What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-16 13:00:00 | Looking for Cyber Insurance? Know Your Eligibility (lien direct) | >Before leaving on an extended (and expensive) vacation, I bought travel insurance. I wanted to protect myself in case I or my traveling partner tested positive for COVID-19. I had to answer a number of questions about my eligibility for such insurance before they would approve me. Nor did the insurance come cheap, but I […] | ★★ | ||
|
2022-06-15 16:00:00 | Cloud Native Application Protection Platform: A Utility Knife for Cloud Security Services (lien direct) | >Does the world need another acronym? Probably not. But it seems like one is born every day in the cybersecurity market. As a tradeoff for the brain power to recall their cryptic meanings, we should at least expect progress on the technology front. We have seen this before. With all that’s happened in the last […] | ★★★★★ | ||
|
2022-06-14 13:00:00 | How to Become World Class at Cyber Hygiene (lien direct) | >In a recent podcast from England Rugby Union coach Eddie Jones, he made reference to the adage about trying to be “world-class at things that require zero effort.” Relating that adage to the work environment, people can become world-class in some ways that require ‘zero effort’: Being on time for online meetings Paying attention […] | |||
|
2022-06-13 13:00:00 | How to Make Business Practices That Support Cybersecurity Response (lien direct) | >Scottish author Robert Burns wrote in the poem “To a Mouse,” “The best-laid schemes o’ mice an’ men. Gang aft a-gley.” You may better know the saying in its more common form, “The best-laid plans of mice and men often go awry.” This saying may resonate with incident responders, business continuity planners and crisis managers. […] | |||
|
2022-06-09 13:00:00 | One Size Does Not Fit All Organizations (lien direct) | >Often, when you read about cybersecurity, the advice appears to be ‘one size fits all’. People recommend the same things, regardless of if the business is two people in a home office or a global group with 100,000 employees. In some ways, the underlying concepts of cybersecurity are the same for all companies. However, the […] | |||
|
2022-06-08 01:26:57 | What TrickBot tells us about the future of (lien direct) | >What TrickBot tells us about the future of malware Malware attackers are increasingly sophisticated. Here’s what to know On TrickBot and the future of malware Malware threats have plagued organizations for decades, but that’s no reason to be complacent with a security strategy that has to date protected your organization. Now more than ever, malware is […] | Malware Threat | ||
|
2022-06-08 01:24:21 | Why Phishing Is Still the Top Attack Method (lien direct) | >Attackers are known to pore over a company’s website and social channels. Perhaps they spot a mention of an upcoming charity event. Who runs the charity? What does their email signature look like? What’s the color and size of the charity’s logo? This kind of information is priceless to attackers. From there, attackers can craft […] | |||
|
2022-06-07 13:00:00 | How to Create Identity and Access Governance In and Across Clouds (lien direct) | >In March 2021, we posted a three-part series about whether cloud-native identity and access management (IAM) controls are good enough for an enterprise. Many of the points we raised at that time are still valid. However, the industry has developed and learned a lot since then. More companies and analysts now recognize cloud identity and […] | |||
|
2022-06-06 16:00:00 | IBM to Acquire Randori, Transforming How Clients Manage Risk with Attack Surface Management (lien direct) | >Organizations today are faced with defending a complex technology landscape — with cyberattacks targeted at constantly changing cloud, distributed, and on-premises environments. Often escaping security scans and periodic assessments, these changes represent windows of opportunities for attackers looking to bypass defenses. While there always have — and always will be — unknown risks, having a […] | |||
|
2022-06-06 13:00:00 | Real Security Concerns Are Scarier Than Doomsday Predictions (lien direct) | >The metaverse, artificial intelligence (AI) run amok, the singularity … many far-out situations have become a dinner-table conversation. Will AI take over the world? Will you one day have a computer chip in your brain? These science fiction ideas may never come to fruition, but some do point to existing security risks. While nobody can […] | |||
|
2022-06-02 13:00:00 | Recovering Ransom Payments: Is This the End of Ransomware? (lien direct) | >What’s the best way to stop ransomware? Make it riskier and less lucrative for cyber criminals. Nearly all intruders prefer to collect a ransom in cryptocurrency. But it’s a double-edged sword since even crypto leaves a money trail. Recovering ransomware payouts could lead to a sharp decline in exploits. Ransomware is still today’s top attack […] | Ransomware Guideline | ||
|
2022-06-01 10:00:00 | Countdown to Ransomware: Analysis of Ransomware Attack Timelines (lien direct) | >This research was made possible through the data collection efforts of Maleesha Perera, Joffrin Alexander, and Alana Quinones Garcia. Key Highlights The average duration of an enterprise ransomware attack reduced 94.34% between 2019 and 2021: 2019: 2+ months — The TrickBot (initial access) to Ryuk (deployment) attack path resulted in a 90% increase in ransomware […] | Ransomware | ||
|
2022-05-31 13:00:00 | To Retain Cybersecurity Employees, Know What Drives Them (lien direct) | >COVID-19 may have given cybersecurity talent retention an artificial prop up over the last two years. For example, job satisfaction was on a downward trend from 2018 to 2019, but with the pandemic came a plateau in 2020 and 2021. Was the plateau due to newfound satisfaction or were there other factors, such as economic […] | |||
|
2022-05-26 17:30:00 | Black Basta Besting Your Network? (lien direct) | >This post was written with contributions from Chris Caridi and Kat Weinberger. IBM Security X-Force has been tracking the activity of Black Basta, a new ransomware group that first appeared in April 2022. To date, this group has claimed attribution of 29 different victims across multiple industries using a double extortion strategy where the attackers […] | Ransomware | ||
|
2022-05-26 13:00:00 | Lessons Learned by 2022 Cyberattacks: X-Force Threat Intelligence Report (lien direct) | >Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: […] | Malware Threat | ||
|
2022-05-24 13:00:00 | Cybersecurity Tips for a Safer Vacation (lien direct) | >The beauty of having different climates around the world is that there is always somewhere we can travel for leisure all year round. These are times when we tend to relax and let our guard down. The reality, though, is that cyber crime knows no vacation. Attackers are relentless and are always on the lookout […] | |||
|
2022-05-23 13:00:00 | How to Respond to Non-Malicious Data Breaches (lien direct) | >It’s easy to assume most, if not all, data breaches are malicious. Surely, attackers strike on purpose. However, almost two-thirds of data breaches start from mistakes, not an intent to cause harm. According to the Cost of Insider Threats Report from Ponemon, negligent employees create around 62% of security incidents, costing an average of $307,111 […] | Threat | ||
|
2022-05-19 13:00:00 | Malicious Reconnaissance: What It Is and How To Stop It (lien direct) | >You spend your days getting ready to stop threat actors. But even as you wonder, attackers could already be ‘casing the joint’. Before any well-organized attack, skillful or professional attackers quietly snoop around, looking for chances to gain access. It’s called malicious reconnaissance — the unauthorized active monitoring or probing of any information system to […] | Threat | ||
|
2022-05-19 10:00:00 | ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups (lien direct) | >IBM Security X-Force researchers have continually analyzed the use of several crypters developed by the cybercriminal group ITG23, also known as Wizard Spider, DEV-0193, or simply the “Trickbot Group”. The results of this research, along with evidence gained from the disclosure of internal ITG23 chat logs (“Contileaks”), provide new insight into the connections and cooperation […] | |||
|
2022-05-17 13:00:00 | How Dangerous Is the Cyber Attack Risk to Transportation? (lien direct) | >If an attacker breaches a transit agency’s systems, the impact could reach far beyond server downtime or leaked emails. Imagine an attack against a transportation authority that manages train and subway routes. The results could be terrible. Between June of 2020 and June of 2021, the transportation industry witnessed a 186% increase in weekly ransomware […] | Ransomware | ||
|
2022-05-16 13:00:00 | Avoiding the Unintended Consequences of Strict Cybersecurity Policies (lien direct) | >Does the left hand know what the right hand is doing? Or does even the left pinky know what the left ring finger is doing? Problems can easily arise when policies, including cybersecurity ones, end up being out of sync with business, technical, legal or regulatory requirements. The situation becomes even more severe when policy […] | |||
|
2022-05-12 13:00:00 | 62% of Surveyed Organizations Hit By Supply Chain Attacks in 2021 (lien direct) | You’ve heard more about the supply chain in the past two years than you ever expected, or likely wanted. But, as a cybersecurity professional, you now have even more reason to pay attention besides not being able to get your favorite products at the grocery store. The apps used to develop software and run the […] | ★★ | ||
|
2022-05-09 13:00:00 | New DOJ Team Focuses on Ransomware and Cryptocurrency Crime (lien direct) | While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence […] | Ransomware Threat | ★★★ | |
|
2022-05-06 13:00:00 | The Growing Danger of Data Exfiltration by Third-Party Web Scripts (lien direct) | The theft of personal or sensitive data is one of the biggest threats to online business. This danger, data exfiltration or data extrusion, comes from a wide variety of attack vectors. These include physical theft of devices, insider attacks within a corporate network and phishing, malware or third-party scripts. The risk for regular website users […] | Malware | ★★★★ | |
|
2022-05-05 16:00:00 | Modern Identity and Access Management Makes a Difference, Especially at a Mega-Scale (lien direct) | As businesses embrace more remote users and a hybrid work model, managing user identity and access is more important than ever. Add authentication for millions of third parties and non-employees, and thousands of applications and IoT devices to the mix and you start to understand how important identity and access management (IAM) is. What Exactly […] | |||
|
2022-05-05 15:35:00 | X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021 (lien direct) | From 2020 to 2021, there was a 33% increase in the number of reported incidents caused by vulnerability exploitation, according to the 2022 X-Force Threat Intelligence Index. A large percentage of these exploited vulnerabilities were newly discovered; in fact, four out of the top five vulnerabilities in 2021 were newer vulnerabilities. Vulnerability exploitation was the […] | Vulnerability Threat | ||
|
2022-05-04 12:00:00 | One Small Error by DevOps, One Giant Opening for Attackers (lien direct) | When you look at breach statistics in today’s cloud-dominated IT world, you can see several examples where a small error made by the DevOps or CloudOps team has led to a tremendous impact on businesses’ reputations or, in some cases, their existence. Misconfigured AWS S3 buckets, poor password management on publicly exposed databases and secrets […] | |||
|
2022-05-03 13:00:00 | SEC Proposes New Cybersecurity Rules for Financial Services (lien direct) | Proposed new policies from the Securities and Exchange Commission (SEC) could spell changes for how financial services firms handle cybersecurity. On Feb. 9, the SEC voted to propose cybersecurity risk management policies for registered investment advisers, registered investment companies and business development companies (funds). Next, the proposal will go through a public comment period until […] | |||
|
2022-05-02 13:00:00 | Technologies Useful In the Pandemic Are Challenging Privacy Now (lien direct) | Your company likely made many quick decisions back in March 2020. As an IT leader, you provided the tools employees needed to stay productive while working remotely. It had to happen now or sooner. Your team made it possible for the business to continue moving forward during the pandemic. It was not easy. But you […] | Guideline | ||
|
2022-04-28 13:00:00 | What Are the Biggest Phishing Trends Today? (lien direct) | According to the 2022 X-Force Threat Intelligence Index, phishing was the most common way that cyber criminals got inside an organization. Typically, they do so to launch a much larger attack such as ransomware. The Index also found that phishing was used in 41% of the attacks that X-Force remediated in 2021. That’s a 33% […] | Threat | ||
|
2022-04-27 17:02:00 | Electron Application Attacks: No Vulnerability Required (lien direct) | While you may have never heard of “Electron applications,” you most likely use them. Electron technology is in many of today’s most popular applications, from streaming music to messaging to video conferencing applications. Under the hood, Electron is essentially a Google Chrome window, which developers can modify to look however they prefer. Since Chrome is […] | Vulnerability | ||
|
2022-04-27 14:30:00 | Putting Your SOC in the Hot Seat (lien direct) | Today’s Security Operations Centers (SOCs) are being stress-tested as never before. As the heart of any organization’s cybersecurity apparatus, SOCs are the first line of defense, running 24/7 operations to watch for alerts of attacks and appropriately address those alerts before they become all-out crises. Yet with ransomware attacks maintaining first place as the top […] | Ransomware | ||
|
2022-04-26 13:00:00 | 5 Data Security Challenges and How to Solve Them (lien direct) | Nearly two-thirds of the global population will have internet access by next year, according to Cisco’s Annual Internet Report (2018-2023) White Paper. There will be 5.3 billion total internet users (66% of the global population) by 2023, up from 3.9 billion (51% of the global population) in 2018. With this growth in internet usage, […] | |||
|
2022-04-26 12:00:00 | Hive0117 Continues Fileless Malware Delivery in Eastern Europe (lien direct) | Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman. The campaign masquerades as official communications from the Russian Government’s Federal Bailiffs Service, the Russian-language emails […] | Malware | ||
|
2022-04-25 15:30:00 | Solving the Data Problem Within Incident Response (lien direct) | One of the underappreciated aspects of incident response (IR) is that it often starts as a data problem. In many cases, IR teams are presented with an effect such as malware or adversary activity and charged with determining the cause through the identification of evidence that ties the cause and effect together within an environment […] | Malware | ||
|
2022-04-25 13:00:00 | QR Code Security: How Your Business Can Use Them Responsibly (lien direct) | The Coinbase Super Bowl ad sparked several conversations in my family. My son in college used the QR code to sign up to buy cryptocurrency, something he had been interested in for a while. My mother-in-law mistakenly scanned the code wondering what she could get for free. My husband scanned the code to get more […] | |||
|
2022-04-22 20:00:00 | Cybersecurity for a More Sustainable Future (lien direct) | As we celebrate Earth Day 2022, companies around the world, including IBM, are continuing broad investment in efforts to combat climate change and strive to bring new ideas to the world in support of sustainability and to make the world a better place for future generations. While the connection between cybersecurity and the environment is […] | |||
|
2022-04-21 21:30:00 | Building the CASE for the Vehicle Security Operations Center (lien direct) | This post was written with contributions from IBM Security’s Rob Dyson, Preston Futrell and Brett Drummond. Let’s explore a day in the life of a vehicle security operations center (VSOC). An autonomous vehicle is transporting passengers to their destination. Inside the vehicle, they are patiently waiting to arrive at their destination and, in the meantime, […] | |||
|
2022-04-21 13:00:00 | Remote Work Makes it More Important Than Ever to Trust Zero Trust (lien direct) | The remote work era makes the zero trust model critical for most businesses. The time has come to use it. But first, let’s understand what it really is and why the hybrid and remote work trend makes it all but mandatory. What Is Zero Trust? Zero trust is not a product or a service, but […] | |||
|
2022-04-19 13:00:00 | Top Security Concerns When Accepting Crypto Payment (lien direct) | From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency. Still, many […] | |||
|
2022-04-18 13:00:00 | The Next Frontier for Data Security: Protecting Data in Use (lien direct) | Tremendous progress has been made over the last several years to protect sensitive data in transit and in storage. But sensitive data may still be vulnerable when it is in use. For example, consider transparent database encryption (TDE). While TDE ensures sensitive data is protected in storage, that same sensitive data must be stored in […] | |||
|
2022-04-14 13:00:00 | How to Protect Your Intellectual Property in the Metaverse (lien direct) | Will people ever live in a digital world 24/7? Nobody knows for sure, but the metaverse is certainly expanding rapidly. As the world dives deeper into the digital realm, companies need guidance on how to protect their assets and intellectual property (IP). Consider that the top 10 most expensive NFTs in the world all sold […] | |||
|
2022-04-13 10:00:00 | Where Everything Old is New Again: Operational Technology and Ghost of Malware Past (lien direct) | This post was written with contributions from IBM Security’s Sameer Koranne and Elias Andre Carabaguiaz Gonzalez. Operational technology (OT) — the networks that control industrial control system processes — face a more complex challenge than their IT counterparts when it comes to updating operating systems and software to avoid known vulnerabilities. In some cases, implementation […] | Malware | ★★★★★ | |
|
2022-04-12 17:00:00 | Your Best Cyber Defense Against Ransomware and More? Understanding Your Enemy (lien direct) | From calculators to cloud to quantum, computing has changed the lives of billions of people for the better. But just as innovation can be a force for good, it can also help cyber criminals. Are you protecting your assets with end-to-end encryption? So are the criminals. Are you managing a distributed workforce with collaboration tools? […] | Ransomware | ||
|
2022-04-12 16:00:00 | Switching to 5G? Know Your Integrated Security Controls (lien direct) | 5G is a big leap in mobile technology. It presents enterprises and service providers with capabilities for advanced applications, content delivery and digital engagement anywhere. It enables businesses with new use cases and integrated security needs to have a trusted network and application/data delivery function. How does one build a secure 5G network that provides […] | |||
|
2022-04-12 13:00:00 | What Online Gaming Cheats Teach Us About Cybersecurity (lien direct) | When you play a video game, you probably want to win, or at least show off real skill. Cheaters make it a lot less fun, according to a recent Irdeto Global Gaming Survey. It says 60% of all online video game players across the globe have had their gaming time negatively impacted by cheaters. These […] | |||
|
2022-04-11 12:00:00 | How Native Security Controls Fit Into Today\'s Hybrid Multicloud Environments (lien direct) | Corporate clients and cloud service providers (CSPs) are both responsible for cloud security. Clients remain accountable for governance and compliance. However, their other duties will vary depending upon the type of cloud deployment. What can cloud-native security controls do for your business? What can’t they do? When should you consider using them? CSPs have created native […] | |||
|
2022-04-07 13:00:00 | Which Third-Party Messenger App Is Best for Secure Business? (lien direct) | In October 2021, Facebook (now Meta), and all its platforms (Instagram, WhatsApp and Messenger) shut down across the globe for up to six hours, leaving billions without a messaging service. While Facebook engineers scrambled to fix the problem, users pivoted to other apps to stay connected. In the wake of the outage, Telegram added 70 […] | |||
|
2022-04-06 13:00:00 | NFT Security Risks: Old Scams and New Tricks (lien direct) | The non-fungible token (NFT) boom has also led to some serious security incidents. For example, the number of suspicious-looking domain registrations with names of NFT stores increased nearly 300% in March 2021. To participate in an NFT marketplace, you must have an active cryptocurrency wallet. This exposes NFT holders to new risks as attackers can […] | |||
|
2022-04-05 13:00:00 | It\'s 2022: Do You Know Where Your Sensitive Data Is? (lien direct) | Looking at recent breaches and scandals, it’s not a mystery why organizations put a premium on good data security and governance practices. Yet, there is one aspect of data security and data governance that proves elusive. Sure, organizations have data activity monitoring (DAM) solutions, extended detection and response (XDR) tools, governance programs run by their […] |
To see everything:
Our RSS (filtrered)
