vulnerability that could lead to a widespread […] | Tool Vulnerability Guideline | ||
|
2021-06-22 17:30:00 | XDR: The Central Nervous System of Zero Trust (lien direct) | If zero trust is the brain that watches out for the health of the digital body, extended detection and response (XDR) serves as the nerves that bring it information. And as the digital world rapidly changes, XDR can adapt. Why is pairing XDR with zero trust the right choice? Zero Trust in a Changing World […] | ★★★★★ | ||
|
2021-06-21 12:00:00 | The OSI Model and You Part 5: Stopping Threats at the OSI Session Layer (lien direct) | In our journey through the Open Systems Interconnection (OSI) seven layers of networking, the OSI session layer is a gatekeeper that manages the connection between applications. In other words, we are past just connecting devices. Now, we need to do something with that connection, which at this stage is called a session. This part of […] | |||
|
2021-06-18 15:45:00 | Data is Wealth: Data Security is Wealth Protection (lien direct) | In 2021 alone, humanity (and a few robots) will create 79 sextillion bytes of data. That’s nearly 10 million times the estimated number of grains of sand on Earth. And those 79 sextillion bytes of data are in addition to all the data we already have. So today, organizations everywhere are not just swimming in data; […] | |||
|
2021-06-18 02:30:00 | The Art and Strategy of Becoming More Cyber Resilient (lien direct) | In the military, the art of strategy is key. It teaches how to win a war through a series of battles, campaigns and tactics. In the cybersecurity world, we have been on the defensive side for as long as we can remember. We focus on frameworks and tactics such as Defense in Depth, the onion […] | |||
|
2021-06-17 05:56:14 | Secure Coding with DDD (lien direct) | Domain-Driven Design for Secure Code With the ever-growing software ecosystem, attributes for successful product are performance, security, maintainability, and usability. When it comes to delivering product the priorities are quality assurance, time to market and it need to stay within budget. The security-related tasks in the backlog keep getting lower priority compared to the […] | ★★★ | ||
|
2021-06-16 21:00:00 | Why a Phishing Attack Is Still Profitable - And How To Stop One (lien direct) | As the business world continues to grapple with an expanding definition of new normal, the phishing attack remains a common tactic for attackers. Why are phishing attacks still happening? How can we prevent them? We spoke to a threat analyst who has the answers. In May 2020, X-Force research uncovered a precision-targeting (or spear phishing) […] | Threat | ||
|
2021-06-16 19:00:00 | The Hottest Cybersecurity Must-Reads for the Busy Security Practitioner (lien direct) | You’re busy. We get that. Let’s suppose you’re like most of your colleagues in security. In that case, it’s almost like Groundhog Day. It starts with chasing the latest threat and protecting your company or agency from attacks. It ends with you wondering where the last eight (or more) hours went. This leaves you little […] | Threat | ||
|
2021-06-15 13:00:00 | Learning the Building Blocks for Your CIAM Framework Part 3: Manage (lien direct) | Imagine being able to manage hundreds of millions of IDs and process billions of logins and other transactions per day. That’s what you can achieve for your organization by using consumer identity and access management, or CIAM. At the same time, your users can manage their data themselves by having a CIAM system ready to […] | |||
|
2021-06-15 10:00:00 | Surge of New Digital Accounts During the Pandemic Leads to Lingering Security Side Effects (lien direct) | How many online accounts did you open during the pandemic? A new survey examines the impact of this digital surge on risk to consumers and businesses alike. The unexpected nature of a global pandemic that washed over the entire world left everyone scrambling to maintain their daily activities and work as best they could. With […] | ★★★ | ||
|
2021-06-15 09:00:00 | Cybersecurity Certifications: Take Your Career to the Next Level (lien direct) | As I help my two teenagers figure out what to do after high school, I wonder when a certification is better than a four-year degree. I’ve seen firsthand the pressure among their friends to invest a very large amount of money in college. Meanwhile, the teenager doesn’t really know what they want to do for […] | ★★★★★ | ||
|
2021-06-14 14:00:00 | The OSI Model and You Part 4: Stopping Threats at the OSI Transport Layer (lien direct) | As we’ve talked about in the rest of this series, there are several ways to use the Open Systems Interconnection (OSI) seven layers of networking model to help us secure our networks and make them more resilient. Now, we’ve reached the first of the ‘host’ layers, the OSI transport layer. Previously, we described ‘what’ allows data […] | |||
|
2021-06-11 14:00:00 | Educating the Educators: Protecting Student Data (lien direct) | I found my 17-year-old son happily playing video games last year when he was supposed to be in virtual school. But after a few questions, I learned he wasn’t skipping school. His class had been canceled after his teacher fell for a phishing attack, and their computer was infected with a virus. This isn’t an […] | ★★★★ | ||
|
2021-06-11 12:00:00 | Everyone Wants to Build a Cyber Range: Should You? Part 2 (lien direct) | The COVID-19 pandemic has shifted the way we work, and a large variety of teams have either gone virtual or hybrid, working remotely in some capacity, including IT and security teams. In a pandemic or other crisis, security teams that wish to stay sharp and continue to work on their incident response capabilities should consider […] | ★★★ | ||
|
2021-06-10 11:00:00 | Confidential Computing: The Future of Cloud Computing Security (lien direct) | Two years ago, a group of tech companies introduced a new roadmap for cloud computing security. Confidential computing “uses hardware-based techniques to isolate data, specific functions, or an entire application from the operating system, hypervisor or virtual machine manager, and other privileged processes,” says IEEE Spectrum. So, what sets this apart from other digital defense efforts? […] | ★★★★ | ||
|
2021-06-10 09:00:00 | How Good Transaction Security Can Make Customer Visits Easier (lien direct) | Every time I start to put my information into an online form, especially if it’s my credit card number or a banking transaction, I almost always pause. There was a time when I entered customer data without a second thought. Now, with the constant news of breaches and attacks, even those not in the cybersecurity […] | ★★ | ||
|
2021-06-09 15:00:00 | 5 Global Supply Chain Security Threats (and How to Handle Them) (lien direct) | In December 2020, a nation-state attack on the SolarWinds network management system compromised the supply chains of over 18,000 organizations, including the Pentagon and the Department of Homeland Security. With costs likely to run into the billions, this breach was one of the biggest incidents in recent years — but it won’t be the last. […] | ★★ | ||
|
2021-06-09 13:00:00 | Thoughts From a Data Security Expert: 3 Things That Keep Me Up at Night (lien direct) | As an IT leader in charge of database engineering and database audit and compliance for a Fortune 50 American company with millions of customers, I know that there are potential risks and vulnerabilities inherent in every aspect of data management. Companies like ours store and change terabytes of operational and customer data on a constant […] | Guideline | ||
|
2021-06-09 11:00:00 | Cyber Gangs: Who Are They in 2021 and What Do They Want? (lien direct) | Cyber crime gangs have been operating for years, but in recent months, they’ve shifted tactics. They’ve embraced new technologies, exploited new opportunities, delivered new payloads and sought out new targets. Their aim is to maximize the amount of money they can collect through cyber crime. Gangs, such as Cosmic Lynx, Exaggerated Lion, Fin7 and Florentine […] | ★★★★ | ||
|
2021-06-08 11:00:00 | Critical Business Operations Are At Risk, and Companies Are Not Making This a Priority (lien direct) | Many companies around the world with industrial operations environments, commonly referred to as operational technology (OT) environments, do not invest the same resources to protect OT systems as they do to secure their corporate enterprise environments. Yet, these same companies are investing significantly to transform these environments with modern technologies and techniques to improve productivity, […] | ★★ | ||
|
2021-06-08 09:00:00 | Securing Your Cloud Transformation Journey (lien direct) | Cloud computing introduced a paradigm shift in how companies operated, maintained and spent on IT. Through its varied service models (IaaS, PaaS and SaaS), it offers companies the ability to spin up their infrastructure in minutes, auto scale on demand, pay only as per use and offset significant IT costs spent on running and maintaining […] | |||
|
2021-06-07 14:00:00 | Driving the Desire for FAIR: What Is Your \'Why\' for Security Risk Quantification? (lien direct) | One of the first questions I ask when working with an organization is “Why are you interested in making FAIR (Factor Analysis of Information Risk) a part of your standard risk management practice?” The answer is different for every client, and that truly highlights the value of risk quantification. We can apply risk quantification to […] | |||
|
2021-06-07 12:00:00 | The OSI Model and You Part 3: Stopping Threats at the OSI Network Layer (lien direct) | Networking models help us understand the ‘lay of the land’ when it comes to protecting the network. In our journey through the Open Systems Interconnection (OSI) framework, we’ve arrived at the last stop in the media group, the OSI network layer. Remember, we’ve gotten here via the OSI data link layer, or the ‘how’ the […] | ★★★★ | ||
|
2021-06-04 14:00:00 | How to Get on the CISO Certification Path (lien direct) | Cybersecurity workers are very proud of their certifications. Just check their email signatures for the alphabet of them: CISSP (certified information systems security professional), CISM (certified information security manager) and CCISO (certified chief information security officer) to name a few. But does every CISO need a CISO certification? And if you want to be a CISO, […] | |||
|
2021-06-04 12:00:00 | Ransomware Attack Response Should Extend Beyond Money to Your Team\'s Morale (lien direct) | A ransomware attack can hurt employee morale in unique ways compared to other types of attacks. Depending on how the company reacts, employee morale can drop, and security teams become less effective. While recovering from any malware incident can cost a significant amount of money, too many companies respond to ransomware by funding threat actors […] | Ransomware Malware Threat | ||
|
2021-06-04 10:00:00 | Poison in the Water: The Physical Repercussions of IoT Security Threats (lien direct) | I’d wager few people had ever heard of Oldsmar, Florida, prior to 2021. That all changed in February when the city made headlines. The reason? An Internet of things (IoT) security incident moved into the physical world. A Tale of Lifted Lye Levels At 8 a.m. local time on February 5, 2021, an operator at […] | |||
|
2021-06-03 19:00:00 | Why the Worst Cloud Security Predictions Might Not Come True (lien direct) | We’ve all heard dire predictions about the future of cybersecurity trends, especially cloud security. Internet of things (IoT) environments will expand the attack surface beyond control and encourage breaches. Hybrid offices will always pose a greater risk as cyber criminals exploit flex and remote work. Insecure application programming interfaces (APIs) will open the door to […] | |||
|
2021-06-03 09:00:00 | IoT Security: Thieves Are Targeting Smart Cameras - Here\'s How To Stop Them (lien direct) | Among the many important aspects of Internet of things (IoT) security, live cameras are one of the most open to misuse. People have been video snooping, watching private cameras and doing other sketchy things around connected cameras for many years. But in recent months, the intensity and risk around video have risen. Video has breached […] | ★★★★ | ||
|
2021-06-02 23:00:00 | Cloud Security: Why Being Intentional in Encryption Matters (lien direct) | Cloud security and web application security demand technology and practices that protect applications and data hosted remotely. Good old-fashioned data encryption is chief among these. The reasons for encrypting cloud data, of course, are privacy, security and regulatory compliance — all standard for any successful enterprise. At the bottom of all this is the idea […] | |||
|
2021-06-02 13:00:00 | School Cybersecurity: How Awareness Training Removes Attackers\' Options (lien direct) | Keeping student data safe and maintaining information security in education are part of living in today’s world for educators. Why is it important to include data security in their work? Find an example of how to set up a school cybersecurity policy and more below. School Cyberattacks On the Rise There’s no sign that digital […] | ★★★★★ | ||
|
2021-06-02 11:00:00 | Cyber Extortion: What You Need to Know in 2021 (lien direct) | Over the years, the term ransomware has taken on a new meaning for many businesses and local governments. This used to be considered a relatively new and emerging form of malware. Now, attackers have transformed it into a sophisticated and aggressive form of cyber extortion. Businesses feel the impact of ransomware globally. Their leaders need to be […] | Ransomware Guideline | ||
|
2021-06-01 11:00:00 | How the Rise of the Remote SOC Changed the Industry (lien direct) | What does the rise of remote security operations centers (SOCs) mean for cybersecurity jobs? The longer people work from home during the pandemic, the more they rate remote working a success for their companies. While companies of all sizes are still working out the details of what the return to work looks like, the consensus […] | ★★★★★ | ||
|
2021-06-01 09:00:00 | Zero Trust or Bust: What It Is and Why It Matters to Data Security (lien direct) | How many different ways can data be compromised? First, both external and internal threats can target it. External threats can come in the form of malware or ransomware. Meanwhile, internal threats can come from malicious insiders working from behind trusted accounts. Insiders can become a threat simply by clicking a phishing link or being tricked […] | Malware Threat | ||
|
2021-05-31 14:00:00 | Strike First: The Benefits of Working With an Ethical Hacker (lien direct) | With cybersecurity attacks on the rise, companies must explore new ways to stay one step ahead of threat actors. IDG Research Services found that 78% of IT leaders are not confident in their companies’ security postures, which lead 91% of organizations to increase cybersecurity funding for 2021. As part of this increased focus, many companies are turning […] | Threat Guideline | ||
|
2021-05-31 12:00:00 | The OSI Model and You Part 2: The Data Link Layer (lien direct) | If the physical layer we talked about earlier in this series about OSI layers is the ‘what’ that allows data to travel, the data link layer is the ‘how.’ In the previous piece of this seven-part series on the OSI model, we described the physical layer and what cybersecurity threats could impact it. Remember, the key […] | ★★★★★ | ||
|
2021-05-29 10:00:00 | IoT Security: Why Food Industry Cyber Awareness Should Be Your Main Ingredient (lien direct) | The food industry faces an uncertain future. Restaurants and prepared-food companies, food manufacturers, farmers and producers that survived the lockdowns of 2020 and 2021 are heading into a new world. Some of the competition has been removed, new players are entering the market and both tastes and consumer habits have changed. Take a look at […] | |||
|
2021-05-28 18:00:00 | Hackers Launch Cyberattack via U.S. Aid Agency Email Accounts (lien direct) | Microsoft announced a Russian threat group (ITG05, aka Nobellium, APT28) also thought to be behind the SolarWinds attack conducted an email campaign masquerading as the U.S. Agency for International Development. Microsoft reports that while organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries. The earlier campaign […] | Threat | APT 28 | |
|
2021-05-27 13:00:00 | Security by Design and NIST 800-160, Part 4: Technical Processes From \'Go\' to Disposal (lien direct) | Even if you are not an engineer, NIST 800-160 Volume 1 could help you in your work to understand security by design. It shows what you need to secure your information system. In the other blogs in this series, we’ve summarized the major points of the document. In the final installment, we’ll take a look at […] | |||
|
2021-05-27 11:00:00 | Your May 2021 Security Intelligence Roundup: The DarkSide Ransomware Attack, Better Zoom Meetings, and How To Secure OpTech (lien direct) | Gas shortages caused panic after the Colonial Pipeline attack two weeks ago. This highlights how digital attacks can break into the real world in a big way. Specifically, the Colonial Pipeline attack blends crypto-locking data with data exfiltration and extortion, as well as other threats to infrastructure. How did the attackers do it, and what […] | Ransomware | ||
|
2021-05-27 06:30:00 | Everyone Wants to Build a Cyber Range: Should You? (lien direct) | During the past six months, IBM X-Force has been seeing an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and […] | |||
|
2021-05-26 21:00:00 | Token Resistance: Tackling the New NFT Threat Landscape (lien direct) | Nonfungible tokens (NFTs) are big business — but come with significant cyber- and crypto-security risk. Part of the problem is that the NFT landscape is poorly understood. They also make up part of a massively overpriced blockchain-based network that could open the door to new security threats. So, how do companies prepare for the coming […] | Threat | ||
|
2021-05-26 20:00:00 | The Cybersecurity Ecosystem: How Did It Get So Crowded? (lien direct) | Peek inside any enterprise security operations center (SOC) today, and you’ll likely see a crowded and high-pressure cybersecurity ecosystem. Over the past few years, as technology evolved rapidly, attackers have developed a growing array of strategies and tactics. In response, security organizations have deployed more and more tools and point solutions, engaged with increasing numbers […] | |||
|
2021-05-26 19:30:00 | Ryuk Ransomware Operators Shift Tactics to Target Victims (lien direct) | The Ryuk ransomware operators continue to target critical infrastructure and extract high ransom payments from vulnerable groups, including an attack on a large health care organization last year. The victim has 90,000 employees and around 400 hospitals, outpatient clinics and behavioral health centers in the U.S. and U.K. During the attack, which shut down computers and […] | Ransomware | ||
|
2021-05-25 21:00:00 | Try These Best Practices to Counter Common Cybersecurity Risks (lien direct) | Since the beginning of the pandemic, ransomware and other cyber attacks have spiked. Meanwhile, millions of people have shifted from working in offices to working remotely. Organizations are increasingly relying on video conferencing, virtual private networks (VPNs) and remote desktop protocol admin tools. Many employers believe that, to cut down on these risks, they should […] | Ransomware | ||
|
2021-05-25 17:35:00 | Applying the Invisibility Cloak: Obfuscate C# Tools to Evade Signature-Based Detection (lien direct) | This is the first in a new series from our offensive security experts at X-Force Red sharing research, resources and recommendations to help you harden your defenses and protect your most important assets. Attackers and offensive security professionals have been migrating from PowerShell to C# for post-exploitation toolkits due to advances in security product configurations […] | ★★★★★ | ||
|
2021-05-25 09:00:00 | Supply Chain Attacks: How To Reduce Open-Source Vulnerabilities (lien direct) | When you read that software supply chain attacks increased 42% in the first quarter of 2021 over Q4 2020, you might think the cybersecurity problem was related to the traditional supply chain. Many people think of a supply chain as boxes of products on trucks and ships. Software companies don’t ship physical CDs of their […] |
To see everything:
Our RSS (filtrered)
