39 Posts

Michelle Alvarez

Threat Researcher and Editor, IBM Managed Security Services

Michelle Alvarez is a Threat Researcher and Editor for IBM's Managed Security Services; she brings more than 10 years of industry experience to her role. In this role she focuses communications efforts around threat research and mitigation. Michelle joined IBM through the Internet Security Services (ISS) acquisition, where she served as an Analyst on the X-Force Vulnerability Database Team.

Written By Michelle Alvarez

Consequences of IoT and Telnet: Foresight Is Better Than Hindsight

Cybercriminals have learned how to exploit the IoT and Telnet servers to commit record-shattering DDoS attacks against major websites.

Researchers Detect Second Wave of Shellshock Attacks Since Two-Year Anniversary

Researchers detected an increase in Shellshock attacks — the second wave of activity since the malware celebrated its two-year anniversary in September.

Shellshock Anniversary: Major Security Flaw Still Going Strong

As if to celebrate its two-year anniversary, Shellshock, one of the most infamous bugs of 2014, ramped up its activity in September.

VBA Macro Malware Jumping on the Ransomware Bandwagon

IBM observed a spike in malware activity that uses Visual Basic for Applications (VBA) macros to deliver malicious attachments.

Keeping the Lights On: Security Trends in the Energy and Utilities Industry

The energy and utilities industry is built on a highly regulated framework — but that doesn't mean it's immune to the threat of a cyberattack.

Government Data Woes: 2016 Compromised Records Surpass Total for Last Three Years Combined

Government entities in the U.S. and abroad have been targeted by malware infections, phishing schemes, SQL injection attacks and more.

Planes, Trains and Automobiles (and More): No Shortage of Attack Targets in Transportation

The transportation industry is a large target for cybercriminals, and the only way to avoid damaging attacks is to be proactive about security.

Fool Me Once, Shame on You — Fool Me Eight Times, Shame on My Security Posture?

Organizations with weak security posture are an attractive target for cybercriminals, and they may find themselves coming under fire frequently.

Hacktivism: Fearmongering or Real Threat?

Organizations must be prepared for possible hacktivism campaigns by arming themselves with the best defensive tools and security strategies.

Insider Attacks May Be Closer Than They Appear

Security policies and employee education are just two of the many ways that organizations can mitigate the threat of insider attacks.

Co-Written By Michelle Alvarez

Apache Struts 2: A Zero-Day Quick Draw

It took fraudsters less than 24 hours after the disclosure of a previously unknown Apache Struts 2 vulnerability to develop a Python script to exploit it.

Mirai IoT Botnet: Mining for Bitcoins?

Just in time for IoT Day, the Mirai botnet is launching attacks with a new trick up its sleeve: a built-in bitcoin mining component.