Thursday, June 1, 2023
IBM Security

Machine Learning Applications in the Cybersecurity Space

Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information...
IBM Security

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

  This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, and Diego Matos Martins. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force...
IBM Security

Now Social Engineering Attackers Have AI. Do You? 

Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code.  The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code...
IBM Security

Despite Tech Layoffs, Cybersecurity Positions are Hiring

It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions...
IBM Security

How I Got Started: White Hat Hacker

White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately...
IBM Security

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating.  Credit rating agencies continuously strive to gain a better understanding of the risks that companies face....
IBM Security

CISA, NSA Issue New IAM Best Practice Guidelines

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators.  As the industry increasingly moves towards cloud and hybrid computing environments,...
IBM Security

6 Ways to Mitigate Risk While Expanding Access

The World Economic Forum recently published a list of trends that are likely to shape the future of cybersecurity by 2030. The article names “progress in cybersecurity, but access must be widened” as a top trend. If these two goals seem...
IBM Security

Hypervisors and Ransomware: Defending Attractive Targets

With every step towards better cyber defense, malicious attackers counter with new tactics, techniques and procedures. It’s not like the attackers are going to say, “All right, you made it too tough for us this time; we’re checking out.”...
IBM Security

NIST Launches Cybersecurity Initiative for Small Businesses

For small organizations, the current cyber threat landscape is brutal. While big-name breaches steal the headlines, small businesses suffer the most from ransomware attacks. Additionally, other studies reveal that only half of all small businesses are prepared for a...
IBM Security

Educating Your Board of Directors on Cybersecurity

Many, if not the majority of, big decisions at organizations come from the boardroom. Typically, the board of directors focuses on driving the direction of the company. Because most boards approve yearly budgets, they have significant oversight of resources...
IBM Security

HEAT and EASM: What to Know About the Top Acronyms at RSA

The cybersecurity industry is littered with acronyms. SIEM. EDR. APT. CISO. CISA. The list goes on and on. So it wasn’t surprising that there were a lot of acronyms in RSAC 2023’s sessions and keynotes, as well as in the...
IBM Security

Is Patching the Holy Grail of Cybersecurity?

A proactive approach to cybersecurity includes ensuring all software is up-to-date across assets. This also includes applying patches to close up vulnerabilities. This practice minimizes risk, as it eliminates outdated software versions in the process. Does this make patching...
IBM Security

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures...
IBM Security

Are Ransomware Attacks Declining, or Has Reporting Worsened?

While examining the state of ransomware in 2023, the statistics show promise — at least on the surface. According to the IBM X-Force Threat Intelligence Index 2023, “Ransomware’s share of incidents declined from 21% in 2021 to 17% in...
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
The Register

Feds, you’ll need a warrant for that cellphone border search

Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
Graham Cluley

Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?

height="315" class="aligncenter size-full wp-image-292324" /> ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"? All this and...