CISO March 18, 2019 The Biggest Stories From RSAC 2019: What Scares the Cybersecurity Experts? 4 min read - When the perspectives of CISOs and experts at RSAC 2019 are viewed as a continuum, you can begin to see a story emerging about the state of cybersecurity in 2019.
Threat Intelligence March 12, 2019 Spectre, Meltdown and More: What You Need to Know About Hardware Vulnerabilities 5 min read - According to IBM X-Force IRIS research, threat actors will continue to search for ways to leverage Spectre, Meltdown and other hardware vulnerabilities to steal data in the coming years.
Application Security March 5, 2019 Blockchain: Making the Reward Much Greater Than the Risk 5 min read - The decentralized nature of blockchain, coupled with consensus protocols, helps to address some security needs, but the consequences can be dire if security isn't fully explored.
Software Vulnerabilities March 4, 2019 Stranger Danger: X-Force Red Finds 19 Vulnerabilities in Visitor Management Systems 4 min read - Two X-Force Red interns discovered 19 previously undisclosed vulnerabilities across five popular visitor management systems that could enable attackers to establish a foothold on corporate networks.
CISO February 27, 2019 Recapping IBM Think 2019 and HIMSS19: The Shared Landscape of Global Security 4 min read - We're only a few months into the year, but HIMSS19 and Think 2019 have already helped shape this year's focus on enterprise transformation, innovation and global cybersecurity.
Threat Intelligence February 26, 2019 Cryptojacking Rises 450 Percent as Cybercriminals Pivot From Ransomware to Stealthier Attacks 5 min read - IBM X-Force saw a decline in ransomware in 2018 as cybercriminals shifted tactics to cryptojacking and attacks that don’t leverage malware.
Software Vulnerabilities February 20, 2019 Calling Into Question the CVSS 6 min read - X-Force Red believes vulnerabilities should be ranked based on the importance of the exposed asset and whether the vulnerability is being weaponized by criminals, not necessarily its CVSS score.
Malware February 6, 2019 IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites 8 min read - The X-Force research team investigated the IcedID Trojan's two-step injection attack that enables it to steal access credentials and payment card data from e-commerce customers in North America.
January 15, 2019 New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks 2 min read - A new reverse proxy tool called Modlishka can easily automate phishing attacks and bypass two-factor authentication (2FA) — and it's available for download on GitHub.
Banking & Finance January 10, 2019 How the Financial Services Industry Is Preparing to Avoid and Respond to Systemic Cyberattacks 4 min read - Financial services industry leaders visited the IBM X-Force Command Cyber Range for a war game exercise designed to battle-test their response to a systemic cyberattack.