Category Archives: threat hunting

Log4j Detection and Response Playbook

Posted on by

On December 09, 2021, a severe vulnerability for Apache Log4j was released (CVE-2021-44228). This vulnerability, also known as Log4Shell, allows remote code execution in many applications through web requests and without authentication. Almost immediately, many attackers on the Internet began to scan and exploit this vulnerability. This is meant to provide guidelines and recommendations on…

The post Log4j Detection and Response Playbook appeared first on TrustedSec.

Continue reading Log4j Detection and Response Playbook

Extracting value from the interconnected network of risk management

Posted on by

From the CISO to the SOC operator, defenders struggle to maintain complete situational awareness. Holistic approaches to risk management require the implementation of a manageable number of policies and procedures but are tied to an often unmanageable … Continue reading Extracting value from the interconnected network of risk management

X-Force Threat Intelligence: Monthly Malware Roundup

Posted on by

Today’s reality means that organizations need to be constantly vigilant against security breaches. Having a robust incident response plan in place is vital. IBM Security X-Force is a team dedicated to delivering the latest threat intelligence, research and analysis reports that help you manage risk in your organization. This monthly malware roundup offers a summary […]

The post X-Force Threat Intelligence: Monthly Malware Roundup appeared first on Security Intelligence.

Continue reading X-Force Threat Intelligence: Monthly Malware Roundup

Penetration Testing for Cloud-Based Apps: A Step-by-Step Guide

Posted on by

Although cloud providers offer more and more robust security controls, in the end, you’re the one who has to secure your company’s workloads in the cloud. According to the 2019 Cloud Security Report, the top cloud security challenges are data loss and data privacy, followed by compliance concerns, tied with worries about accidental exposure of […]

The post Penetration Testing for Cloud-Based Apps: A Step-by-Step Guide appeared first on Security Intelligence.

Continue reading Penetration Testing for Cloud-Based Apps: A Step-by-Step Guide

BrazKing Android Malware Upgraded and Targeting Brazilian Banks

Posted on by

Nethanella Messer and James Kilner contributed to the technical editing of this blog. IBM Trusteer researchers continually analyze financial fraud attacks in the online realms. In recent research into mobile banking malware, we delved into the BrazKing malware’s inner workings following a sample found by MalwareHunterTeam. BrazKing is an Android banking Trojan from the overlay […]

The post BrazKing Android Malware Upgraded and Targeting Brazilian Banks appeared first on Security Intelligence.

Continue reading BrazKing Android Malware Upgraded and Targeting Brazilian Banks

When Is an Attack not an Attack? The Story of Red Team Versus Blue Team

Posted on by

Cybersecurity experts fill our days with terminology from warfare, including jargon such as red team versus blue team. The concept of ‘red team’ has its origin in wargaming. The red team plays an opposing force and attempts to bypass the barriers of the defending or blue team.   These exercises are not about winning or […]

The post When Is an Attack not an Attack? The Story of Red Team Versus Blue Team appeared first on Security Intelligence.

Continue reading When Is an Attack not an Attack? The Story of Red Team Versus Blue Team

Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds

Posted on by

IBM X-Force has been tracking the activity of ITG23, a prominent cybercrime gang also known as the TrickBot Gang and Wizard Spider. Researchers are seeing an aggressive expansion of the gang’s malware distribution channels, infecting enterprise users with Trickbot and BazarLoader. This move is leading to more ransomware attacks — particularly ones using the Conti […]

The post Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds appeared first on Security Intelligence.

Continue reading Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds

A Journey in Organizational Resiliency: Governance

Posted on by

From governance comes everything else. It would be reasonable if this journey in organizational resilience started with the governance theme. In fact, many important standards or cybersecurity frameworks begin with policy development. For example:  NIST SP 800-34: The first step in contingency planning is policy development. NIST Cybersecurity Framework: Part of the first step, Identify, […]

The post A Journey in Organizational Resiliency: Governance appeared first on Security Intelligence.

Continue reading A Journey in Organizational Resiliency: Governance

The Real Cost of Ransomware

Posted on by

Ransomware is an expensive cybercrime and getting more so all the time. Payouts have risen massively in the past few years. But while ransomware payment amounts make headlines, the real costs go far beyond what’s paid to the attackers.  How Ransomware Works Now Ransomware has always been a problem. But in recent years, attackers have […]

The post The Real Cost of Ransomware appeared first on Security Intelligence.

Continue reading The Real Cost of Ransomware

What Happens to Victims When a Ransomware Gang Vanishes?

Posted on by

Not long after launching a major supply chain attack in July 2021, the REvil ransomware gang went offline. The group’s infrastructure, including its surface and dark web portals used for ransom negotiations and data leaks, shut down on July 12, according to Bleeping Computer. Russian digital crime forum XSS banned Unknown, a user believed to […]

The post What Happens to Victims When a Ransomware Gang Vanishes? appeared first on Security Intelligence.

Continue reading What Happens to Victims When a Ransomware Gang Vanishes?