HackDig : Dig high-quality web security articles

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical
Publish At:2022-08-09 09:12 | Read:114 | Comments:0 | Tags:Software Vulnerabilities Application Security Security Servi

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity
Publish At:2022-08-02 13:09 | Read:271 | Comments:0 | Tags:Advanced Threats Application Security Security Services Thre

What’s New in the 2022 Cost of a Data Breach Report

The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020. New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced more than one data br
Publish At:2022-07-27 05:13 | Read:337 | Comments:0 | Tags:Zero Trust Intelligence & Analytics Artificial Intelligence

Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine

Following ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate “Trickbot group” has been systematically attacking Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine. Between mid-April and mid-June of 2022 the
Publish At:2022-07-07 07:06 | Read:710 | Comments:0 | Tags:Intelligence & Analytics Malware Security Services Threat In

Black Basta Besting Your Network?

This post was written with contributions from Chris Caridi and Kat Weinberger. IBM Security X-Force has been tracking the activity of Black Basta, a new ransomware group that first appeared in April 2022. To date, this group has claimed attribution of 29 different victims across multiple industries using a double extortion strategy where the attackers not o
Publish At:2022-05-26 14:27 | Read:1014 | Comments:0 | Tags:Intelligence & Analytics Network Threat Hunting Threat Intel

Lessons Learned by 2022 Cyberattacks: X-Force Threat Intelligence Report

Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights.  This year, a new indus
Publish At:2022-05-26 10:29 | Read:764 | Comments:0 | Tags:Application Security Data Protection Energy & Utility Incide

ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups

IBM Security X-Force researchers have continually analyzed the use of several crypters developed by the cybercriminal group ITG23, also known as Wizard Spider, DEV-0193, or simply the “Trickbot Group”. The results of this research, along with evidence gained from the disclosure of internal ITG23 chat logs (“Contileaks”), provide new
Publish At:2022-05-19 06:20 | Read:1109 | Comments:0 | Tags:Malware Security Services Threat Intelligence Threat Researc

X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021

From 2020 to 2021, there was a 33% increase in the number of reported incidents caused by vulnerability exploitation, according to the 2022 X-Force Threat Intelligence Index. A large percentage of these exploited vulnerabilities were newly discovered; in fact, four out of the top five vulnerabilities in 2021 were newer vulnerabilities. Vulnerability exploit
Publish At:2022-05-05 12:00 | Read:814 | Comments:0 | Tags:Software Vulnerabilities Application Security Threat Intelli

One Small Error by DevOps, One Giant Opening for Attackers

When you look at breach statistics in today’s cloud-dominated IT world, you can see several examples where a small error made by the DevOps or CloudOps team has led to a tremendous impact on businesses’ reputations or, in some cases, their existence. Misconfigured AWS S3 buckets, poor password management on publicly exposed databases and secrets
Publish At:2022-05-04 10:09 | Read:965 | Comments:0 | Tags:Cloud Security IBM X-Force Research cloud security issues cl

What Are the Biggest Phishing Trends Today?

According to the 2022 X-Force Threat Intelligence Index, phishing was the most common way that cyber criminals got inside an organization. Typically, they do so to launch a much larger attack such as ransomware. The Index also found that phishing was used in 41% of the attacks that X-Force remediated in 2021. That’s a 33% increase from 2021.  One
Publish At:2022-04-28 10:09 | Read:1558 | Comments:0 | Tags:Data Protection Fraud Protection Identity & Access Incident

Electron Application Attacks: No Vulnerability Required

While you may have never heard of “Electron applications,” you most likely use them. Electron technology is in many of today’s most popular applications, from streaming music to messaging to video conferencing applications. Under the hood, Electron is essentially a Google Chrome window, which developers can modify to look however they pref
Publish At:2022-04-27 14:05 | Read:1586 | Comments:0 | Tags:Application Security Cloud Security Security Services Applic

Putting Your SOC in the Hot Seat

Today’s Security Operations Centers (SOCs) are being stress-tested as never before. As the heart of any organization’s cybersecurity apparatus, SOCs are the first line of defense, running 24/7 operations to watch for alerts of attacks and appropriately address those alerts before they become all-out crises. Yet with ransomware attacks maintainin
Publish At:2022-04-27 12:00 | Read:612 | Comments:0 | Tags:CISO Incident Response Risk Management Security Services Com

Hive0117 Continues Fileless Malware Delivery in Eastern Europe

Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman. The campaign masquerades as official communications from the
Publish At:2022-04-26 10:09 | Read:1069 | Comments:0 | Tags:Malware Threat Intelligence Threat Research IBM X-Force Rese

Solving the Data Problem Within Incident Response

One of the underappreciated aspects of incident response (IR) is that it often starts as a data problem. In many cases, IR teams are presented with an effect such as malware or adversary activity and charged with determining the cause through the identification of evidence that ties the cause and effect together within an environment that they have no visib
Publish At:2022-04-25 14:04 | Read:1613 | Comments:0 | Tags:Incident Response Security Services incident response tools

Where Everything Old is New Again: Operational Technology and Ghost of Malware Past

!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> This post was written with contributions from IBM Security’s Sameer Koranne and Elias Andre Carabaguiaz Gonzalez. Operational technology (OT) — the networks that control industrial control system processes — face a more complex challeng
Publish At:2022-04-13 06:13 | Read:2206 | Comments:0 | Tags:Malware Network Security Services Threat Research IBM X-Forc

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud