Category Archives: Endpoint

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Posted on by

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put […]

The post Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers appeared first on Security Intelligence.

Continue reading Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Cybersecurity in the Next-Generation Space Age, Pt. 1: Introduction to New Space

Posted on by

Working as a cybersecurity engineer for many years, and closely following the rapid evolution of the space ecosystem, I wholeheartedly believe that space systems today are targets of cyberattacks more than ever. The purpose of this article is to give you a glimpse of cybersecurity threats and challenges facing the New Space economy and ecosystem, […]

The post Cybersecurity in the Next-Generation Space Age, Pt. 1: Introduction to New Space appeared first on Security Intelligence.

Continue reading Cybersecurity in the Next-Generation Space Age, Pt. 1: Introduction to New Space

The Evolution of Antivirus Software to Face Modern Threats

Posted on by

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.   Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats. Signature-Based Antivirus Software Signature-based detection is the use of […]

The post The Evolution of Antivirus Software to Face Modern Threats appeared first on Security Intelligence.

Continue reading The Evolution of Antivirus Software to Face Modern Threats

Contain Breaches and Gain Visibility With Microsegmentation

Posted on by

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces.  Breach containment is essential, and zero trust security principles can be applied to […]

The post Contain Breaches and Gain Visibility With Microsegmentation appeared first on Security Intelligence.

Continue reading Contain Breaches and Gain Visibility With Microsegmentation

Self-Checkout This Discord C2

Posted on by

In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated […]

The post Self-Checkout This Discord C2 appeared first on Security Intelligence.

Continue reading Self-Checkout This Discord C2

3 Reasons to Make EDR Part of Your Incident Response Plan

Posted on by

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect […]

The post 3 Reasons to Make EDR Part of Your Incident Response Plan appeared first on Security Intelligence.

Continue reading 3 Reasons to Make EDR Part of Your Incident Response Plan

Deploying Security Automation to Your Endpoints

Posted on by

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, […]

The post Deploying Security Automation to Your Endpoints appeared first on Security Intelligence.

Continue reading Deploying Security Automation to Your Endpoints

Effectively Enforce a Least Privilege Strategy

Posted on by

Every security officer wants to minimize their attack surface. One of the best ways to do this is by implementing a least privilege strategy. One report revealed that data breaches from insiders could cost as much as 20% of annual revenue. Also, at least one in three reported data breaches involve an insider. Over 78% […]

The post Effectively Enforce a Least Privilege Strategy appeared first on Security Intelligence.

Continue reading Effectively Enforce a Least Privilege Strategy

Threat Management and Unified Endpoint Management

Posted on by

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at […]

The post Threat Management and Unified Endpoint Management appeared first on Security Intelligence.

Continue reading Threat Management and Unified Endpoint Management

3 Ways EDR Can Stop Ransomware Attacks

Posted on by

Ransomware attacks are on the rise. While these activities are low-risk and high-reward for criminal groups, their consequences can devastate their target organizations. According to the 2022 Cost of a Data Breach report, the average cost of a ransomware attack is $4.54 million, without including the cost of the ransom itself. Ransomware breaches also took […]

The post 3 Ways EDR Can Stop Ransomware Attacks appeared first on Security Intelligence.

Continue reading 3 Ways EDR Can Stop Ransomware Attacks