What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-01 23:30:00 | Password Safety: Rethink Your Strong Password (lien direct) | “Use longer, stronger passwords.” This is a directive we’ve been accustomed to hearing for decades. Many of us are using strong passwords with a combination of uppercase letters, lowercase letters, numbers and special characters. The speed at which threat actors can brute force our long passwords has ramped up. In a brute force password attack, […] | Threat | ||
|
2021-02-01 22:30:00 | Is the End of the Firewall in Sight? (lien direct) | Is a firewall a thing of the past? People have been questioning the utility of firewalls for years. Columnist and editor Roger A. Grimes wrote that “firewalls need to go away” in May 2012. Grimes reasoned this was because firewalls “have always been problematic, and today there is almost no reason to have one.” Is […] | |||
|
2021-01-29 20:30:00 | The Importance of Mobile Technology in State Electronic Visit Verification (EVV) Programs (lien direct) | Under the federal Electronic Visit Verification mandate, care providers for people with disabilities or the elderly confined to their homes will need to check in and out with a device equipped with GPS. It isn’t a security risk mandate per se, but the use of connected devices for this could add some risk. What is Electronic […] | |||
|
2021-01-29 13:00:00 | Triage Attacks More Efficiently With AI for Cybersecurity (lien direct) | Think of cybersecurity like your personal health. In cybersecurity, basic cyber hygiene foils most cyber attacks. With a shortage of cyber experts, just as in medicine, finding faster and better ways to train practitioners using real-world scenarios is key. However, artificial intelligence (AI) for cybersecurity can improve a team’s response by triaging threats on its […] | ★★ | ||
|
2021-01-29 12:00:00 | Space Cybersecurity: How Lessons Learned on Earth Apply in Orbit (lien direct) | The universe is getting smaller, and space cybersecurity is keeping up. On May 30, 2020, nearly a decade after the Space Shuttle program ended, people witnessed a first: a vehicle built as part of a public-private partnership (between SpaceX and NASA) took off into space. This development was transformational because it brought the world one […] | |||
|
2021-01-28 14:00:00 | What You Need to Know About Scam Text Messages in 2021 (lien direct) | The threat of scam text messages may now seem distant, even quaint. With all the new, exotic and sophisticated attacks that have arisen in the past decade, surely text message attacks are low on the list. But, they can still be a big problem. Short message service (SMS) scams are social engineering attacks that work […] | Threat | ||
|
2021-01-27 14:00:00 | How is Enterprise Security Like Writing a Novel? (lien direct) | Pen, paper and ink alone do not make a novel. In the same way, anti-malware, firewalls and SIEM tools alone do not make an enterprise secure. Too many organizations think that buying lots of security solutions and deploying them will make them secure. However, just having a security tool running does not make an enterprise […] | Tool | ||
|
2021-01-26 13:00:00 | TrickBot\'s Survival Instinct Prevails - What\'s Different About the TrickBoot Version? (lien direct) | October 2020 saw the TrickBot Trojan, a prominent cybercrime gang’s tool of choice, suffer a takedown attempt by security vendors and law enforcement. Unfortunately, the takedown was not effective, and beyond coming back to life shortly after, TrickBot’s operators released a new and more persistent version of the malware. In this post, IBM Trusteer examines […] | Tool | ||
|
2021-01-25 13:00:00 | Credential Stuffing: AI\'s Role in Slaying a Hydra (lien direct) | One data breach can lead to another. Because so much of the data stolen in breaches ends up for sale on the dark web, a threat actor can purchase authentication credentials — the emails and passwords — of the organization’s employees without having to steal them directly. With that information in hand, threat actors have […] | Data Breach Threat Guideline | ||
|
2021-01-19 23:04:42 | For Attackers, Home is Where the Hideout Is (lien direct) | Remember the good ol’ days of playing hide-and-seek? It’s hard to forget the rush of finding the perfect hiding place. I remember crouching into a tiny ball behind the clothes hanging in my mother’s closet, or standing frozen like a statue behind the curtain of our living room window. While it was “just a game” […] | |||
|
2021-01-19 14:00:00 | QR Code Security: What You Need to Know Today (lien direct) | QR codes are very common today, enough so that attackers are discovering ways of using them for profit. How can QR codes be used this way, and what can you do to boost QR code security and protect against these scams? What Are QR Codes Used For? QR codes — short for “quick response codes” […] | ★★ | ||
|
2021-01-15 20:00:00 | Managing Cybersecurity Costs: Bake These Ingredients Into Your Annual Budget (lien direct) | As businesses across all industries evolve, once discretionary expenses become operating costs. Insurance coverage, for example, is pretty much ‘a must’ across many industries. The latest may be cybersecurity costs, because protecting your most important currency, information, requires ongoing attention. When looking at your cybersecurity budget, factor in every part of the recipe. What are […] | |||
|
2021-01-15 18:00:00 | Misconfigurations: A Hidden but Preventable Threat to Cloud Data (lien direct) | Working in the cloud has many advantages. But to handle your information safely, you should know how to defend against the common problem of misconfigurations leaving cloud data open to thieves. What are the Benefits of Cloud Computing? Many groups are expanding their use of the cloud. In November 2019, Gartner announced its prediction that […] | Threat | ★★ | |
|
2021-01-14 22:00:00 | 5 Cybersecurity Best Practices For Planning Ahead (lien direct) | Putting best practices in place is the most efficient way to combat cybersecurity threats. But that’s easier said than done, as there are a lot of forces working against our best efforts. The talent shortage looms the largest; there simply aren’t enough qualified cybersecurity experts out there to provide organizations a strong foundation. Without a […] | ★★★★★ | ||
|
2021-01-14 21:30:00 | Preparing a Client Environment for Threat Management (lien direct) | A key part of making any threat management program successful is ensuring it maps properly to the client’s needs. In the past, this has been challenging for many groups providing threat management to their internal teams. The challenge has largely been in making sure the proposed program and the suite of solutions find and call […] | Threat | ||
|
2021-01-12 14:00:00 | Peaks and Valleys: The Mental Health Side of Cybersecurity Risk Management (lien direct) | There is one risk cybersecurity experts often overlook: burnout. We can build on threat detection and incident response capabilities and use cybersecurity risk management frameworks, such as NIST CSF, to improve our overall risk posture all we want without ever looking inward. Because burnout is internal, we may not always see it. But left unmanaged, it can […] | Threat | ||
|
2021-01-11 23:00:00 | What is STRIDE and How Does It Anticipate Cyberattacks? (lien direct) | STRIDE threat modeling is an important tool in a security expert’s arsenal. Threat modeling provides security teams with a practical framework for dealing with a threat. For example, the STRIDE model offers a proven methodology of next steps. It can suggest what defenses to include, the likely attacker’s profile, likely attack vectors and the assets […] | Tool Threat | ||
|
2021-01-11 18:00:00 | Cybersecurity for Healthcare: Addressing Medical Image Privacy (lien direct) | Medical imaging devices have greatly improved patient care and become a critical part of modern medical treatment. But, these devices weren’t always connected in ways they are today. Today’s tools are digital, networked with other devices and can be reached through a computer workstation. As such, more cyber threats can pose harm. So how can […] | |||
|
2021-01-08 19:30:00 | Cybersecurity Ethics: Establishing a Code for Your SOC (lien direct) | Since security intersects so much with privacy, cybersecurity ethics decisions should be on your mind at work. Being part of a high-performing computer security incident response team (CSIRT) or security operations center (SOC) involves making big, intentional decisions. Increasing the maturity of your team is more than dropping a bag of shiny new tools and technology […] | ★★★★ | ||
|
2021-01-08 14:00:00 | How Working From Home Has Changed Cybersecurity Awareness Training (lien direct) | Some of the most surprising news coming out of 2020 — a year when it seemed like there was a major breaking story every day — is the number of data breaches decreased during the first nine months of the year. This is the exact opposite of what experts expected. The security concerns as millions […] | ★★ | ||
|
2021-01-07 20:00:00 | Why Red Team Testing Rules the Cloud (lien direct) | Red team testing is a key way to help prevent data breaches today. Most cyber defense focuses on spotting openings and fixing general risks in your environment. Red teaming not only reduces risks, but also prevents possible breaches. Methods, such as threat modeling, static analysis and dynamic testing, reduce the attack surface but do not […] | Threat | ||
|
2021-01-07 18:30:00 | Biometrics: Choosing the Right Option for Your Security (lien direct) | Do you know who your customers are? Not their demographics, but each customer as they enter your online portal and provide their name, address and credit card number. Or, what about the customer who requests the right to be forgotten and have personal information deleted from your system? Identity verification is required in many, if […] | ★★★★ | ||
|
2021-01-05 18:00:00 | How to Make Personalized Marketing Effective With Consumer Identity Programs (lien direct) | Everyone is fighting for the attention of potential customers. It’s the work you’ve done; the creative energy expended by your team; and the amount of time your group spent just to get the right people to visit your website or mobile app. After all that sweat and toil, you don’t want to lose your customers […] | ★★★★ | ||
|
2021-01-04 16:24:56 | Best Practices for Securing Modern Data Architecture (lien direct) | Today’s cloud-native data management platforms can help businesses unlock the potential of their data. These modern data management and storage platforms are designed to deliver lean, high-performance architecture for agile application teams to ensure solid business outcomes, such as rapid time to market. Modern platforms, built for the cloud and in the cloud, offer benefits […] | ★★★ | ||
|
2020-12-26 14:00:00 | \'Tis the Season for Nonprofit Cybersecurity Risks to Reach New Heights (lien direct) | The period between Christmas and New Year’s Day has long been the time people give to charities the most, making the charities themselves attractive targets for cyber criminals. Because the events of 2020 will likely boost existing trends, nonprofit cybersecurity challenges may be greater than ever this year — even as groups find themselves with […] | |||
|
2020-12-23 12:00:00 | 5 IoT Threats To Look Out for in 2021 (lien direct) | As we bring 2020 to a close, it’s time to look at 2021 and a new chapter in the book of cybersecurity. While there are no doubt a multitude of possible attacks, here are six types of attacks that are becoming more popular and more common among attackers using Internet of things (IoT) threats. 1. […] | |||
|
2020-12-22 21:00:00 | Cybersecurity Trends: Keeping Up With 2020\'s \'New Normal\' (lien direct) | This year has seen major changes in cybersecurity trends. At times, 2020 seems to have come and gone in a flash. For many, it has dragged on for what seems to be years and years. Data breaches, new threats to education, the new normal of working from home (WFH), new malware styles and pandemic-related attacks […] | Malware | ||
|
2020-12-22 19:00:00 | 7 Cybersecurity Tools On Our Holiday Wish List (lien direct) | The holiday season is upon us. After a difficult year, and facing an even more challenging year ahead, digital defense experts don’t have visions of sugar plums dancing in their heads. Instead, they dream of cybersecurity tools and other resources to help them cope with a wild threat landscape. Here’s our ultimate holiday wish list. […] | Threat | ||
|
2020-12-18 13:00:00 | How to Not Fall for a Charity Scam This Holiday Season (lien direct) | This holiday season, many people will turn to charities to give back. The last thing they want to do is give money to scammers instead of a cause they truly support. According to the FBI’s website, charity fraud rises during the holidays, when people choose to make end-of-year tax deductible gifts. “Seasonal charity scams can […] | |||
|
2020-12-17 11:00:00 | Fully Homomorphic Encryption: Unlocking the Value of Sensitive Data While Preserving Privacy (lien direct) | They come in the mail — ominous-looking envelopes that are devoid of branding and obvious marketing embellishments. Plain white, marked with often-unrecognizable return addresses, and relatively thin — the contents of which will spoil your day and cause you to lose yet a bit more faith in humanity. No, it’s not a tax bill; rather, […] | ★★ | ||
|
2020-12-16 23:51:14 | Update on Widespread Supply-Chain Compromise (lien direct) | SolarWinds has announced a cyberattack on its systems that compromised specific versions of the SolarWinds Orion Platform, a widely used network management tool. SolarWinds reports that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by a nation state, but it has not, to date, independently verified the […] | ★★★★ | ||
|
2020-12-16 14:00:00 | E-Commerce Skimming is the New POS Malware (lien direct) | As the holiday shopping season shifts into high gear, the COVID-19 pandemic is accelerating an ongoing trend: shoppers are opting to buy online. Rather than flooding brick-and-mortar stores — and point-of-sale (POS) machines — with sales, studies suggest a high percentage of shoppers in 2020 will be using online options and e-commerce checkout pages. And, those checkout […] | Malware Studies | ||
|
2020-12-15 20:00:00 | IBM Trusteer Exposes Massive Fraud Operation Facilitated by Evil Mobile Emulator Farms (lien direct) | IBM Security Trusteer’s mobile security research team has recently discovered a major mobile banking fraud operation that managed to steal millions of dollars from financial institutions in Europe and the US within a matter of days in each attack before being intercepted and halted. This is the work of a professional and organized gang that […] | ★★★★ | ||
|
2020-12-11 20:00:37 | Security Management: Why Companies Need a Unified Cloud Platform (lien direct) | We must adapt the way we secure data to today’s needs. Working from home has increased, forcing entities and their employees to rely more on virtual private networks (VPNs), work with their security operations center (SOC) colleagues remotely and give more attention to data protection. The global pandemic has sped up emerging trends in IT and […] | |||
|
2020-12-10 11:00:00 | How Open Security Can Make Threat Management More Efficient (lien direct) | Security operations center (SOC) teams struggle with an array of challenges. Too many tools can make the work too complex; and recruiting and retaining personnel can be hard amidst a skills shortage. Experts need to focus on using their skills to their fullest. But, an open approach can improve threat management in a way that […] | Threat | ||
|
2020-12-09 21:35:04 | A Reminder to Stay Vigilant (lien direct) | This year has been a challenging one for organizations that faced data breaches, intrusions and ransomware attacks at the hands of cyber criminals and nation-state attackers. Cybersecurity firm FireEye announced on Dec. 8, 2020, that an adversary targeted and gained unauthorized access to its Red Team tools — an important call to every company to […] | Ransomware | ||
|
2020-12-09 18:06:37 | Data Visibility and Management When Selecting or Working with an MSSP (lien direct) | Hybrid and multicloud solutions have created and will continue to offer great benefits for businesses. However, this means security experts will need to pay even more attention to the cloud as we move into the next several decades. Data visibility and management are key elements to watch when working with a managed security service provider (MSSP). […] | |||
|
2020-12-08 21:30:00 | Simplify Data Encryption With Key Management (lien direct) | Many people already know data encryption can help secure sensitive business data. But, because organizations have adopted it so widely, IT and security teams now must manage growing numbers and types of encryption keys. Each key may belong to a different data storage device with built-in data encryption and database management systems. Others may belong to […] | |||
|
2020-12-08 18:00:32 | Break Down Walls in the SOC for Better Data Security (lien direct) | Data provides businesses the edge they need to unlock their full potential. In turn, employees seek access to data to drive better customer outcomes, become more efficient and increase profits. As these demands for access increase, so too does the need for matching data security controls. It is a strategic imperative for modern businesses to […] | |||
|
2020-12-08 15:00:00 | Data Encryption: Simplifying Enterprise Key Management (lien direct) | Data encryption can help prevent malicious users and rogue processes from taking control of sensitive data. According to the 2020 Cost of a Data Breach report, the use of encryption is a top factor in reducing that cost. But, encrypted data is only as safe as the encryption keys. The IT or security teams must carefully manage […] | Data Breach | ||
|
2020-12-08 13:00:00 | SIEM Security Myths Debunked: SOC Hero or Zero? (lien direct) | Security information and event management (SIEM) is still integral to digital security. However, newer entrants to the market claim SIEM as we know it is dead. If this sounds familiar, you may remember the infamous statement in 2015 by the chief information security officer (CISO) of RSA, Eddie Schwartz, that SIEM was dead. It seems […] | |||
|
2020-12-07 18:00:28 | How to Transform From DevOps to DevSecOps (lien direct) | DevOps is a mindset as well as a business tactic. It’s a cultural shift that merges operations with development and employs a linked toolchain to create change. In turn, DevSecOps seeks to merge security into DevOps. This can be helpful for a business seeking both rapid and secure growth. Transforming your DevOps to DevSecOps can […] | |||
|
2020-12-03 18:00:00 | (Déjà vu) Reaching Strategic Outcomes With An MDR Provider: Part 3 (lien direct) | This is the third in a five-part blog series on managed detection and response as it drives strategic security outcomes for businesses. In this multipart blog series, we’re exploring how effective managed detection and response (MDR) services help organizations achieve their goals. MDR services can lead to four key strategic security outcomes: Align your security strategy […] | Guideline | ||
|
2020-12-03 12:00:00 | 5 Ways to Accelerate Security Confidence for AWS Cloud (lien direct) | Today’s cloud services customers are looking beyond the basic benefits of the cloud, such as ease of scale and payment options. Now, they want the cloud to keep their business evolving and improve customer experience to help them compete. Amazon Web Services (AWS) Cloud security is often seen as getting in the way of these […] | |||
|
2020-12-03 11:00:00 | IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain (lien direct) | At the onset of the COVID-19 pandemic, IBM Security X-Force created a threat intelligence task force dedicated to tracking down COVID-19 cyber threats against organizations that are keeping the vaccine supply chain moving. As part of these efforts, our team recently uncovered a global phishing campaign targeting organizations associated with a COVID-19 cold chain. The cold […] | Threat | ||
|
2020-12-02 13:33:40 | Why You Might Need to Outsource Your Privileged Access Management Program (lien direct) | The crown jewels of cybercrime are the level of access privileged users have to your company’s most critical data and assets. Therefore, monitoring them with a Privileged Access Management (PAM) program is key. After all, with this access in hand, threat actors can quickly and easily breach your systems, expand their privileges and do what […] | Threat | ||
|
2020-12-01 11:00:00 | SIEM Trends: What to Look for in a Security Analytics Provider (lien direct) | The authors of The Forrester Wave™ turn to a quote from ‘The Empire Strikes Back’ to sum up the direction of SIEM: “You truly belong here with us among the clouds.” Sticking with ‘Star Wars’ for guidance, we might also find some truth in ‘The Phantom Menace’: “You can’t stop change, any more than you […] | |||
|
2020-12-01 11:00:00 | The Future of Cybersecurity: How to Prepare for a Crisis in 2020 and Beyond (lien direct) | When it comes to the future of cybersecurity, an ounce of prevention is worth far more than a pound of cure. According to the Ponemon Institute and IBM Security’s 2020 Cost of a Data Breach Report, enterprises that designated an incident response (IR) team, developed a cybersecurity incident response plan (CSIRP) and tested their plan […] | Data Breach | ||
|
2020-11-30 16:00:00 | Improving Data Security in Schools Part 1: Hybrid Learning (lien direct) | This is the first piece in a series about education security challenges in 2020-2021. Education has been an underrated and understated hotbed for cybersecurity threats. School officials and security teams are tasked with not only protecting the personally identifiable information (PII) of students, faculty, staff, consultants and contractors, but also their health and financial data. […] | |||
|
2020-11-30 14:00:00 | Chaos Engineering: Building the Next Generation of Cyber Ranges (lien direct) | In one of our past posts on the same subject, we discussed how to apply chaos engineering principles to cyber war-games and team simulation exercises in broad brush strokes. In short, ‘chaos engineering’ is the discipline of working and experimenting with new features and changes on a system that’s already in live production. The purpose […] |
To see everything:
Our RSS (filtrered)
