HackDig : Dig high-quality web security articles for hacker

Brazilian Malware Client Maximus: Maximizing the Mayhem

In January 2017, IBM X-Force research reported the development of a new remote-access malware code targeting Brazilian banks. The malware, dubbed Client Maximus, was observed in ongoing campaigns and continues to target online banking users in the country. The development of Client Maximus, which is believed to be commercially available in Brazilian fraud an
Publish At:2017-09-12 13:50 | Read:327 | Comments:0 | Tags:Fraud Protection Malware Threat Intelligence Advanced Threat

A Basic Model to Measure SIEM Maturity

Every day, organizations rely on security information and event management (SIEM) solutions to protect, control and monitor their technology infrastructures. These platforms serve as early detection tools for security threats. But how can security professionals validate that their SIEM systems are properly configured and aligned with the organization’s
Publish At:2017-09-08 10:00 | Read:290 | Comments:0 | Tags:Data Protection Network Security Intelligence & Analytics Se

Spotlight on Energy and Utilities Sector: Attacks Targeting ICS Systems Projected to Increase

There is an increased focus on cybersecurity among governments and energy and utilities organizations worldwide, and for good reason. Attacks on critical infrastructure such as fuel, electricity and drinking water carry the potential for damage far beyond their economic impact. As demonstrated by incidents such as the notorious shutdown of several Iranian nu
Publish At:2017-09-06 20:40 | Read:457 | Comments:0 | Tags:Advanced Threats Energy & Utility Threat Intelligence Energy

Know Your Data and Your Enemies: Establishing a Baseline for Proactive Threat Hunting

The purveyors of modern threats are not trying to simply deface your website or own your web server. These advanced attackers are attempting to siphon critical and sensitive data from your network over long periods of time, and do so undetected. Where Is Your Data? When threat hunting, at a minimum, you should know where your critical data is stored and how
Publish At:2017-09-06 20:40 | Read:380 | Comments:0 | Tags:Data Protection Incident Response Risk Management Security I

Seven Steps to Improve Your Security Operations and Response

It’s hard to escape the reality that every day, cyberthreats morph and expand, escalating the need to improve and tighten security operations and response practices. While it may feel overwhelming, there are ways to help level the playing field. Cognitive computing and machine learning are new technologies that can empower security practitioners to foc
Publish At:2017-09-05 09:35 | Read:250 | Comments:0 | Tags:CISO Cognitive Endpoint Incident Response Security Intellige

The Educator’s Back-to-School Cybersecurity Checklist: Make Mitigating Command Injection a Priority

Pencils? Check. Notebooks? Check. Web applications and servers patched and sanitized? Hopefully. In many parts of the world, educators and students in primary, secondary and higher education institutions are reviewing their checklists to ensure academic preparedness for the new school year. But what about the education sector’s IT workers? What should
Publish At:2017-08-30 20:10 | Read:256 | Comments:0 | Tags:Risk Management Threat Intelligence Academia Data Protection

Keep Intruders Out of Your Network With Proactive Threat Hunting

A threat hunting program can provide an accurate picture of where your organization is exposed to threats and help security professionals strengthen those weaknesses. If you know how an adversary is breaking into your environment, you can improve your defenses and stop attacks from happening again in the future. This echoes the importance of having accurate
Publish At:2017-08-30 20:10 | Read:304 | Comments:0 | Tags:Network Risk Management C-Suite Network Protection Network S

Just a Passing Fad? Fidget Spinners and the Malware Sandbox

This is the first installment in a three-part series about malware sandboxing. Stay tuned for more information. When the fidget spinner fad hit last year, my seventh grader was immediately on board and quickly became a fidget spinner snob, boasting about bearing quality and spin longevity. My fifth grader, however, eschewed fidget spinners with the same disd
Publish At:2017-08-29 10:15 | Read:344 | Comments:0 | Tags:Malware Threat Intelligence Advanced Malware Behavioral Anal

Using a Free Online Malware Analysis Sandbox to Dig Into Malicious Code

The continuous advancement and sophistication of cyberthreats has gradually decreased the sufficiency of traditional gateway and endpoint security solutions for protection against malware. These approaches were sufficient when malware occurred in small numbers and it was easy to differentiate between good and bad applications. Nowadays, there’s a world
Publish At:2017-08-28 12:55 | Read:358 | Comments:0 | Tags:Incident Response Malware Malware Analysis Sandbox Sandboxin

Blindfolded on the Battlefield: The Importance of Threat Hunting in the Modern Age

One of the fundamental problems with cybersecurity is that organizations often do not realize when they are compromised. Traditional incident response methods are typically reactive, forcing security teams to wait for a visible sign of an attack. The problem is that many attacks today are stealthy, targeted and data-focused. Just stop for a moment to ask you
Publish At:2017-08-23 22:25 | Read:303 | Comments:0 | Tags:Data Protection Risk Management Data Breach Threat Detection

All in a Spammer’s Workweek: Where Do the Busiest Spammers Work Around the Clock?

IBM X-Force Kassel is a research team that operates massive spam honeypots and monitoring, gleaning data from billions of unsolicited emails every year. With such large amounts of spam coming in, we can more easily map trends. We looked at one recently when analyzing the spammer’s workweek. Our goal in this analysis was to delve into six months of data
Publish At:2017-08-21 15:05 | Read:276 | Comments:0 | Tags:Advanced Threats Fraud Protection Threat Intelligence IBM X-

Protecting Against Spam and Phishing Attacks With a Layered Approach to Email Security

Layered schemes are used in most information security strategies, and it is essential to establish a similar approach to protecting the organization from unwanted email. In fact, spam and phishing are some of the biggest problems IT security managers face today. According to LinkedIn’s “2017 Cybersecurity Trends Report,” phishing attacks ar
Publish At:2017-08-17 19:00 | Read:303 | Comments:0 | Tags:Fraud Protection Risk Management Email Fraud Prevention Phis

Incident Response and Threat Intelligence: A Potent One-Two Punch to Fight Cybercrime

Cybercriminals and their tactics are becoming increasingly sophisticated. Given the rash of widespread, devastating attacks thus far in 2017, this trend shows no signs of slowing down. It’s no longer enough to simply implement incident response solutions. Today’s threats require a dedicated team of security experts to maximize these tools with
Publish At:2017-08-17 19:00 | Read:267 | Comments:0 | Tags:Incident Response Security Services Threat Intelligence Adva

Stay Up to Date on Threat Intelligence With New X-Force Exchange Capabilities

As both a parent and a bit of a nerd, I have a lot of corny jokes in my arsenal that cover a wide range of topics including animals, food, science fiction and the like. One of my favorite jokes comes from my data science background: “I never metadata I didn’t like.” This joke has it all: wordplay, the spirit of a joke your uncle might tell
Publish At:2017-08-16 09:00 | Read:326 | Comments:0 | Tags:Threat Intelligence X-Force Research IBM X-Force Exchange IB

Elementary, My Dear Watson: Identifying and Understanding Malware With Cognitive Security

Malware is a major cause of cyberattacks today, with fraudsters using targeted spear phishing emails and social engineering to distribute malicious files to unsuspecting employees at various organizations. To make matters worse, malware has evolved to avoid detection by traditional security tools and systems. Take the CozyDuke malware campaign as an example.
Publish At:2017-08-14 16:57 | Read:246 | Comments:0 | Tags:Cognitive Security Intelligence & Analytics Cognitive Securi

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud