HackDig : Dig high-quality web security articles for hacker

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making breaches, it’s becoming clear that the greatest risks to an organization might come down to a simple
Publish At:2017-09-21 19:15 | Read:142 | Comments:0 | Tags:Advanced Threats Cloud Security Data Protection Software & A

Network Attacks Containing Cryptocurrency CPU Mining Tools Grow Sixfold

Since we last reported on a version of the ELF Linux/Mirai malware containing cryptocurrency coin-mining tools in April, the IBM X-Force has noticed a steep increase in the volume of coin central processing unit (CPU) mining tools used in cyberattacks, specifically those targeting enterprise networks. According to IBM Managed Security Services (MSS) data,
Publish At:2017-09-19 12:00 | Read:69 | Comments:0 | Tags:Advanced Threats Security Services Threat Intelligence X-For

Downward Trend in Publicly Available Exploit Code? Don’t Ease Up on Patch Management Just Yet

The IBM X-Force Vulnerability Database (XFDB), which holds over 100,000 publicly disclosed vulnerabilities, is chock-full of insights concerning the cybersecurity threat landscape. Much of the data is publicly available directly on the IBM X-Force Exchange platform and can be accessed by users anytime. In reviewing the database on an ongoing basis, the IBM
Publish At:2017-09-14 21:10 | Read:185 | Comments:0 | Tags:Advanced Threats Endpoint Threat Intelligence X-Force Resear

Stay Up to Date on Threat Intelligence With New X-Force Exchange Capabilities

As both a parent and a bit of a nerd, I have a lot of corny jokes in my arsenal that cover a wide range of topics including animals, food, science fiction and the like. One of my favorite jokes comes from my data science background: “I never metadata I didn’t like.” This joke has it all: wordplay, the spirit of a joke your uncle might tell
Publish At:2017-08-16 09:00 | Read:185 | Comments:0 | Tags:Threat Intelligence X-Force Research IBM X-Force Exchange IB

Hello, My Name Is Space Rogue

IBM X-Force Red marked its first-year anniversary with the addition of security specialists, including Space Rogue, who increases the team’s impressive roster of talent. Hello, my name is Space Rogue. Well, actually, it’s Cris Thomas, but the security community is most likely to recognize my work over the past two decades under my pseudonym. The
Publish At:2017-07-28 03:30 | Read:316 | Comments:0 | Tags:Application Security Security Services X-Force Research IBM

IBM X-Force Red Turns 1, Expands Into Auto and IoT Practice Areas

Earlier this year, I gave a talk at the RSA Conference about the privacy and security flaws in many of today’s connected cars. The response was nothing short of astounding. As it turns out, people get very nervous when you talk about finding and controlling their cars from a mobile phone. While I didn’t initially set out to find vulnerabilities i
Publish At:2017-07-24 17:25 | Read:129 | Comments:0 | Tags:Application Security Industries Software & App Vulnerabiliti

Multipronged IoT Security to Help Realize the Value of IoT Solutions

The Internet of Things (IoT) is an exciting and innovative technology that can help businesses discover new growth areas and income streams. With all this innovation to differentiate in industry verticals and challenge traditional operating models, it’s easy to overlook IoT security, both in terms of its uniqueness and its importance. What Is Different
Publish At:2017-07-24 17:25 | Read:182 | Comments:0 | Tags:Application Security CISO Cognitive Industries X-Force Resea

Information and Communication Technology (ICT) Industry: Second-Most Attacked Sector in 2016

The information and communication technology (ICT) industry has evolved greatly over the last several decades. The interconnected nature of ICT devices and systems, along with modern society’s dependence on the technologies and services this sector provides, increases the risk of cyberattack. Furthermore, firms in this industry often act as a clearingh
Publish At:2017-07-10 21:30 | Read:316 | Comments:0 | Tags:Industries Threat Intelligence X-Force Research Buffer Overf

When a Cyber Crisis Hits, Know Your OODA Loops

In the months since we began simulating full-scale cyberattacks for customers at our IBM X-Force Command Center in Cambridge, Massachusetts, I’ve watched a steady stream of corporate security teams confront the hair-raising experience of a simulated cyberattack. The Command Center recreates the whole crisis from start to finish, featuring a controlled,
Publish At:2017-05-30 22:30 | Read:401 | Comments:0 | Tags:CISO Incident Response X-Force Research Chief Information Se

Incident Response: Planning for the Attack Before It Happens

By now, you’ve no doubt heard of WannaCry, the ransomware attack that impacted over 300,000 victims in more than 100 countries over the past 10 days. While we’ve all focused on effective patching strategies to prevent further infection, an important part of the discussion is how to plan for a successful incident response (IR) to ransomware and o
Publish At:2017-05-25 13:35 | Read:428 | Comments:0 | Tags:Incident Response X-Force Research IBM IBM Security IBM X-Fo

Not-So-Terrible Twos: IBM X-Force Exchange Celebrates Its Second Birthday

There are certain knowing glances that experienced parents give each other in the face of a public toddler meltdown. The sheer red-faced, quaking, loud explosion of the tantrum reminds us that 2-year-olds are entirely exasperating human beings and terrible roommates. But there is a new kind of 2-year-old on the scene now that is well-behaved, well-groomed
Publish At:2017-05-17 21:15 | Read:459 | Comments:0 | Tags:Threat Intelligence X-Force Research IBM X-Force Exchange IB

Cybercriminals Riding Tax Filing Tides: Tax Fraud Season in Effect

Data theft is a year-round, opportunistic crime, but seasonal events often trigger rises in spam and fraud. The most significant such example is tax fraud riding the wave of tax filing season. It’s That Time of Year Again Every year, tax filing season, which extends from January to April in the U.S., is one of the most popular opportunities for cybercr
Publish At:2017-04-05 18:20 | Read:724 | Comments:0 | Tags:Fraud Protection Risk Management X-Force Research Financial

The NukeBot Trojan, a Bruised Ego and a Surprising Source Code Leak

An Uncommon Tale of a Failed Banking Trojan Vendor In early December 2016, IBM X-Force researchers noticed the emergence of a new banking malware advertised for sale in a few underground boards. The malware’s vendor, who went by the online moniker Gosya, was a Russian-speaking member who introduced himself as the developer of Nuclear Bot, or NukeBot, a
Publish At:2017-03-29 01:50 | Read:715 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware X-Forc

CAPEC: Making Heads or Tails of Attack Patterns

When reading summaries of prevalent cyberattacks, I often find myself puzzled. Sometimes it’s because the name of an attack is too ambiguous to know what it is referring to, forcing the reader to make assumptions about the meaning. Many security analysts report attack types using the consequence of the incident, the attack pattern, the name of the de
Publish At:2017-03-27 13:00 | Read:778 | Comments:0 | Tags:Advanced Threats X-Force Research IBM X-Force Report IBM X-F

Churn Under the Surface of Global Cybercrime

Global cybercrime actors generally adhere to the same principal as a handyman: If it’s not broken, don’t fix it. But that’s not so easy when malware works in one area and attackers want to use it to target a new audience or geography. Moving malware across borders to a new target geographic means more resources for everything, from a relati
Publish At:2017-03-17 13:20 | Read:607 | Comments:0 | Tags:Advanced Threats Fraud Protection Malware X-Force Research A

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud