In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this vulnerability. This is a trend we’ve seen repeated wi

Averting cyberattacks planned out by aggressive threat actors is no easy feat for any organization, and much less for incident response (IR) teams who are usually called in after the attack has caused damage. IBM X-Force Incident Response and Intelligence Services (IRIS) analysts know this firsthand. The problem with this approach is that when an attack is a

Follow the money! That is the famous first rule for investigating white collar criminal activity. It should also be the first rule for protecting your organization from a data breach, ransomware attack or other malicious activity. A basic fact of modern cybersecurity life is that the lone hacker of yore has long since vanished, replaced by sophisticated cy

Chance favors the prepared mind. That’s what famous chemist Louis Pasteur once said, but it’s also an important principle that applies to psychological security. Remember back in middle school when name-calling was a way we expressed our emotions? You’ll likely recall the common response: “It takes one to know one!” It Takes a

Today’s cybercriminals have new options that make their malicious efforts easier than ever. Cyberattacks can be purchased in several forms, including as-a-service packages and simple downloads to be installed in rogue servers. While these may not be the most cutting-edge techniques, they can be effective in infiltrating systems that have not been suff

The cyber age has brought incalculable advantages to modern life. The world is connected and accessible like never before. But like all technological advances, there is a dark side to this progress: Quite simply, the cyber age is revolutionizing warfare. Whereas security threats were once visible and easily identifiable, today’s cyberthreats are invi

According to a report published by the threat intelligence firm Recorded Future cybercriminals earn between $1,000 and $3,000 a month. How much money earns a cyber criminal? According to a report published by the threat intelligence firm Recorded Future crooks earn between $1,000 and $3,000 a month, but one of five earns $20,000 a month or more reaching also

Myth: There is no link between your real-life location and your digital one. The truth is that the two are very much connected. Perhaps more importantly, then, is what this means when it comes to your personal security. If the state or city in which you live is a hotbed for cybercriminal activity, your chances of being infected online increase significantly.

For as long as SQL injection has been around, it is still not old news — at least for attackers. Attackers will take whatever path they can to reach an exploit The simpler the path, the better. However, sometimes they need to use a little more elbow grease. That’s where blind SQL injection comes in. If an attacker were a magician, this attack would be

2015 was a banner year for cybercriminals. And with less than a month left before the calendar rolls over, it’s worth taking a look back at the biggest, craziest and downright strangest hacks and data breaches of the last 11 months. Eight Crazy Hacks in 2015 In no particular order, here are eight of the biggest and strangest hacks from the past year: 1

Today’s CEOs, be they from large multinational enterprises or smaller shops, need to think about the effects economic espionage may have on their companies. Their own intellectual property, trade secrets and personnel are all of interest to others. In addition, data provided to and received from customers, clients and employees may prove to be the most

Being the inspiration for “CSI: Cyber” is not likely an honor many people in the security field would be happy to claim. But this is exactly the tag line that cyberpsychologist Professor Mary Aiken is often given. As the director of the CyberPsychology Research Center (CPRC) in Dublin, she has an interesting viewpoint on cybercriminals and hacker

It’s no secret that the cybersecurity talent shortage is one of the biggest challenges facing our industry, with experts predicting 1.5 million open and unfilled global security positions over the next five years. Simple awareness of careers in this field is just the beginning; currently, almost two-thirds of high school students reported that the idea

It’s not uncommon to see a hacker in a movie or a television show sitting in a dark basement, frantically typing as he or she simultaneously transfers money from the largest bank in the world, changes traffic lights from green to red to stop the good guys, raises the temperature on a nuclear core and turns off life support for a key character’s b

One of the interesting topics IBM teams analyze is the ways in which malware authors constantly innovate their cyberfraud techniques when it comes to evading detection either by endpoint solutions, such as antivirus tools, or research and enterprise security systems, such as sandboxes and reverse engineering techniques. Attacks involving Trojans are always i