Penetration Testing - Security Intelligence

Pedestrians walking across a city street at a crosswalk: risk assessment

article

From the Streets to the SOC: 3 Risk Assessment Potholes to Avoid in the Enterprise

While risk assessment is a regular topic of conversation today, when it comes to practicing good risk estimations and decisions in our daily lives, humans have some serious shortcomings.

June 12, 2019 | By Christophe Veltsos

article

Woman affected by a Windows 10 zero-day vulnerability.

news

Windows 10 Zero-Day Lets Threat Actors Bypass Patch and Escalate Role to Admin Level

Threat actors could use a recently discovered Windows 10 zero-day flaw to take over a computer and bypass local privilege escalation.

June 11, 2019 | By Shane Schick

news

Woman researching Sodinokibi attacks: ransomware

news

Sodinokibi Ransomware Fixes Scaling Issues, Targets Large Enterprises

Recent variants of Sodinokibi accounted for scaling issues as the ransomware family steadily moves to target large enterprises.

May 28, 2019 | By David Bisson

news

A new employee takes a selfie in the office: interns

article

Interns and Social Media: A Goldmine for Hackers

A social media post from one of a company's interns was all this people hacker needed to enter a secure area with a counterfeit employee badge.

May 28, 2019 | By Stephanie Carruthers

article

The Decline of Hacktivism: Attacks Drop 95 Percent Since 2015

Despite the rise in vulnerability reporting, cryptojacking attacks and attacks on critical infrastructure, one threat trend has been on the decline.

May 16, 2019 | By Camille Singleton

article

news

Updated Version of KPOT Stealer Available for Purchase on Underground Hacking Forums

Researchers observed cybercriminals selling an updated version of the KPOT stealer on some underground hacking forums.

May 14, 2019 | By David Bisson

news

A team of penetration testing specialists.

article

Penetration Testing Versus Red Teaming: Clearing the Confusion

There is some confusion in cybersecurity as to the difference between penetration testing and red teaming. Since all businesses have vastly different security needs, the distinction is critical.

May 1, 2019 | By Chris Thompson

article

Woman using a tablet connected to her laptop: emotet

news

Latest Emotet Variant Wielding Connected Devices as First-Layer C&C Servers

A new variant of the Emotet banking malware is using compromised connected devices as first-layer command-and-control (C&C) servers.

April 29, 2019 | By David Bisson

news

IT engineer testing industrial control systems.

article

Industrial Control Systems Security: To Test or Not to Test?

According to X-Force Red data, the number of vulnerabilities exposing industrial control systems has increased 83 percent since 2011. Should organizations test them and risk destabilizing operations?

April 25, 2019 | By Simone Riccetti

article

Professor working in a classroom targeted by a spear phishing attack

news

Spear Phishing Report Card: Perfect Scores in School Security Pen Testing

According to a new U.K.-based study, 100 percent of test spear phishing attacks gained access to sensitive university data in less than two hours.

April 17, 2019 | By Douglas Bonderud

news

Fraudsters Abuse Smartphone Google Calendar Feature to Push Through Scam Offers

Latest Mirai Malware Variant Contains 18 Exploits, Focuses on Embedded IoT Devices

Extortion Scam Threatens Website Owners With Reputational Damage

Attack Campaign Exploits CVE-2019-2725, Abuses Certificate Files to Deliver Monero Miner

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

IoMT Security: A Comprehensive Approach to Mitigate Risk and Secure Connected Devices

High Stakes, Rising Risks: The Ripple Effects of Cybersecurity in the Healthcare Sector

Industrial Control Systems Security: To Test or Not to Test?

Observations of ITG07 Cyber Operations

Getting Quantum Ready and What This Means for Cryptography

HawkEye Malware Operators Renew Attacks on Business Users

GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation

Podcast: Lateral Movement: Combating High-Risk, Low-Noise Threats

Podcast: Travel Security: Why Data Safety Doesn’t Get a Day Off

Podcast: Lessons from a Gray Beard: Transitioning From the Military to Cybersecurity

Podcast: Foundations for a Winning Operational Technology (OT) Security Strategy

Webinar: Under the Radar: IBM QRadar Demo Series

Webinar: Appliance Networking Topics

Webinar: zSecure Real Time Feeds: Alert vs. Audit

Webinar: zSecure Real Time Feeds: Alert vs. Audit

Tag: Penetration Testing

From the Streets to the SOC: 3 Risk Assessment Potholes to Avoid in the Enterprise

Windows 10 Zero-Day Lets Threat Actors Bypass Patch and Escalate Role to Admin Level

Sodinokibi Ransomware Fixes Scaling Issues, Targets Large Enterprises

Interns and Social Media: A Goldmine for Hackers

The Decline of Hacktivism: Attacks Drop 95 Percent Since 2015

Updated Version of KPOT Stealer Available for Purchase on Underground Hacking Forums

Penetration Testing Versus Red Teaming: Clearing the Confusion

Latest Emotet Variant Wielding Connected Devices as First-Layer C&C Servers

Industrial Control Systems Security: To Test or Not to Test?

Spear Phishing Report Card: Perfect Scores in School Security Pen Testing