HackDig : Dig high-quality web security articles

[SANS ISC] HTTPS Support for All Internal Services

I published the following diary on isc.sans.edu: “HTTPS Support for All Internal Services“: SSL/TLS has been on stage for a while with deprecated protocols, free certificates for everybody. The landscape is changing to force more and more people to switch to encrypted communications and this is good! Like Johannes explained yesterday, Chrome 9
Publish At:2021-04-16 06:44 | Read:79 | Comments:0 | Tags:SANS Internet Storm Center Security HTTPS network SANS ISC

Reaching Strategic Outcomes With an MDR Service Provider: Part 5

This is the fifth in a five-part blog series on managed detection and response (MDR) as it drives strategic security outcomes for businesses. Now that you’ve reached part five of this series, you’ve seen how MDR services help organizations. They can help achieve their goals through the context of four key strategic outcomes. You’re familia
Publish At:2021-03-17 10:05 | Read:271 | Comments:0 | Tags:Mobile Security Cloud Security Data Protection Network Secur

Top 10 Cybersecurity Vulnerabilities of 2020

What cybersecurity vulnerabilities new and old should organizations look out for this year? Let IBM X-Force be your guide to today’s top cybersecurity threats with this detailed report. First, scanning for and exploiting vulnerabilities emerged as the top infection vector of 2020, according to the 2021 X-Force Threat Intelligence Index. In other words
Publish At:2021-03-10 22:05 | Read:343 | Comments:0 | Tags:Security Intelligence & Analytics Application Security Cloud

Cloud Clarity: Adding Security and Control to the AWS Shared Responsibility Model

Have your security team members ever made a mistake in the cloud? Human error happens and it can take on many forms. But, none are as serious as failing to understand the way cloud defenses work.  If a mistake does come to mind, be reassured you’re not alone. Seven in 10 organizations suffered a public cloud security incident between July 2019 an
Publish At:2021-03-05 11:15 | Read:304 | Comments:0 | Tags:Cloud Security Network Amazon Amazon AWS Cloud security

2021 X-Force Threat Intelligence Index Reveals Peril From Linux Malware, Spoofed Brands and COVID-19 Targeting

From the front lines of incident response engagements to managed security services, IBM Security X-Force observes attack trends firsthand, yielding insights into the cyber threat landscape. Every year, X-Force collates billions of data points to assess cybersecurity threats to our customers. This report — the X-Force Threat Intelligence Index 202
Publish At:2021-02-24 10:59 | Read:390 | Comments:0 | Tags:Advanced Threats Data Protection Government Healthcare Malwa

Network Segmentation Series: What is It?

This is the first in a series of three blog posts about network segmentation.  Many businesses are looking to augment their defenses by changing their approach to network security. Take the heightened awareness around building zero trust networks, for instance. Embracing the shift to zero trust will require users to address the threat of lateral m
Publish At:2021-02-15 12:29 | Read:362 | Comments:0 | Tags:Network Corporate Network Security Network Intelligence Netw

8 Top Technical Resource Providers for ICS Security Professionals

Attacks against industrial control systems (ICS) are on the rise. In its 2020 X-Force Threat Intelligence Report, for instance, IBM found that digital attacks targeting organizations’ ICS had increased by more than 2,000% between 2019 and 2018. Most of those attacks involved the exploitation of vulnerabilities affecting supervisory control and data acquisiti
Publish At:2021-02-03 07:50 | Read:429 | Comments:0 | Tags:Featured Articles ICS Security ISC Security Network OT secur

Is the End of the Firewall in Sight?

Is a firewall a thing of the past? People have been questioning the utility of firewalls for years. Columnist and editor Roger A. Grimes wrote that “firewalls need to go away” in May 2012. Grimes reasoned this was because firewalls “have always been problematic, and today there is almost no reason to have one.” Is Grimes right? Is th
Publish At:2021-02-01 18:45 | Read:381 | Comments:0 | Tags:Cloud Security Network Cloud Firewall Network Security

For Attackers, Home is Where the Hideout Is

Remember the good ol’ days of playing hide-and-seek? It’s hard to forget the rush of finding the perfect hiding place. I remember crouching into a tiny ball behind the clothes hanging in my mother’s closet, or standing frozen like a statue behind the curtain of our living room window. While it was “just a game” when we were kid
Publish At:2021-01-19 20:53 | Read:475 | Comments:0 | Tags:Data Protection Network Data Breach Internet of Things (IoT)

Misconfigurations: A Hidden but Preventable Threat to Cloud Data

Working in the cloud has many advantages. But to handle your information safely, you should know how to defend against the common problem of misconfigurations leaving cloud data open to thieves.  What are the Benefits of Cloud Computing? Many groups are expanding their use of the cloud. In November 2019, Gartner announced its prediction that the worldw
Publish At:2021-01-15 15:29 | Read:529 | Comments:0 | Tags:Cloud Security Network Cloud Network Security

Update on Widespread Supply-Chain Compromise

SolarWinds has announced a cyberattack on its systems that compromised specific versions of the SolarWinds Orion Platform, a widely used network management tool. SolarWinds reports that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by a nation state, but it has not, to date, independently verified the
Publish At:2020-12-16 21:47 | Read:591 | Comments:0 | Tags:Incident Response Network Threat Intelligence Government IBM

What Is SCM (Security Configuration Management)?

The coronavirus 2019 (COVID-19) pandemic shifted the cybersecurity landscape. According to a PR Newswire release, the FBI tracked as many as 4,000 digital attack attempts a day during the pandemic. That’s 400% more than what it was prior to the pandemic. In response to these attacks, 70% of CISOs told McKinsey that they believed their security budgets would
Publish At:2020-11-16 08:26 | Read:762 | Comments:0 | Tags:Featured Articles Security Configuration Management Security

How to Secure Microservices Architecture

The use of microservices-based architecture to realize complex, evolving solutions is growing in popularity. Microservices make it much easier to replace or upgrade components mid-flight. It also allows multiple developers to work on different aspects of the overall solution without affecting each other.  However, microservices architecture comes with
Publish At:2020-10-21 12:28 | Read:535 | Comments:0 | Tags:Network Security Services Microservices

Data Breach Protection Must Include Physical Security

If most of your business’ data and workloads are handled on public clouds, it can be easy to forget about the onsite servers. With office buildings empty, employees may assume the servers are protected by the same physical security as the rest of the facility. However, physical security has its own considerations, and paying careful attention to them
Publish At:2020-09-08 13:55 | Read:1017 | Comments:0 | Tags:Network Security Intelligence & Analytics Security Services

Under Attack: How Threat Actors are Exploiting SOCKS Proxies

From the basic building blocks of the internet to cryptocurrency mining on a supercomputer, SOCKS sits at the core of computing. A SOCKS proxy can be used to improve network security in an enterprise, but can also be exploited by cybercriminals for nefarious reasons. Take a look at how SOCKS proxies have been manipulated recently by threat actors. What is
Publish At:2020-09-03 16:34 | Read:915 | Comments:0 | Tags:Advanced Threats Network Security Intelligence & Analytics C