What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-29 03:30:00 | COVID-19 Supply Chain Attacks and More: Your April 2021 Security Intelligence Roundup (lien direct) | The COVID-19 supply chain finds itself under fire in this month’s cybersecurity intelligence news. Learn about how another type of supply chain — the cloud through which we download a lot of our software — can also be a risk. And, how could your business make meaningful changes to your cybersecurity posture? Start on your […] | |||
|
2021-04-28 20:00:00 | The Sodinokibi Chronicles: A (R)Evil Cybercrime Gang Disrupts Organizations for Trade Secrets and Cash (lien direct) | It likes big game hunting, it enjoys deploying Cobalt Strike and it dabbles in critical vulnerability abuse. It’s known as Sodinokibi/REvil, a ransomware strain that emerged in 2019 as the heir to the GandCrab ransomware, a malware family that supposedly retired from the cyber crime arena in mid-2019 after reportedly amassing illicit profits of over […] | Ransomware Malware Vulnerability | ||
|
2021-04-27 15:00:00 | Adopting Microsegmentation Into Your Zero Trust Model, Part 1 (lien direct) | The idea to discuss microsegmentation and zero trust came to me while reading cybersecurity articles over cellular data as I was waiting in line one day. And, I wrote this article on different devices: on my laptop connected to my home wireless network; on my tablet over Wi-Fi. Each time I switched devices or wireless […] | |||
|
2021-04-26 13:00:00 | Cloud-Native IAM Controls Part 3: Following Cloud Governance Blueprints (lien direct) | In many cases, one business unit sets up its own cloud-native identity and access management controls differently from another. One of your customers’ business units may need Red Hat, while another may need controls from a specific public cloud provider. The business unit may or may not be using the cloud-native identity and access management […] | |||
|
2021-04-26 11:00:00 | IoT Security: Be Aware of What You Connect at Home (lien direct) | Home IoT device adoption has grown by leaps and bounds. It’s a time of connected gadgets everywhere, and with them, comes security risks. McKinsey predicts the total number of IoT-connected devices will be 43 billion by 2023, with the vast majority being consumer devices. Most of these new devices connect via home routers (another IoT […] | |||
|
2021-04-25 16:00:00 | Self-Assessment: How Can You Improve Financial Services Cybersecurity? (lien direct) | It’s common knowledge that threat actors target banks. Not only might these attackers want to directly steal money, by doing this they’re also hitting the customers and the trust in the bank. If a financial institution suffers a loss, even insurance can only go so far to minimize the actual cost to the organization. The cost […] | Threat | ||
|
2021-04-23 14:30:00 | How Zero Trust Can Help Close the Cybersecurity Skills Gap (lien direct) | Using a zero trust model can help tackle some of the major challenges in cybersecurity today, including the skills gap. In July 2020, Deloitte surveyed webinar attendees about their organizations’ plans to implement a zero trust model. The poll found that four challenges had disrupted the efforts of many employers. A lack of skilled workers […] | Deloitte Deloitte | ||
|
2021-04-23 14:00:00 | Health Care Ransomware Strains Have Hospitals in the Crosshairs (lien direct) | The language of digital attacks shares a lot with the language of disease: ‘viruses’ ‘infect’ computers, and stopping their spread can be like trying to keep down a contagious disease. The two worlds also come together when threat actors attack using health care ransomware. When every minute could change the fate of a patient, preventing […] | Ransomware Threat | ||
|
2021-04-23 10:00:00 | Don\'t Forget: A Checklist for Offboarding Remote Employees Securely (lien direct) | We all know about the threat of threat actors trying to access our corporate data. But with the rise of remote work, keeping an eye on employees during offboarding is an important area to watch, as well. In many cases, employees can still access sensitive data well after they leave the job. This is even […] | Threat | ||
|
2021-04-22 16:00:00 | Why You Need Attack Surface Management (And How To Achieve It) (lien direct) | Attack surface management (ASM) has rightly become a major priority for business leaders and digital defenders alike. The number of connected things is growing, and that means attackers have far more entryways into your networks and systems. With ASM, you can respond proactively to threats to stop them before they start. What is ASM? So, […] | Guideline | ||
|
2021-04-22 13:00:00 | IBM Security Guardium Named Industry Leader for Third Consecutive Time (lien direct) | KuppingerCole named IBM Security Guardium an overall business leader in their Leadership Compass on Database and Big Data Security Solutions. IBM was also again ranked as a leader in all three sections: product, innovation and market. With this in mind, take a look at how KuppingerCole measures today’s solutions and why good data security is so important. […] | Guideline | ★★★★★ | |
|
2021-04-22 10:00:00 | Internet of Threats: IoT Botnets Drive Surge in Network Attacks (lien direct) | As Internet of things (IoT) devices in homes, industrial environments, transportation networks and elsewhere continue to proliferate, so does the attack surface for malicious IoT network attackers. IoT attack activity in 2020 dramatically surpassed the combined volume of IoT activity observed by IBM Security X-Force in 2019. Turning our attention to the factors behind this […] | |||
|
2021-04-21 22:30:00 | Data Poisoning: When Attackers Turn AI and ML Against You (lien direct) | Stopping ransomware has become a priority for many organizations. So, they are turning to artificial intelligence (AI) and machine learning (ML) as their defenses of choice. However, threat actors are also turning to AI and ML to launch their attacks. One specific type of attack, data poisoning, takes advantage of this. Why AI and ML Are at […] | Ransomware Threat | ||
|
2021-04-21 21:00:00 | Cloud Native Tools Series Part 3: Get the Right Tools (lien direct) | As we near the end of our journey into cloud native tools, let’s take a look at visibility. In a previous post, I discussed how business entities need to understand their end of the Amazon Web Services (AWS) shared security model to uphold their cloud defense duties. This knowledge can help them safeguard their digital […] | |||
|
2021-04-20 18:00:00 | What Is SIEM and How Does it Work? (lien direct) | A hidden, lingering threat is a cybersecurity team’s worst nightmare. With security information and event management (SIEM), your team has fewer blind spots when it comes to detecting threats. If you asked a handful of experts for their SIEM definition, you’d get several different unique takes on the market definition. Here’s ours, along with how […] | Threat | ||
|
2021-04-20 12:00:00 | \'Inbox Zero\' Your Threat Reports: How to Combat Security Alert Fatigue (lien direct) | At best, a new cybersecurity alert should trigger immediate action. But we all know in practice that work is not always clear cut. A new alert can find itself as just the latest un-addressed number in the inbox. In an inbox-zero case, the latest new alert is the most urgent task. But in a backed-up, […] | Threat | ||
|
2021-04-20 10:00:00 | Progressive Web Apps and Cookies: Taking a Bite Out of Security (lien direct) | To prevent cookie theft, have cyber defense baked in. With progressive web apps (PWA) and other relatively new protective efforts in place, how can you be sure you’re defending against today’s attackers? Here’s what enterprise needs to know about the rumbling threat of pass-the-cookie attacks, how current cloud and mobile frameworks like PWAs can empower […] | Threat | ||
|
2021-04-19 19:00:00 | Cloud-Native IAM Controls Part 2: An Approach for Governance (lien direct) | Some organizations with multicloud environments opt for a cloud service provider with native identity access management (IAM). However, these same people often struggle when it comes to adding the cloud-native controls into a larger enterprise IAM program. In part 1 of our cloud-native IAM controls blog, we explored why these controls are not enough for […] | |||
|
2021-04-19 19:00:00 | How VPNs Are Changing to Manage Zero Trust Network Access (lien direct) | What do a growing number of cyberattacks, emerging tech, such as artificial intelligence, and cloud adoption have in common? They’re all helping fuel the rise of zero trust. Zero trust network access is, in turn, changing the way we access the internet for work. Let’s take a look at how another common tool today — the […] | Tool | ||
|
2021-04-19 18:00:00 | Why Business Password Management Remains a Struggle (lien direct) | How secure is your password? Everyone has a favorite. Savvy people, of course, know better than to use something that can be easily guessed, like 12345 or ‘Password.’ But, once you latch on to a password you really like and is easy to remember, you use it again on a site you might not visit […] | |||
|
2021-04-16 13:00:00 | How AI in Cybersecurity Addresses Challenges Faced by Today\'s SOC Analysts (lien direct) | Today’s security operations centers (SOC) have to manage data, tools and teams dispersed across the organization, making threat detection and teamwork difficult. There are many factors driving complex security work. Many people now work from home with coworkers in far-away places. The cost and maintenance of legacy tools and the migration to cloud also make […] | Threat | ||
|
2021-04-16 11:30:00 | Combating Sleeper Threats With MTTD (lien direct) | During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019. Although these early versions did not contain the malicious backdoor (this was added in March […] | Threat | ★★★ | |
|
2021-04-16 10:00:00 | Ransomware Attacks in 2021: Information Meets Emotion (lien direct) | “If you want to go quickly, go alone, but if you want to go far, go together.” This African proverb opens the Sophos 2021 Threat Report, and in view of recent cybersecurity events, its meaning is very important when it comes to defending against ransomware attacks. As threat actors work together to provide ransomware-as-a-service, defenders […] | Ransomware Threat | ||
|
2021-04-15 15:00:00 | How to Design and Roll Out a Threat Model for Cloud Security (lien direct) | Today’s cloud security requires a new way of looking at threat models. Making a threat model can support your security teams before problems start. It helps them develop a strategy for handling existing risks, instead of detecting incidents at a later stage. Let’s walk through how to create a threat model that works for your […] | Threat | ||
|
2021-04-15 13:00:00 | Why Security Pros Can\'t Ignore Big Data Monopolies (lien direct) | The rise of the cloud didn’t free us from concerns over who stores our data. Where matters, and major cloud providers and big data monopolies host a huge percentage of the world’s data. Thousands of organizations that store and manage personal, business and government data use big-name cloud providers. Smartphone platform companies house and process terabytes […] | |||
|
2021-04-15 11:00:00 | AI Security: How Human Bias Limits Artificial Intelligence (lien direct) | For cybersecurity experts, artificial intelligence (AI) can both respond to and predict threats. But because AI security is everywhere, attackers are using it to launch more refined attacks. Each side is seemingly playing catch-up, with no clear winner in sight. How can defenders stay ahead? To gain context about AI that goes beyond prediction, detection […] | |||
|
2021-04-14 22:00:00 | The IT-OT Connection: How the Two Work Together (lien direct) | Where hardware meets software, attackers can sneak in. More and more, threat actors are targeting Industrial Control Systems (ICS) and Operational Technology (OT). IBM X-Force found that the number of attacks against those types of assets increased by over 2,000% between 2018 and 2019, with the number of ICS and OT attacks in 2019 having […] | Threat | ||
|
2021-04-14 19:30:00 | Don\'t Stop At \'Delete:\' How Privacy Needs Are Shaping Data Destruction (lien direct) | It’s just part of the job: at some point in a device’s lifecycle, data must be destroyed. While deleting files may mean users and apps can’t access them, simple deletion isn’t enough to truly destroy the data. To be most effective, secure data destruction has to be complete. This is especially true when your organization […] | |||
|
2021-04-14 10:00:00 | An Update: The COVID-19 Vaccine\'s Global Cold Chain Continues to Be a Target (lien direct) | In December 2020, IBM Security X-Force released a research blog disclosing that the COVID-19 cold chain — an integral part of delivering and storing COVID-19 vaccines at safe temperatures — was targeted by cyber adversaries. After that first report, we recently discovered an additional 50 files tied to spear-phishing emails that targeted 44 companies in […] | |||
|
2021-04-13 16:00:00 | Turning Down the Noise: Adding Context to the SIEM With Modern Data Security (lien direct) | Let’s say I tell you that my daughter crawled today. However, you don’t know if my daughter is an infant or 30 years old. If you ask, and I tell you my daughter is an infant, you still don’t know if she’s already been crawling or today marks the first time. If this is the […] | |||
|
2021-04-13 11:00:00 | Wake Me Up Before You Know Know … About the Latest Third-Party Data Breach (lien direct) | “It has gotten to the point, unfortunately, where they are so frequent and common these days, that it’s like, here we go again,” Christopher Sitter says when I asked him about the prospect of a third-party data breach. Sitter is the senior director of information security at Juniper Networks. He manages all things incident response-related — […] | Data Breach | ||
|
2021-04-12 18:00:00 | 3 Reasons Cyberattacks are Increasing (and How Zero Trust Can Help) (lien direct) | The events of 2020 left a lasting impression on the way people work. A third of Americans polled in September 2020 were always working remotely — down from more than half (51%) just a few months earlier. These changes continue to echo across many aspects of our lives. In the digital security space, the shift to […] | |||
|
2021-04-12 17:00:00 | IAM Security: IBM Named Overall Leader (lien direct) | Being unable to do your work because you can’t log in to something is an annoying barrier. Your enterprise needs to provide secure support for connected devices. At the same time, it needs to meet consumer and employee demands for safe and frictionless access to apps and data. So, how do you do that, and […] | |||
|
2021-04-09 15:00:00 | New Ransomware Threats Are Getting Bolder: How to Rewrite the Script (lien direct) | Greater exposure is both good news and bad news when it comes to new ransomware threats. While ransomware attacks themselves are never good news, it is a positive sign that these attacks are receiving more media attention, such as the attack on an entire hospital chain, an attack on a Las Vegas school district and even […] | Ransomware | ||
|
2021-04-08 16:30:00 | How Vulnerability Management Can Stop a Data Breach (lien direct) | Vulnerability management may not be the sexiest topic. But, while buzzier topics are certainly important, vulnerability management may just be the key to an effective data security strategy. According to a Ponemon Institute report, 42% of nearly 2,000 surveyed IT and security workers indicated that they had suffered a data breach in the last two […] | Data Breach Vulnerability | ||
|
2021-04-07 22:00:00 | Why E-Commerce Security Matters Now More Than Ever (lien direct) | In February 2020, the world’s biggest retailer, Amazon, fended off the largest distributed denial of service (DDoS) attack in history. As peak traffic volume hit 2.3 Tbps, e-commerce security experts declared this attack as “a warning we should not ignore.” DDoS attacks are nothing new. Every day, security teams deal with these malicious attempts to […] | |||
|
2021-04-07 19:00:00 | Using the Threat Modeling Manifesto to Get Your Team Going (lien direct) | Secure software development requires a ‘shift left’ — paying attention to security and privacy early in the life cycle. Threat modeling is a very useful activity for achieving this goal, but for a variety of reasons, organizations struggle to introduce it. Last year, a group of industry and academy experts got together with the goal […] | Threat | ||
|
2021-04-07 17:30:00 | What Does Modern Even Mean? How to Evaluate Data Security Solutions for the Hybrid Cloud and Beyond (lien direct) | There is a lot of talk about ‘modern’ data security. Organizations want a data security strategy that aligns with a digitally transformative vision. Tech can sometimes drown in buzzwords. What do modernization and vision actually refer to? And what do modern data security solutions really require? Both terms refer to end-to-end data security for those organizations […] | |||
|
2021-04-06 22:00:00 | Perpetual Disruption Part 1: What is Good Cybersecurity Governance in Health Care? (lien direct) | Disruption means constant change. This brings benefits to businesses and can improve customer loyalty. But, the costs tend to be new and large security challenges. Which raises the question: What role does the chief information security officer (CISO) hold in this ongoing transformation? In this series, we’ll look at perpetual disruption and its impact on cybersecurity […] | |||
|
2021-04-05 11:00:00 | Cookie Hijacking: More Dangerous Than it Sounds (lien direct) | Multifactor authentication (MFA) is a great way to prevent threat actors from using stolen credentials to access your network. But with remote work becoming the norm and the attack surface widening with more apps, devices and systems connecting than ever before, threat actors are working overtime to beat MFA. Cookie hijacking in particular is a […] | Threat | ||
|
2021-04-02 20:30:00 | Software Composition Analysis: Developers\' Security Silver Bullet (lien direct) | Security experts are always looking for a silver bullet. New products promise to resolve all your issues. Typically, these products overpromise to expand market share. Most attacks we see these days occur not because of genius attacks. Instead, they’re due to the company not following the simplest defensive practices. Keeping patches up-to-date and having strong […] | |||
|
2021-04-01 12:00:00 | IBM Named a Strong Performer in The Forrester Wave™: External Threat Intelligence Services, Q1 2021 (lien direct) | How can organizations keep up with today’s evolving threat landscape, highlighted by targeted phishing attacks, profit-seeking ransomware and advanced persistent threats (APTs)? The simple answer is better threat intelligence. Please stop me if this is something you’ve heard before. As cyberattacks continue to become more wide-ranging and complex, so too has the type of threat […] | Ransomware Threat | ||
|
2021-04-01 10:00:00 | Clean Sweep: A 30-Day Guide to a New Cybersecurity Plan (lien direct) | While the arrival of spring promises better days ahead, enterprises are also facing a cyberthreat landscape filled with both familiar threats and emerging attack vectors. As a result, it’s worth taking stock of current security systems and services to see what’s working, what isn’t and where operations can be improved. But how do businesses begin? […] | ★★★ | ||
|
2021-03-31 10:00:00 | Threat Actors\' Most Targeted Industries in 2020: Finance, Manufacturing and Energy (lien direct) | IBM Security’s annual X-Force Threat Intelligence Index uses data derived from across our teams and managed customers to gather insights about the topmost targeted industries every year, helping organizations manage risk and resource investment in their security programs. When it comes to managing digital risk and facing potential cyberattacks, each industry faces its own unique […] | Threat | ||
|
2021-03-30 21:00:00 | Risk Management, C-Suite Shifts & Next-Gen Text Scams: Your March 2021 Security Intelligence Roundup (lien direct) | This month in digital security, scam text messages may seem like an easy attack to dodge, but they’re getting smarter. Meanwhile, chief information security officers are wearing lots of hats. And, is it really possible to ‘future proof’ anything? The World Economic Forum says the way we look at it now isn’t working. Here’s your […] | |||
|
2021-03-30 05:30:00 | Are Cloud-Native IAM Controls Good Enough for Your Enterprise? (lien direct) | Organizations of every type and size are looking to the cloud for a multitude of benefits, including agility, quick time-to-value, cost savings and scalability. But enterprise-scale deployments can make this process complex, more so as it relates to identity and access management (IAM). Protections through the cloud are often a web of permissions that, if your […] | |||
|
2021-03-25 23:30:00 | Consent Management: Picking the Right CIAM Strategy (lien direct) | Practically everything consumers do online — shopping, paying bills and signing up for new services — requires some level of personal data sharing or changing privacy settings. Consumers need to feel that your organization’s digital experiences are worth trusting and that their data will be used for only its intended purpose and kept safe. This […] | |||
|
2021-03-24 11:00:00 | 5 Cloud Security Must-Haves in 2021 (lien direct) | Organizations undertaking the move to the cloud face a blizzard of sometimes confusing buzzwords. There’s hybrid cloud, multicloud, digital transformation, microservices and so much more. While these terms can be confusing, the key element to keep in mind is that cloud data security should be an inherent part of business-level strategy and discussion for any […] | |||
|
2021-03-24 04:55:00 | Women in Cybersecurity: Why Diversity Matters (lien direct) | March is Women’s History Month, so it’s a perfect time of the year to look back and see how far women in cybersecurity have come. From pioneering tech to achieving a gender-equal future in today’s world, it’s a story of invention, strength and achievement. A Brief History of Women in Cybersecurity If you asked someone […] | |||
|
2021-03-22 17:00:00 | Health Care Cybersecurity: Costly Data Breaches, Ensuring PII Security and Beyond (lien direct) | As hospitals get smarter, threat actors have more routes inside. IBM’s recent research on the health care industry shows how smart tools, which could be very valuable for today’s medical facilities, also need healing of their own. What should hospital IT security teams look out for? Our overview of the state of cybersecurity in the health […] | Threat |
To see everything:
Our RSS (filtrered)
