Security and identity

Previously discovering a method for bypassing even the strictest WDAC policies by backdooring trusted Electron applications, the IBM X-Force Red team continued their research and can now bypass the restriction of executing JavaScript code only.

Discovered in 2023, Rilide is a sophisticated piece of malware that targets Chromium-based browsers to hijack user activity and steal sensitive data. Learn more about the malware and how it operates.

Distributed denial-of-service (DDoS) attacks flood websites and other network resources with malicious traffic, making apps and services unavailable to users.

Identity security is a cybersecurity discipline focused on protecting digital identities and the systems that manage them.

Identity threat detection and response (ITDR) systems are proactive cybersecurity tools that monitor systems and apps to find and fix identity-based threats.

FIDO (Fast Identity Online) authentication is a set of open standards for passwordless authentication for websites, applications and online services.

AI for fraud detection refers to implementing machine learning (ML) algorithms to mitigate fraudulent activities.

As cybersecurity teams thwart more direct hacks, attackers are turning to a quainter style of scam, with some new twists.

A vulnerability assessment is a systematic process used to identify, evaluate and report on security weaknesses across an organization’s digital environment.

An open letter from JP Morgan's Chief Information Security Officer shines a light on the urgent need for organizations to build security into their tools, technologies and process by default.

Kyri Lea and Elizabeth Christensen have developed m-Ray, an automated vulnerability scanner for IBM mainframes running the z/OS operating system.

Two-factor authentication (2FA) verifies a user’s identity by asking for two pieces of proof, such as an online account password and a one-time passcode.

Multifactor authentication (MFA) verifies a user’s identity by requiring at least two forms of proof, such as a password, fingerprint or other biometric data.

Explore how agentic AI introduces new security concerns in this conversation between world-renowned cybersecurity leader Wendi Whitmore and David Levy

The X-Force Red team was able to breach a hardened external perimeter and gain code execution to an on-premises SQL server, resulting in full Active Directory compromise. Learn how they did it, and how to prevent it from happening to you.

IBM X-Force observed Hive0148 spreading the Grandoreiro banking trojan to users in Mexico and Costa Rica. Learn more about this phishing and Malware-as-a-Service campaign.

Enterprise mobility management (EMM) tools and services help organizations secure and manage mobile devices, apps and data.

A brute force attack uses trial-and-error to crack passwords or encryption keys and gain unauthorized access.

The IBM X-Force Red team covers the fundamentals of COM and DCOM, dives into the RunAs setting and why authentication coercions are impactful and introduces a new credential harvesting tool - RemoteMonologue.

Most of us think of cybersecurity as a purely digital affair, but cyberattacks can actually begin right here in the physical world.

Digital credentials are a secure way to verify an identity without paper credentials. Examples include digital badges and digital certificates.

Social engineering will always be a problem, but we can all do our part to make scammers' jobs harder.

Microsoft offers a bug bounty for qualifying bypasses into Windows Defender Application Control. Learn how IBM's X-Force team found a bypass using Loki C2.

Privilege escalation is a cyberattack technique in which a threat actor alters or elevates their permissions in a target system.

Biometric authentication uses physical features—like facial features, iris scans or fingerprints—to verify peoples' identities.

Threat intelligence is detailed, actionable threat information for preventing and fighting cyberthreats targeting an organization.

Customer identity and access management (CIAM) manages the digital identities of customers and other external end users.

The Common Vulnerability Scoring System (CVSS) is a widely used framework for classifying and rating software vulnerabilities.

Due to modern defensive solutions, targeted and large-scale enumeration of Active Directory (AD) environments has become increasingly detected. Learn more on that and a new tool to help fight it.

A digital identity is a profile tied to a specific user, machine or other entity in an IT ecosystem. Digital IDs help track activity and stop cyberattacks.