Tag: Penetration Testing

X-Force Red believes vulnerabilities should be ranked based on the importance of the exposed asset and whether the vulnerability is being weaponized by criminals, not necessarily its CVSS score.

While many CISOs are tempted to invest in as many new technologies as they can find to fight emerging threats, less is more when it comes to minimizing cybersecurity complexity.

By completing the phases of the system development life cycle (SDLC), security teams can integrate processes and technologies into the development process and improve application security.

Researchers discovered a link between four malware families — Ursnif, Emotet, Dridex and BitPaymer — that suggests threat actors may be combining efforts to develop more sophisticated attack vectors.

Microsoft Windows Defender Research discovered an attack campaign that utilized spear phishing emails impersonating U.S. Department of State employees to gain remote access to victims' machines.

An effective security program does more than merely take on the appearance of cyber resilience. Learn how to look behind the curtain of your enterprise security.

These five retail cybersecurity tips will help organizations mitigate cyberattacks and provide customers with the safest shopping experience during the holiday season.

The IBM X-Force Red team recently ran into trouble on a black-box penetration testing assignment. Here's how the testers overcame the obstacles to ultimately establish a solid adversarial operation.

A cloud adoption report found that companies that deploy infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS) have an average of 14 misconfigured instances running at a given time.

Security researchers reported that a new bot called DemonBot is targeting Hadoop clusters to execute distributed denial-of-service (DDoS) attacks.