Security Services – WindowsTechs.com

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

Posted on April 17, 2024 by John Velisaris

The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials. In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a […]

The post What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index? appeared first on Security Intelligence.

Continue reading What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?→

Top 10 web application vulnerabilities in 2021–2023

Posted on March 12, 2024 by Oxana Andreeva, Kaspersky Security Services

Our Security assessment team set up rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years’ experience. Continue reading Top 10 web application vulnerabilities in 2021–2023→

Ermac malware: The other side of the code

Posted on January 29, 2024 by Ben Wagner

When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) […]

The post Ermac malware: The other side of the code appeared first on Security Intelligence.

Continue reading Ermac malware: The other side of the code→

Dark web threats and dark market predictions for 2024

Posted on January 17, 2024 by Sergey Lozhkin, Anna Pavlovskaya, Kaspersky Security Services

An overview of last year’s predictions for corporate and dark web threats and our predictions for 2024. Continue reading Dark web threats and dark market predictions for 2024→

What to do if your company was mentioned on Darknet?

Posted on December 12, 2023 by Kaspersky Security Services

We created a list of companies worldwide from different industries and searched through Darknet trying to find out how likely these companies have suffered a breach, what kind of data leaked, and what to do with it. Continue reading What to do if your company was mentioned on Darknet?→

Operationalize cyber risk quantification for smart security

Posted on November 20, 2023 by Randy Spusta

Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague terms do not convey the necessary detail or insight to produce actionable outcomes […]

The post Operationalize cyber risk quantification for smart security appeared first on Security Intelligence.

Continue reading Operationalize cyber risk quantification for smart security→

Pentesting vs. Pentesting as a Service: Which is better?

Posted on November 15, 2023 by Josh Nadeau

In today’s quickly evolving cybersecurity landscape, organizations constantly seek the most effective ways to secure their digital assets. Penetration testing (pentesting) has emerged as a leading solution for identifying potential system vulnerabilities while closing security gaps that can lead to an attack. At the same time, a newer entrant into the security arena is Pentesting […]

The post Pentesting vs. Pentesting as a Service: Which is better? appeared first on Security Intelligence.

Continue reading Pentesting vs. Pentesting as a Service: Which is better?→

How I got started: Attack surface management

Posted on October 12, 2023 by Mark Stone

As the threat landscape multiplies in sophistication and complexity, new roles in cybersecurity are presenting themselves more frequently than ever before. For example, attack surface management. These cybersecurity professionals are responsible for identifying, mapping and securing all external digital assets an organization owns or is connected to. This includes servers, domains, cloud assets and any […]

The post How I got started: Attack surface management appeared first on Security Intelligence.

Continue reading How I got started: Attack surface management→

X-Force uncovers global NetScaler Gateway credential harvesting campaign

Posted on October 6, 2023 by John Dwyer

This post was made possible through the contributions of Bastien Lardy and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The […]

The post X-Force uncovers global NetScaler Gateway credential harvesting campaign appeared first on Security Intelligence.

Continue reading X-Force uncovers global NetScaler Gateway credential harvesting campaign→

Does your security program suffer from piecemeal detection and response?

Posted on October 5, 2023 by John Velisaris

Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of […]

The post Does your security program suffer from piecemeal detection and response? appeared first on Security Intelligence.

Continue reading Does your security program suffer from piecemeal detection and response?→