HackDig : Dig high-quality web security articles for hacker

Cyberthreat Intelligence Tooling — How to Quickly Locate Your Key Indicators

Everything you do in threat intelligence is about indicators or patterns. In a binary world, patterns are actually just how different indicators work together in the chain of a malicious event. Working with threat intelligence for years now, I’ve often asked myself several fundamental cyberthreat intelligence questions: What exactly is this attack and
Publish At:2020-02-21 09:34 | Read:68 | Comments:0 | Tags:Security Intelligence & Analytics Analysis Data Exfiltration

Making Cloud Security a Team Sport

While most large enterprises are moving to the cloud in some form, the path is never as direct as chief information officers (CIOs) and chief information security officers (CISOs) might like it to be. Most come to terms with the fact that the cloud won’t be a single offering, but rather a hybrid multicloud that aligns critical applications with cloud s
Publish At:2020-02-21 09:34 | Read:63 | Comments:0 | Tags:Cloud Security Cloud Cloud Adoption Cloud Infrastructure Clo

What the Explosive Growth in ICS-Infrastructure Targeting Means for Security Leaders

The recently published IBM X-Force Threat Intelligence Index 2020 pointed out that over 8.5 billion records were compromised in 2019, a figure that’s more than 200 percent greater than the number of records lost in 2018. It also determined that scanning and exploitation of vulnerabilities have increased from just 8 percent of attacks in 2018 to nearly
Publish At:2020-02-20 10:49 | Read:223 | Comments:0 | Tags:CISO Energy & Utility Security Services Brute-Force Attack C

Emotet SMiShing Uses Fake Bank Domains in Targeted Attacks, Payloads Hint at TrickBot Connection

Before a short lull in mid-February, Emotet was in the midst of a rise in activity that has been apparent since late 2019 — in terms of both spam and infecting potential victims via SMiShing attacks. In cases observed by IBM X-Force researchers, SMS messages sent from what would appear to be local U.S. numbers are being delivered to mobile phones impersonati
Publish At:2020-02-19 08:17 | Read:204 | Comments:0 | Tags:Malware Threat Intelligence Antivirus Banking Security Phish

Banking Trojans and Ransomware — A Treacherous Matrimony Bound to Get Worse

The financial malware arena became a mainstream issue a little over a decade ago with the rise of malware like the Zeus Trojan, which at the time was the first commercial banking Trojan available to the cybercrime world. We have come a long way since, and the past decade saw banking Trojans become increasingly sophisticated, specialized and exclusive, operat
Publish At:2020-02-18 09:32 | Read:97 | Comments:0 | Tags:Malware Threat Intelligence Banking Trojan Botnets Cybercrim

Sextortion Scams Delivered by Emotet Net 10 Times More Than Necurs Sextortion — Here’s Why

Recent spam campaigns from Emotet featured sextortion content very similar to emails previously sent by the Necurs botnet. However, Emotet spam ended up netting 10 times the amount that a comparable Necurs campaign did — within a matter of six hours. Why was Emotet so much more successful with the same type of ploy? Two factors played into this. First, Emote
Publish At:2020-02-15 17:18 | Read:86 | Comments:0 | Tags:Malware Threat Intelligence Banking Trojan Bitcoin Botnet Cy

We Need More Than Security Awareness to Combat Insider Threats

When I was new to the security industry, I firmly believed that people got infected with malware because they didn’t know how to be safe online. I thought problems happened because computers were too complicated, or the technology was too daunting, or people were just too trusting and naive. But clearly I knew better. I saw the dangers lurking on the i
Publish At:2020-02-12 10:40 | Read:177 | Comments:0 | Tags:CISO Human Error Human Factor Insider Threats Security Aware

X-Force Threat Intelligence Index Reveals Top Cybersecurity Risks of 2020

The volume of threats that security teams see on a daily basis can make it especially difficult to look at the big picture when it comes to developing an effective cybersecurity strategy. To see through the flood of data and alerts, organizations depend on actionable threat intelligence to help them understand and mitigate risks. Looking at long-term trends
Publish At:2020-02-11 08:51 | Read:261 | Comments:0 | Tags:Advanced Threats Threat Intelligence Cloud Cloud Adoption Cl

Gaining Insight Into the Ponemon Institute’s 2020 Cost of Insider Threats Report

Today, I’m pleased to share some of the key findings from the 2020 Cost of Insider Threats Global Report. This is the third benchmark study, independently sponsored by IBM Security and ObserveIT to help understand the direct and indirect costs that result from insider threats. The first study was conducted in 2016 and focused exclusively on companies i
Publish At:2020-02-09 10:30 | Read:110 | Comments:0 | Tags:CISO Security Services Access Management Breach Credentials

The Case for Integrating Dark Web Intelligence Into Your Daily Operations

Some of the best intelligence an operator or decision-maker can obtain comes straight from the belly of the beast. That’s why dark web intelligence can be incredibly valuable to your security operations center (SOC). By leveraging this critical information, operators can gain a better understanding of the tactics, techniques and procedures (TTPs) emplo
Publish At:2020-02-09 10:30 | Read:73 | Comments:0 | Tags:Risk Management Security Intelligence & Analytics Artificial

How Do You Measure the Success of Your Patch Management Efforts?

If you follow the news, you will often see that yet another company has been breached or taken hostage by ransomware. If you read the full details of these stories, usually they have one main thing in common: These organizations are behind in patch management. The question that arises, then, is why? There are two sides to this story: A technical one and a pr
Publish At:2020-02-09 10:30 | Read:133 | Comments:0 | Tags:Endpoint Risk Management Business Continuity Common Vulnerab

Emotet Activity Rises as It Uses Coronavirus Scare to Infect Targets in Japan

IBM X-Force has identified a spam campaign targeting users in Japan that employs the Coronavirus scare as a lure to encourage people to open malicious emails. The messages contain Microsoft Office files loaded with macros that, when enabled, launch an infection routine that delivers the Emotet Trojan. In general, Emotet is very focused on infecting companies
Publish At:2020-02-09 10:30 | Read:201 | Comments:0 | Tags:Malware Threat Intelligence Banking Trojan Cybercrime Cyberc

Artificial Intelligence (AI) and Security: A Match Made in the SOC

Change is constant in cybersecurity — continual, rapid, dynamic change. It’s impossible to maintain an effective defensive posture without constantly evolving. Security measures that worked in the past will not be effective today, and today’s security controls will not be effective tomorrow. Many factors contribute to this rapid pace of change. A
Publish At:2020-02-09 10:30 | Read:143 | Comments:0 | Tags:Artificial Intelligence Analysts Artificial Intelligence (AI

10 Reasons Your Organization Is Potentially at Risk of a Ransomware Attack

Does ransomware respect the holiday season? With ransomware attacks attempted every 14 seconds, it’s not likely attackers take any days off. The threat of ransomware keeps growing, and in Q1 2019, researchers noted a 118 percent rise in malware strains in this category. Behind these rising numbers are cybercrime syndicates that continue to push ransomw
Publish At:2019-10-18 10:20 | Read:413 | Comments:0 | Tags:Identity & Access Incident Response Threat Intelligence Cybe

Identifying Cobalt Strike team servers in the wild

How an anomalous space led to fingerprinting Summary On the 2nd of January 2019 Cobalt Strike version 3.13 was released, which contained a fix for an “extraneous space”. This uncommon whitespace in its server responses represents one of the characteristics Fox-IT has been leveraging to identify Cobalt Strike Servers, with high confidence, for the
Publish At:2019-09-19 23:30 | Read:371 | Comments:0 | Tags:Threat Intelligence Uncategorized

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud