What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-29 17:00:00 | How the Rise in Cyberattacks Is Changing Consumer Behavior (lien direct) | If a store you visit often suffers a cyberattack, you might feel like someone went through your wallet. This kind of attack or data breach, and this kind of feeling, isn’t new. The growing frequency, cost and impact of cyberattacks are new — and consumers notice. Consumers are more aware of attacks than ever before. […] | |||
|
2021-11-29 14:00:00 | What the SEC Requires From Businesses After a Data Breach (lien direct) | Consumers have become wary of data breaches and the decreased safety of their personal information. However, the cost of a data breach is no longer only a matter of money and your company’s good name. There is now a third critical reason to pay attention: the U.S. Securities and Exchange Commission — more commonly referred […] | Data Breach | ||
|
2021-11-24 17:00:00 | Proposed Bill Would Require Public Disclosure of Ransomware Payments (lien direct) | Two U.S. congresswomen introduced a bill that would require ransomware victims to publicly disclose ransom payments to the federal government. Introducing the ‘Ransom Disclosure Act’ In early October, Senator Elizabeth Warren (D-Mass.) and Representative Deborah Ross (D-N.C.) introduced a bill for the Ransom Disclosure Act. Senator Warren said the bill has two main goals. First, […] | Ransomware | ||
|
2021-11-24 14:00:00 | Hospital Ransomware Attacks Go Beyond Health Care Data (lien direct) | The health care industry has been on the front lines a lot lately. Along with helping control the effects of COVID-19, it has been a prime target for ransomware. In a 2021 survey conducted of 597 health delivery organizations (HDOs), 42% had faced two ransomware attacks in the past couple of years. Over a third […] | Ransomware | ||
|
2021-11-23 14:00:00 | IoT Security: Are Personal Devices Dragging Your Work Network Down? (lien direct) | How many connected devices have you added to your household since March 2020? Be sure to count fitness trackers, speakers, gaming machines and even your Tesla, if there’s one in your driveway. Were you one of the many people who waited months for a Peloton? Don’t overlook your new bike. Now add in all your […] | ★★ | ||
|
2021-11-22 17:00:00 | A Journey in Organizational Resilience: Insider Threats (lien direct) | Very much like privacy concerns, insider threats may not be the first issue to come to mind when building an enterprise cyber resilience plan. However, they should be. Here is why: because as we noted in the first piece of this series, you want to be able to bend while others break. An insider threat […] | Threat | ||
|
2021-11-22 14:00:00 | The Cost of a Data Breach Goes Beyond the Bottom Line (lien direct) | How do you measure the cost of a company data breach? You could try asking those that have been attacked. The IBM Security Cost of a Data Breach Report 2021 did just that, and the numbers reveal some hard truths. For example, ransomware attacks cost an average of $4.62 million. These costs included escalation, notification, […] | Ransomware Data Breach | ||
|
2021-11-19 17:00:00 | Patch Management: Keep an Eye on App Software Updates (lien direct) | You likely use apps every day, from trivial games to important transactions like your banking. It can be easy to forget to update them. But all of the data flowing through those apps has an impact on security. It’s important to apply software updates and patch management best practices to them. At the beginning of […] | |||
|
2021-11-19 14:00:00 | How to Design IoT Security From the Ground Up (lien direct) | The Internet of Things (IoT) is a powerful boon to business. But it also represents a massive potential expansion of the cybersecurity attack surface. So far, IoT inclusion in many organizations has been poorly organized, haphazard and poorly planned. This needs to change. After all, IT security depends on IoT security. Why IoT Security Is […] | ★★★ | ||
|
2021-11-19 05:16:55 | Penetration Testing for Cloud-Based Apps: A Step-by-Step Guide (lien direct) | Although cloud providers offer more and more robust security controls, in the end, you’re the one who has to secure your company’s workloads in the cloud. According to the 2019 Cloud Security Report, the top cloud security challenges are data loss and data privacy, followed by compliance concerns, tied with worries about accidental exposure of […] | |||
|
2021-11-18 14:00:00 | Rising Cyber Insurance Premiums Highlight Importance of Ransomware Prevention (lien direct) | No insurance premiums saw greater growth in the second quarter of 2021 than those related to cybersecurity. According to the Council of Insurance Agents & Brokers, cyber insurance premiums grew more than a quarter (25.5%) during that period. That’s well above the 17.4% increase witnessed by umbrella insurance and an average of 8.3% growth across […] | Ransomware | ||
|
2021-11-17 14:00:00 | Top Cybersecurity Threats Around the Globe (lien direct) | Cybersecurity threats, risks and challenges vary a lot from one region to the next and one nation to the next. Targets vary based on local resources to exploit. Cyber criminals and nation-state attackers zero in on specific nations, companies and organizations for varying incentives. Of course, the COVID-19 pandemic exacerbated cybersecurity threats. Attackers might launch […] | |||
|
2021-11-16 17:00:00 | Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform (lien direct) | In an age where organizations have established a direct dependence on software to run critical business operations, it’s fundamental that they are evaluating their software development lifecycles and that of their extended environment — third-party partners — against the same standards. Concerns around vulnerability management are gaining more government attention around the world in order […] | Vulnerability | ||
|
2021-11-16 14:00:00 | Data Breach Pulse Check: On-Prem Database Security (lien direct) | A recent industry study analyzed 27,000 on-prem databases across the globe, with surprising findings. In far too many cases, on-premises database security is weak. The good news is that you can manage the risk to cut down on the chance of a data breach. Nearly half (46%) of internal data assets in the study had […] | ★★★★★ | ||
|
2021-11-15 14:00:00 | How Attackers Exploit the Remote Desktop Protocol (lien direct) | The Remote Desktop Protocol (RDP) is one of the most popular communication protocols for remotely controlling systems. RDP comes with all current Windows operating systems, and its graphical user interface makes it an easy-to-use remote access tool. In addition, Microsoft positions it as the default method to manage Azure virtual machines running Windows. It […] | |||
|
2021-11-12 14:00:00 | Non-Traditional Cybersecurity Career Paths: How to Find Your Own Way (lien direct) | In two previous blog posts, I shared the non-traditional cybersecurity career paths of more than a dozen professionals and how their previous life experiences shaped their security work. It’s been an honor helping to tell these individuals’ stories. We conclude this blog series with a final installment in which these same cybersecurity professionals share advice […] | |||
|
2021-11-11 14:00:00 | Roundup: Government Data Security Threats in 2021 (lien direct) | Government agencies are a prime target for cyber crime. Agencies hold so much diverse data about citizens — from passport information to social care data. In addition, many of them rely on the data security built for their outdated computer systems. So, cyber criminals often view government agencies as an easy mark. More concerning, public-sector […] | |||
|
2021-11-10 14:00:00 | Breach and Attack Simulation: Hack Yourself to a More Secure Future (lien direct) | Getting breached is the surest way to learn your organization’s cybersecurity vulnerabilities. And that’s why you need to hack yourself before threat actors do. A cyber breach and attack simulation, also called red teaming, is best to understand vulnerabilities in practice, rather than just theory. What can you do before, during and after a simulated […] | Hack Threat | ||
|
2021-11-09 14:00:00 | Designing a BYOD Approach for the Future (lien direct) | Bring-your-own-device (BYOD) policies were some of the many things that changed when the COVID-19 pandemic hit. A study from Palo Alto Networks by ONR found 60% of companies expanded their BYOD policies to help employees manage the shift to remote work at the beginning of the pandemic. However, the convenience that the new BYOD […] | |||
|
2021-11-09 11:00:00 | A New Cybersecurity Executive Order Puts the Heat on Critical Infrastructure Suppliers (lien direct) | Ransomware. Five years ago, the cybersecurity community knew that term well, although among others it was far from dinner table conversation. Times have changed. Since early 2020, ransomware has hit a slew of headlines. People inside and outside of the security industry are talking about it, and many have experienced the ransomware pain firsthand. The […] | Ransomware | ||
|
2021-11-08 17:00:00 | A Journey in Organizational Resilience: Supply Chain and Third Parties (lien direct) | The next stop on our journey focuses on those that you rely on: supply chains and third parties. Working with external partners can be difficult. But, there is a silver lining. Recent attacks have resulted in an industry wake-up call when it comes to cybersecurity resilience. You see, the purpose of using external partners is […] | ★★★★★ | ||
|
2021-11-08 14:00:00 | Zero Trust: What NIST\'s Guidelines Mean for Your Resources (lien direct) | In May, The White House released an executive order on improving the nation’s cybersecurity. The order came with various directives for Federal Civilian Executive Branch agencies. Among other efforts, the order focused on the federal government’s advance toward zero trust architecture (ZTA). It framed this journey as one “which shall incorporate, as appropriate, the migration […] | |||
|
2021-11-05 16:00:00 | How to Deal With Unpatched Software Vulnerabilities Right Now (lien direct) | According to the 2021 X-Force Threat Intelligence Index, scanning for and exploiting vulnerabilities was the top infection vector of 2020. Up to one in three data breaches stemmed from unpatched software vulnerabilities. Take a look at this list of vulnerabilities or design flaws with no official Microsoft fix. In any case, one in three might […] | Threat | ★★ | |
|
2021-11-05 13:00:00 | 6 Potential Long-Term Impacts of a Data Breach (lien direct) | A data breach can destroy a business. For small- and medium-sized businesses (SMB), this is really especially concerning, as 60% will shut down within six months of the attack. While larger companies and agencies likely won’t have to shut their doors, they, too, suffer serious consequences. There are financial costs, which Ponemon Institute and IBM […] | Data Breach | ||
|
2021-11-04 16:00:00 | Non-Traditional Cybersecurity Career Paths – One Experience Informs Another (lien direct) | In a previous article, I shared the stories of how more than a dozen cybersecurity professionals found their way into the industry. Their non-traditional cybersecurity career paths help to illustrate how personnel of all different education backgrounds and life experiences can become part of the same community. There’s no single certification, degree, qualification, job, age, […] | |||
|
2021-11-04 13:00:00 | Maritime Cybersecurity: A Rising Tide Lifts all Boats (lien direct) | Ports and ships — the maritime industry — are vital points in the global supply chain for food, medicine, consumer goods, fuel and many other products. Most of the world’s globally traded goods travel by sea. That’s why maritime security is key for supply chain security. Meanwhile, maritime cybersecurity faces threats at multiple places, including […] | |||
|
2021-11-03 13:00:00 | Report: Cost of a Data Breach in Energy and Utilities (lien direct) | On average, the cost of a data breach rose by 10% from 2020 to 2021. The energy industry ranked fifth in data breach costs, surpassed only by the health care, financial, pharmaceutical and technology verticals, according to the 17th annual Cost of a Data Breach Report. Some energy cybersecurity measures can help reduce the cost […] | Data Breach | ||
|
2021-11-03 10:00:00 | An Attack Against Time (lien direct) | When Liza Minnelli sang that famous tune, “Money makes the world go around,” she should have added one more word: time. Time makes the world go around. It’s that one agreed-upon part of life that the world shares. From laptops to phones to wall clocks to just about every other technology, time is everywhere, controlling […] | |||
|
2021-11-02 16:00:00 | Using Open-Source Intelligence for Mergers and Acquisitions (lien direct) | Mergers and acquisitions (M&A) have been challenging for IT and security teams for as long as businesses have relied on technology. Every company’s IT system is as unique as the company itself. Your business may run on commonly used tools and apps, and industry best practices to deploy and configure them. Nevertheless, these systems get […] | |||
|
2021-11-02 13:00:00 | Taking Threat Detection and Response to the Next Level with Open XDR (lien direct) | The challenges facing today’s security industry can easily be described as a perfect storm: increasingly sophisticated cyber attackers combined with the proliferation of security tools to cover an expanding attack surface driven by remote work and cloud adoption. These dynamics can lead to disconnected insights and data, putting even more pressure on the existing shortage […] | Threat Guideline | ||
|
2021-11-01 16:00:00 | A Journey in Organizational Resilience: Security by Design (lien direct) | Security by design is one of those concepts that happily goes hand in hand with resilience. Candidly, they were made for each other. The security by design methodology helps minimize some of the inherent risk we cannot do anything about. Building on a Tectonic Plate Consider for a moment you absolutely had to construct something […] | |||
|
2021-11-01 13:00:00 | What\'s New in the OWASP Top 10 2021? (lien direct) | In early September, we published a piece about the OWASP top 10. At that time, the most prominent vulnerabilities on the list had not yet changed. Soon after we posted the article, OWASP updated the list with three new categories. Four have name and scope changes. It also includes some notable reordering. After several years […] | ★★★★ | ||
|
2021-11-01 10:00:00 | From Thanos to Prometheus: When Ransomware Encryption Goes Wrong (lien direct) | IBM Security X-Force researchers have recently reverse-engineered Prometheus ransomware samples as part of ongoing incident response operations. X-Force has found that samples that infected organizational networks featured flawed encryption. This allowed our team to develop a fast-acting decryptor and help customers recover from the attack without a decryption key. While rare, ransomware developers can make […] | Ransomware | ||
|
2021-10-29 16:00:00 | 7 Ways to Improve Your Cybersecurity Team\'s Employee Satisfaction (lien direct) | Your organization depends on your cybersecurity team to keep its infrastructure and data secure. But this only happens when the employees you manage are engaged in their work. Many organizations see a high burnout rate among those in cybersecurity roles. It’s natural due to the stress and pressure that are an inherent part of the […] | |||
|
2021-10-29 13:00:00 | Remote Work Security: Handling Setbacks in the Time of COVID-19 (lien direct) | Most security experts, IT workers and leaders understand that the pandemic brought a decline in business and digital safety. A big part of that is the rush to get set up at home and establish remote work security. But why, exactly? It turns out that surprising factors degraded the security of the remote workforce. Let’s start […] | Guideline | ||
|
2021-10-28 19:00:00 | Identity and Access Management: What\'s Driving the Rush? (lien direct) | A recent Fortune Business Insights report projects that the global Identity and Access Management (IAM) market (valued at $9.53 billion in 2018) will reach $24.76 billion by the end of 2026, showing a CAGR of 13.17%. What’s behind this massive demand? In a nutshell, people don’t want their identities stolen. But the real drivers are […] | |||
|
2021-10-28 17:00:00 | 2021 Cyber Resilient Organization Study: Rise of Ransomware Shows the Need for Zero Trust and XDR (lien direct) | “How many millions did you pay threat actors in a ransomware attack?” “Which investments most significantly improved cyber resiliency for your organization?” “Do you have a cybersecurity incident response plan that’s applied consistently across your enterprise?” The answers to these and other key questions produced several notable findings in the latest 2021 Cyber Resilient Organization […] | Ransomware Threat | ★★★★ | |
|
2021-10-28 16:00:00 | How Shopping Bots Can Compromise Retail Cybersecurity (lien direct) | Online shopping bots are not new to the e-commerce world. Stores use bots to offer better customer service, but malicious bots can cause major harm to a business. These pose cybersecurity risks to e-commerce retailers and consumers alike. Some customers use shopping bots to execute automated tasks based on a set of instructions, such as […] | ★★ | ||
|
2021-10-28 13:00:00 | Roundup: 2021 Energy & Utility Data Breaches and Defenses in the News (lien direct) | Ransomware is evolving. How long until it takes down operational technology? In May 2021, Colonial Pipeline, one of the largest fuel pipelines in the United States, faced a ransomware attack. The company, which transports more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor, shut down work […] | Ransomware | ||
|
2021-10-27 17:00:00 | Why Containers in the Cloud Can Be An Attacker\'s Paradise (lien direct) | Containers — which are lightweight software packages that include entire runtime environments — have solved the issues of portability, compatibility and rapid, controlled deployment. Containers include an application; all its dependencies, libraries and other binaries; and configuration files needed to run them. Heralding the era of microservices, Infrastructure as Code and service-oriented architectures (SOA), containers […] | ★★ | ||
|
2021-10-27 16:00:00 | The Weaponization of Operational Technology (lien direct) | Contributed to this research: Adam Laurie and Sameer Koranne. Given the accelerating rise in operational technology (OT) threats, this blog will address some of the most common threats IBM Security X-Force is observing against organizations with OT networks, including ransomware and vulnerability exploitation. IBM will also highlight several measures that can enhance security for OT […] | Ransomware Vulnerability | ||
|
2021-10-27 13:00:00 | Cost of a Data Breach: Retail Costs, Risks and More To Know (lien direct) | E-commerce sales grew by nearly one-third in 2020, in large part due to the pandemic. Meanwhile, retail data breaches grew even more prevalent and costly. Retailers need to know not just the cost of a data breach, but the risks and challenges involved with one. This can help IT security professionals and business owners protect […] | |||
|
2021-10-26 19:00:00 | Data Security: How Data Activity Monitoring Protects Against Ransomware (lien direct) | Ransomware is an attack on your data. Can you say that your approach to preventing ransomware is focused on data? Organizations are becoming more aware of the chaos that ransomware can create — to the tune of $4.62 million in escalation, notification, lost business and response costs, according to the 2021 Cost of a Data […] | Ransomware | ||
|
2021-10-26 16:00:00 | Facing Tech Burnout? Here\'s How Employers Can Help (lien direct) | Cybersecurity demands skill and experience. But it also calls for an engaged, motivated and energetic team. And that’s why tech burnout among staff is not only a mental health problem for the employees, it’s also a cybersecurity vulnerability for their employer. What Is Burnout, Anyway? The word ‘burnout’ was first used by psychologist Herbert Freudenberger […] | Vulnerability | ||
|
2021-10-26 13:00:00 | Your Liberal Arts Degree Gives You the Skills for a Cybersecurity Career (lien direct) | Many people don’t realize a liberal arts degree opens the doors for a wide range of careers. That includes careers in cybersecurity. And with the skills gap and the number of available jobs, there is clearly a demand out there. Someone has to step up to fill those jobs. So, why not someone with a […] | ★★★★ | ||
|
2021-10-25 19:30:00 | Nobelium Espionage Campaign Persists, Service Providers in Crosshairs (lien direct) | In an advisory released on October 24, Microsoft announced ongoing campaigns it has attributed to the Nobelium state-sponsored threat group. IBM X-Force tracks this group as Hive099. If the name sounds familiar, that’s because it is the same group that targeted SolarWinds in 2020. The U.S. government has identified Nobelium as part of Russia’s foreign […] | Threat | ||
|
2021-10-25 16:00:00 | A Journey in Organizational Resilience: Privacy (lien direct) | Privacy concerns may not be the first issue that comes to mind when building an enterprise cyber resilience plan. However, you should expect them to gain prominence. For perspective, consider for a moment that the NIST Privacy Framework is a relatively new tool. It was only first deployed in January 2020. Even ISO only released […] | |||
|
2021-10-25 13:00:00 | Cybersecurity First: Becoming GOAT (lien direct) | As we close off Cybersecurity Awareness Month, let us examine how we can become the cyber GOAT: ‘greatest of all time’. Sure, there will be plenty this week on cybersecurity training, making security a priority, more investments into products and processes and all that fun stuff. But we’re not going to talk about that right […] | |||
|
2021-10-22 16:00:00 | How the 2011 DigiNotar Attacks Changed Cybersecurity for the Next Decade (lien direct) | The DigiNotar attack in 2011 set itself apart because it was an attack on the cybersecurity industry itself. Most attacks are on a single company. But this one shook trust in cybersecurity tools and how users decide whom to trust online. After covering this industry for years, I’ve seen firsthand how cyber attacks don’t happen […] | |||
|
2021-10-22 13:00:00 | Cybersecurity Training: Why You Should Train Employees on Social Media Discretion (lien direct) | A few years ago, I was invited on a behind-the-scenes tour of the security operations of a well-known Las Vegas casino. Before we could enter, however, we had to turn off our phones and put them away. No pictures, we were told, because it could reveal information that would jeopardize casino security. The casino staff […] |
To see everything:
Our RSS (filtrered)
