What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-18 17:30:00 | The Next-Gen Cyber Range: Bringing Incident Response Exercises to the Cloud (lien direct) | At IBM X-Force, we keep our customers on the cutting edge of cybersecurity experiences, centered around incident response, and these include responding in cloud native environments. What is cloud native? It is a concept that grew out of the astonishing and rapid transition to cloud computing and is a fundamental shift in how applications and […] | |||
|
2021-03-17 11:00:00 | Reaching Strategic Outcomes With an MDR Service Provider: Part 5 (lien direct) | This is the fifth in a five-part blog series on managed detection and response (MDR) as it drives strategic security outcomes for businesses. Now that you’ve reached part five of this series, you’ve seen how MDR services help organizations. They can help achieve their goals through the context of four key strategic outcomes. You’re familiar […] | |||
|
2021-03-15 14:30:00 | Retail Cybersecurity: How to Protect Your Customer Data (lien direct) | In the early days of the pandemic, many retailers quickly launched e-commerce stores for the first time. Others expanded their offerings, such as adding online ordering with curbside pick-up. Within only a few months, the pandemic accelerated the shift to e-commerce stores by five years. This points to the need for increased retail cybersecurity. The result […] | ★★ | ||
|
2021-03-11 16:53:19 | Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts (lien direct) | IBM X-Force threat intelligence has been observing a rise in Dridex-related network attacks that are being driven by the Cutwail botnet. Dridex is delivered as a second-stage infector after an initial document or spreadsheet arrives via email with booby-trapped macros. Recipients who activate the macros unknowingly launch malicious PowerShell scripts that will download additional malware. […] | Threat | ||
|
2021-03-10 22:31:47 | Top 10 Cybersecurity Vulnerabilities of 2020 (lien direct) | What cybersecurity vulnerabilities new and old should organizations look out for this year? Let IBM X-Force be your guide to today’s top cybersecurity threats with this detailed report. First, scanning for and exploiting vulnerabilities emerged as the top infection vector of 2020, according to the 2021 X-Force Threat Intelligence Index. In other words, attackers are […] | Threat | ||
|
2021-03-09 13:00:00 | Why the Demand for Application Development Security Skills Is Exploding (lien direct) | Application development security is a key task when it comes to looking to the future of cybersecurity. A recent industry study shows it is the fastest-growing cybersecurity skill for the year ahead. Demand is expected to increase by 164% over the next five years. Such growth would bump up the total number of job openings […] | ★★★★★ | ||
|
2021-03-08 14:10:35 | Innovation Through Diverse Thinking: Amplifying Gender Diversity and Shrinking the Skills Gap (lien direct) | Cybersecurity Help Wanted Those of us who work in the cybersecurity field continue to witness the capabilities of adversaries outpace the profession’s ability to protect their organizations. Compounding this issue is limited resources, including a lack of skilled professionals. As the tech industry has forewarned for decades, the need for a bigger and better security […] | |||
|
2021-03-08 14:00:00 | Cloud Native Tools Series Part 2: Understand Your Responsibilities (lien direct) | As I mentioned in my first blog: traditional security just doesn’t work in the cloud. Businesses dependent on the cloud can make up for this by choosing native cloud security tools. But, they can’t do so unless they understand what aspects of cloud security they’re responsible for. The AWS Shared Security Model as a Guide Luckily, […] | |||
|
2021-03-05 14:00:00 | Cloud Clarity: Adding Security and Control to the AWS Shared Responsibility Model (lien direct) | Have your security team members ever made a mistake in the cloud? Human error happens and it can take on many forms. But, none are as serious as failing to understand the way cloud defenses work. If a mistake does come to mind, be reassured you’re not alone. Seven in 10 organizations suffered a public […] | |||
|
2021-03-04 16:30:00 | How Enterprise Design Thinking Can Improve Data Security Solutions (lien direct) | “Design must reflect the practical and aesthetic in business, but above all … good design must primarily serve people,” said Thomas J. Watson, a man synonymous with IBM. To no one’s surprise, he was a proponent of good enterprise design. Design must serve people. It simply makes sense that a well-designed product can meet the […] | |||
|
2021-03-04 15:00:00 | The Shift to E-Commerce: How Retail Cybersecurity is Changing (lien direct) | With more people making purchases from home, now is a more important time than ever to secure your business against retail security threats. More and more customers are moving to online orders with gradual growth accelerated by five years in 2020 alone. Take a look at retail cybersecurity risks and how to protect against them. […] | |||
|
2021-03-03 16:00:00 | Don\'t Speed Past Better Cloud App Security (lien direct) | They say you can only have two of three — fast, good and cheap. When it comes to developing cloud-based applications, I think that a fourth criteria should be added: secure. But, I honestly don’t think that this common advice to project managers who work in today’s market. Successful developers who take cloud app security […] | |||
|
2021-03-03 15:00:00 | A More Effective Approach to Combating Software Supply Chain Attacks (lien direct) | Software supply chain attacks are not new, although, as we have seen recently, if executed successfully, they can have huge payoffs for sophisticated attackers. Detecting malicious code inserted into a trusted vendor’s security updates is difficult to do at scale. For most organizations, it is impractical given the time required to analyze updates versus the […] | |||
|
2021-03-03 12:00:00 | Cybersecurity Trends and Emerging Threats in 2021 (lien direct) | The year 2021 is finally here, bringing with it the promise of a brighter future — but a long road ahead. In this piece, we’ll dive into five cybersecurity trends that pose significant potential risk in 2021 and offer practical advice to help entities reduce overall risk. The first quarter of 2021 represents a cybersecurity […] | |||
|
2021-03-02 14:00:00 | \'Clear and Present Danger\': Why Cybersecurity Risk Management Needs to Keep Evolving (lien direct) | The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms race to breach and protect, cybersecurity risk — and cybersecurity risk management — are always changing. As a recent report by World Economic Forum shows, businesses and other entities should know […] | Threat | ||
|
2021-03-02 11:00:00 | Cybersecurity Gaps and Opportunities in the Logistics Industry (lien direct) | Shipping and logistics is, in many ways, the backbone of our lives and businesses. What business doesn’t benefit from fresh food or a timely delivery? Unfortunately, this industry is open to cyberattacks just like anyone else. Luckily, groups in the trucking and logistics industry aren’t powerless to address these challenges. Check out how you can […] | |||
|
2021-03-01 13:00:00 | Offboarding: A Checklist for Safely Closing an Employee\'s Digital Doors (lien direct) | Three years after I left my former job, I got an official letter telling me the organization suffered a data breach. My personal information was at risk of identity theft. I shouldn’t have been surprised. That job’s offboarding process hadn’t been the best. For years after leaving, I had access to my email and to […] | |||
|
2021-03-01 12:00:00 | Developers vs. Security: Who is Responsible for Application Security? (lien direct) | Call it the blame game or just a vicious circle. The long-standing tension between developers and IT security experts is not easing anytime soon. Each side blames the other for security risks in application security and other areas, but digital defense overall will suffer unless the two sides come together. We spoke to Vikram Kunchala, […] | |||
|
2021-02-26 16:09:41 | Security Automation: The Future of Enterprise Defense (lien direct) | When it comes to giving cyber security experts the tools they need to take action, automation and machine learning (ML) can make a big difference. Many companies are working with high volumes of data, and types and variants of attack are always growing and changing. It can become too much for people to process in […] | ★★★★ | ||
|
2021-02-24 11:00:00 | 2021 X-Force Threat Intelligence Index Reveals Peril From Linux Malware, Spoofed Brands and COVID-19 Targeting (lien direct) | From the front lines of incident response engagements to managed security services, IBM Security X-Force observes attack trends firsthand, yielding insights into the cyber threat landscape. Every year, X-Force collates billions of data points to assess cybersecurity threats to our customers. This report — the X-Force Threat Intelligence Index 2021 — represents our latest edition of […] | Threat | ||
|
2021-02-22 13:00:00 | How a CISO\'s Executive Role Has Changed (lien direct) | Ever since the role of the chief information security officer (CISO) was first created in 1994, the position has been treated like the pesky youngest sibling in the C-suite family. In the office, the CISO wasn’t given the same voice as the chief information officer (CIO) or other executives. During meetings of the board of […] | ★★ | ||
|
2021-02-19 16:00:00 | Manufacturing Cybersecurity Threats and How To Face Them (lien direct) | With manufacturing cybersecurity threats on the rise, what should companies know about protecting their digital assets in the future? Risks to Security in Manufacturing The number of ransomware incidents involving the manufacturing sector increased 156% between the first quarters of 2019 and 2020. Later in 2020, ransomware actors demanded $17 million from a laptop maker […] | Ransomware | ||
|
2021-02-18 15:00:00 | Cyber Resilience Strategy Changes You Should Know in the EU\'s Digital Decade (lien direct) | For enterprises operating in Europe, the European Commission’s December 2020 EU Cybersecurity Strategy may dictate how you go about improving cyber resilience. The 2020 EU Cybersecurity Strategy underlines the important role of cybersecurity for a growing EU economy and reinforcing user confidence in digital tools. The publication goes beyond cybersecurity policy and compliance aspects […] | |||
|
2021-02-17 14:00:00 | The Uncertainty of Cybersecurity Hiring (lien direct) | Cybersecurity hiring is going through a weird phase. The pandemic, the remote work movement, budget changes and the rising aggression and refinement of cyber attacks are all major shifts. Through it all, and into the future, is a persistent cybersecurity skills gap. There simply aren’t enough experts in this field to go around. And while […] | |||
|
2021-02-16 14:00:00 | Solving 5 Challenges of Contact Tracing Apps (lien direct) | Contact tracing apps are designed to help public health agencies connect the dots by linking confirmed carriers of novel coronavirus to recent, close-proximity interactions. In theory, this creates a protective safety net — a way for countries to manage the spread and mitigate the impact of COVID-19 at scale. Despite good intentions, the push for […] | |||
|
2021-02-15 18:29:34 | Unleash the Power of MITRE for a More Mature SOC (lien direct) | The MITRE adversarial tactics, techniques and common knowledge (ATT&CK) framework brings pooled knowledge from across the cyber defense community, including revealing what threat actors are up to and how best you can defend against them. Let’s take a look at what MITRE offers and how this framework goes hand-in-hand with developing a security operations center (SOC) […] | Threat | ||
|
2021-02-15 16:00:00 | Network Segmentation Series: What is It? (lien direct) | This is the first in a series of three blog posts about network segmentation. Many businesses are looking to augment their defenses by changing their approach to network security. Take the heightened awareness around building zero trust networks, for instance. Embracing the shift to zero trust will require users to address the threat of lateral movement. […] | Threat | ||
|
2021-02-12 15:00:00 | Beyond Text Messages: How to Secure 2FA Against Phone Authentication Scams (lien direct) | If you or your employees access protected information with authentication codes sent to a cell phone, you might want to rethink your plan. Two-factor authentication (2FA) using text messages can fall prey to phone authentication scams. That’s not to say 2FA itself is a problem. You should keep using it, and many groups have turned […] | |||
|
2021-02-12 13:30:00 | Why Every Company Needs a Software Update Schedule (lien direct) | Software without the most recent patch is like an unlocked door for threat actors. They know the openings are there and can just walk in. But patching and a software update schedule can make sure that door stays locked. Applying patches isn’t difficult. Click a few buttons, reboot and you are good to go. Even […] | Threat Patching | ||
|
2021-02-11 16:30:00 | 5 Ways to Overcome Cloud Security Challenges (lien direct) | During the second quarter of 2020 — for the first time in history — customers worldwide spent more on public cloud systems than on investments in non-cloud IT systems. With more cloud spending than ever before, the battle for market share among the leading public cloud providers (PCPs) heated up. The same tactics major providers […] | Guideline | ||
|
2021-02-11 14:00:00 | AI Security: Curation, Context and Other Keys to the Future (lien direct) | Security leaders need to cut through the hype when it comes to artificial intelligence (AI) security. While AI offers promise, buzzwords and big-picture thinking aren’t enough to deliver practical, useful results. Instead, using AI security correctly starts with knowing what it looks like today and what AI will look like tomorrow. Improved curation, enhanced context […] | Guideline | ||
|
2021-02-10 17:00:00 | Hiring Cloud Experts, Despite the Cybersecurity Skills Gap (lien direct) | The cybersecurity skills gap continues to be a real issue, but there may finally be a light at the end of the tunnel. For the first time, the skills gap has decreased, according to (ISC)2’s annual Cybersecurity Workforce Study. This study defines the skills gap as “the difference between the number of skilled professionals that […] | |||
|
2021-02-10 14:00:00 | Smell the Attack? Sensory-Immersive Cyber Range Training for Industry 4.0 (lien direct) | Humanity has been through a number of industrial revolutions since the 1760s, and is now at its fourth cycle of sweeping industrial innovation, known as Industry 4.0. It is characterized by the ongoing automation of traditional manufacturing and industrial practices using modern smart technology. As such, it inherits risks and threats that apply to connected […] | ★★ | ||
|
2021-02-10 12:00:00 | Boost Your Organization\'s Digital Security With Zero Trust (lien direct) | Organizations are increasingly creating zero trust policies to augment their digital security postures. According to Infosecurity Magazine, 15% of organizations say they implemented a zero trust policy by the end of 2019. An additional 59% of participants revealed their intention to create a policy of their own within the next 12 months. To understand why […] | |||
|
2021-02-09 15:00:00 | Employee Mental Health: Managing Stress and Trauma (lien direct) | For many people working in cybersecurity, employee mental health could be a bigger part of our days. Our jobs entail a lot of putting out fires and being hyper-vigilant to the hazards of the internet. Being constantly on guard against danger and participating in adrenaline-filled responses to emergencies puts stress on us. This can lead […] | Guideline | ||
|
2021-02-09 13:00:00 | Cloud Security Considerations to Watch Out for During Mergers and Acquisitions (lien direct) | Staying vigilant through each phase of a mergers and acquisitions (M&A) process can help businesses overcome cloud threats. Threat actors have hit victims during M&As in the past, such as the data breach that affected more than 500 million customers in 2018. Such cases force businesses to look into data exposure before and after M&As, […] | Data Breach Threat | ★★★★ | |
|
2021-02-08 16:00:00 | Cybersecurity Insurance Pros and Cons: Is it the Best Policy? (lien direct) | Cyberattacks can cause major loss of revenue for businesses and other groups of all sizes. As a result, cybersecurity insurance is being discussed more and more. The prospect of getting money back after an attack becomes increasingly appealing. But, is it right for every organization? What are the pros and cons? Who already has it? […] | |||
|
2021-02-08 13:00:00 | Cloud Native Tools Series Part 1: Go Beyond Traditional Security (lien direct) | Like anyone who works with their hands, cybersecurity experts need the right tools for the job. As we’ll see in this blog and the series to follow, cloud-based threats need cloud native tools to combat them. Traditional security tools don’t provide the same level of functionality in the cloud as they do on premises. According […] | |||
|
2021-02-05 18:00:00 | Moving Threat Identification From Reactive to Predictive and Preventative (lien direct) | In a previous post, we focused on organizations’ characteristics, such as sector, geography, risk and impact, when discussing the pillars of building a threat identification program. Now, we move deeper into the concept and expand upon the threat identification process through example scenarios, helping translate the conceptual framework into daily practice. It’s Always About Business […] | Threat | ||
|
2021-02-05 16:00:00 | Remote Work Trends: How Cloud Computing Security Changed (lien direct) | Looking back on 2020, we can honestly say it was a year like no other. We faced wildfires, hurricanes, a raucous election season and, of course, a pandemic that forced millions of people to work, socialize and attend school from home. For cybersecurity teams, 2020 presented a unique challenge. How do you continue to offer […] | ★★★ | ||
|
2021-02-05 14:00:00 | 5 Ways Companies Can Protect Personally Identifiable Information (lien direct) | Protecting personally identifiable information (PII) is one of the key aspects of a security expert’s job. What does personally identifiable information include? Social Security numbers, birth dates and places, financial accounts and more can give threat actors a foothold to identify someone or steal their money or identity. This data could also be used to […] | Threat | ||
|
2021-02-05 12:00:00 | How Doxing Affects Gen Z (lien direct) | In the past, public and famous figures had to worry most about doxing. Two men were arrested in New York for doxing after posting home addresses and Social Security numbers of dozens of law enforcement personnel on the internet. Last year, federal prosecutors sentenced a former Senate aide for releasing personal information online about five […] | |||
|
2021-02-04 15:30:00 | Does a Strong Privacy Program Make for a Stronger Security Program? (lien direct) | There is a saying in sociopolitical circles: “politics is downstream from culture.” Using that same line of thinking, poses a question: Is information security downstream from data privacy? In order to tell the difference between security and privacy and how they feed in to each other to achieve both, we’ll look at the leading regulation: the National Institute of […] | Guideline | ||
|
2021-02-04 13:00:00 | Link Previews Could Threaten Your Digital Security and Privacy (lien direct) | Popular chat apps sometimes use link previews as a convenient shortcut. Link previews are pop-up boxes you might see on a chat app or other social media platform when you share a URL. Link previews summarize the contents of the URL and display the name of the linked website, an image and a description of the […] | |||
|
2021-02-04 11:00:00 | School\'s Out for Ransomware (lien direct) | When I was growing up, snow days (days off for inclement weather or heavy snowfall) weren’t uncommon. We’d get 24 hours or so of freedom, then mother nature would eventually step in and resolve the problem. But today’s kids are dealing with a new kind of snow day, one mother nature can’t help with — […] | Ransomware | ||
|
2021-02-03 21:00:00 | How to Shut Down Business Units Safely (lien direct) | A nimble organization needs to be ready for growth — and cuts. Sometimes business closure or shutting down a unit is needed, either as part of the evolution of a company, as part of a company’s growth via merger and acquisition, or as the result of restructuring or for some other reason, such as a […] | |||
|
2021-02-03 18:30:00 | Consider the Human Angle in Your Threat Modeling (lien direct) | When it comes to threat modeling, many businesses plan as if there were only a few possible scenarios in which cybersecurity or privacy-related incidents could occur. We need to plan for more cybersecurity hazards than just basic social engineering, insider threats and product vulnerabilities. Both our businesses and our customers face threats that are messier than […] | Threat | ||
|
2021-02-03 14:00:00 | A Look at HTTP Parameter Pollution and How To Prevent It (lien direct) | With HTTP Parameter Pollution (HPP) attacks, threat actors can hide scripts and processes in URLs. First discovered in 1999, this technique can also allow threat actors to pollute the parameters in the URL and the request body. This could lead to behavior changes in the app, such as cross-site scripting, privilege changes or granting unwanted […] | Threat Guideline | ||
|
2021-02-02 13:00:00 | Reaching Strategic Outcomes With An MDR Service Provider: Part 4 (lien direct) | This is the fourth in a five-part blog series on managed detection and response as it drives strategic security outcomes for businesses. More and more managed detection and response (MDR) providers need to recognize their place among multicloud platforms. Today’s businesses often have data scattered among different cloud providers. Most vendors offer cloud-based services, after […] | ★★★ | ||
|
2021-02-02 12:00:00 | CISO Success: It\'s About More Than Tech Skills (lien direct) | The chief information security officer (CISO) is a relatively new position in the C-suite. It’s about 25 years old or less, depending on whom you ask. But, it is only within the last 10 or so years that the role has taken on greater prominence, likely because of the increase in cyber breaches over the […] |
To see everything:
Our RSS (filtrered)
