Common threats like adware and spyware have a new tricky classmate called “cryptojacking”. Cryptojacking secretly uses your system or laptop or mobile device to mine cryptocurrency when you visit an infected site. Malicious miners aren’t new in themselves, but cryptojacking has exploded in popularity over the past few weeks, because it offers a clever twist. [...]
The past year has shown how real the implications of attack breaches are for business viability, for the job prospects of top brass in charge when lapses occur, and even for the personal finances of CEOs when the fecal matter hits the fan. Uber's massive data breach of 57 million accounts and its $100,000 effort [...]
Attackers have an over-growing list of vulnerabilities to exploit in order to maliciously gain access to your web applications, networks and servers. Whether you’re a novice WordPress user or a sophisticated hosting service, if truly determined then an attacker will find any vulnerability you’ve failed to patch and use it to their advantage. New vulnerabilities [...]
IBM says it has just such an offering in IBM Cloud Private, a platform focused on assisting private data centers looking for a relatively simple way to move into the cloud. The idea is to offer a consistent way of managing your application stack, regardless of where they reside. IBM Cloud Private takes middleware and [...]
In a world where seconds matter, the right endpoint solution can be the difference between a successful patch management strategy and one that leaves your organization at risk. Hackers are racing to exploit vulnerable computer systems before software vendors publish patches and you can apply them. When hackers win the race, you lose productivity and [...]
Security staff put a lot of emphasis on advanced persistent threats, or APTs, and rightly so. They are extremely difficult to defend against if a hacker is specifically targeting an organization. But with everyone's focus on APTs, we may be missing a different type of attack vector: advanced persistent infrastructure. The evolution of the Apache [...]
A new nonprofit has launched a free Domain Name System (DNS) service that filters malicious domains linked to botnets, phishing campaigns, and other malicious activity. The new Quad9 DNS service built by IBM Security, Packet Clearing House, and the Global Cyber Alliance, is aimed at consumers and small- to midsized businesses, and doesn't share or [...]
The majority of organizations don't apply metrics to their cybersecurity efforts, and those that do often measure the wrong things. Here’s how to ensure your cybersecurity projects pay off. And even when organizations' information security function does generate and deliver data about the business' security, it typically never gets read. To help security departments align [...]
As the perimeter defenses of an infrastructure continue to fall away, where should security in a cloud environment reside? The cloud delivers distributed infrastructure — compute, storage, and network resources are here to stay with nothing more than an API call. For the new perimeter, the best solution is properly implemented encryption. Encryption allows IT [...]
In the financial services industry, people are used to the three lines of defense for the majority of the risk functions. Generally the first line of defense for management of risk is the business, the second line of defense is a control function, and the third line of defense is internal audit. Increasingly firms are [...]