Category Archives: threat hunting

Penetration Testing for Cloud-Based Apps: A Step-by-Step Guide

Posted on by

Although cloud providers offer more and more robust security controls, in the end, you’re the one who has to secure your company’s workloads in the cloud. According to the 2019 Cloud Security Report, the top cloud security challenges are data loss and data privacy, followed by compliance concerns, tied with worries about accidental exposure of […]

The post Penetration Testing for Cloud-Based Apps: A Step-by-Step Guide appeared first on Security Intelligence.

Continue reading Penetration Testing for Cloud-Based Apps: A Step-by-Step Guide

BrazKing Android Malware Upgraded and Targeting Brazilian Banks

Posted on by

Nethanella Messer and James Kilner contributed to the technical editing of this blog. IBM Trusteer researchers continually analyze financial fraud attacks in the online realms. In recent research into mobile banking malware, we delved into the BrazKing malware’s inner workings following a sample found by MalwareHunterTeam. BrazKing is an Android banking Trojan from the overlay […]

The post BrazKing Android Malware Upgraded and Targeting Brazilian Banks appeared first on Security Intelligence.

Continue reading BrazKing Android Malware Upgraded and Targeting Brazilian Banks

When Is an Attack not an Attack? The Story of Red Team Versus Blue Team

Posted on by

Cybersecurity experts fill our days with terminology from warfare, including jargon such as red team versus blue team. The concept of ‘red team’ has its origin in wargaming. The red team plays an opposing force and attempts to bypass the barriers of the defending or blue team.   These exercises are not about winning or […]

The post When Is an Attack not an Attack? The Story of Red Team Versus Blue Team appeared first on Security Intelligence.

Continue reading When Is an Attack not an Attack? The Story of Red Team Versus Blue Team

Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds

Posted on by

IBM X-Force has been tracking the activity of ITG23, a prominent cybercrime gang also known as the TrickBot Gang and Wizard Spider. Researchers are seeing an aggressive expansion of the gang’s malware distribution channels, infecting enterprise users with Trickbot and BazarLoader. This move is leading to more ransomware attacks — particularly ones using the Conti […]

The post Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds appeared first on Security Intelligence.

Continue reading Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds

A Journey in Organizational Resiliency: Governance

Posted on by

From governance comes everything else. It would be reasonable if this journey in organizational resilience started with the governance theme. In fact, many important standards or cybersecurity frameworks begin with policy development. For example:  NIST SP 800-34: The first step in contingency planning is policy development. NIST Cybersecurity Framework: Part of the first step, Identify, […]

The post A Journey in Organizational Resiliency: Governance appeared first on Security Intelligence.

Continue reading A Journey in Organizational Resiliency: Governance

The Real Cost of Ransomware

Posted on by

Ransomware is an expensive cybercrime and getting more so all the time. Payouts have risen massively in the past few years. But while ransomware payment amounts make headlines, the real costs go far beyond what’s paid to the attackers.  How Ransomware Works Now Ransomware has always been a problem. But in recent years, attackers have […]

The post The Real Cost of Ransomware appeared first on Security Intelligence.

Continue reading The Real Cost of Ransomware

What Happens to Victims When a Ransomware Gang Vanishes?

Posted on by

Not long after launching a major supply chain attack in July 2021, the REvil ransomware gang went offline. The group’s infrastructure, including its surface and dark web portals used for ransom negotiations and data leaks, shut down on July 12, according to Bleeping Computer. Russian digital crime forum XSS banned Unknown, a user believed to […]

The post What Happens to Victims When a Ransomware Gang Vanishes? appeared first on Security Intelligence.

Continue reading What Happens to Victims When a Ransomware Gang Vanishes?

A Journey in Organizational Resilience: Crisis Management

Posted on by

So far in this organizational resilience journey, we have focused mainly on the planning phase, or, as some call it, ‘left of the boom’. For a moment, let’s look at a ‘right of the boom’ (post-incident) theme: crisis management (CM), an important component of your cyber resilience planning. A good CM plan will be part of […]

The post A Journey in Organizational Resilience: Crisis Management appeared first on Security Intelligence.

Continue reading A Journey in Organizational Resilience: Crisis Management

Cybersecurity Awareness: The Basics Are the Foundation

Posted on by

  It’s Cybersecurity Awareness Month and the Cybersecurity & Infrastructure Security Agency (CISA) put out their 2021 #BeCyberSmart message kit: Be Cyber Smart Fight the Phish! Explore. Experience. Share. Cybersecurity First.  What do these mean for your business? Let’s start off with the basics. Cybersecurity Awareness Tips: Stop Throwing Good Money After Bad More than […]

The post Cybersecurity Awareness: The Basics Are the Foundation appeared first on Security Intelligence.

Continue reading Cybersecurity Awareness: The Basics Are the Foundation

What Is SASE and How Does it Connect to Zero Trust?

Posted on by

As many workplaces stay in a remote or a hybrid operating model due to COVID-19, businesses and agencies of all sizes and industries face the long-term challenges of keeping data and infrastructure secure. With remote workers, security teams have to secure many more endpoints and a much wider area each day. In response, many groups […]

The post What Is SASE and How Does it Connect to Zero Trust? appeared first on Security Intelligence.

Continue reading What Is SASE and How Does it Connect to Zero Trust?