Created with Sketch.
7 minutes | May 8, 2016
The InfoSecond, Week of May 9: Massive Email Hack, Browser Wars and More
We’re making cybersecurity news great again with this week’s edition of the InfoSecond. In this episode, we delve into the massive global email hack that may impact hundreds of millions of users, highlight ways organizations can make sure they’re getting the most out of pen tests, investigate a new malware that is using Windows ‘God Mode’ against users and explore a change at the top of the desktop browser market. In Case You Missed It Massive Global Email Hack: Security news over the past few days has largely centered on a massive email hack impacting hundreds of millions of people around the world. A database containing the email addresses and passwords of over 272 million Gmail, Yahoo, Hotmail, and Mail.ru users was being offered on the Dark Web for less than $1. While a security firm did ultimately manage to acquire the database, this incident serves as an important reminder to use complex passwords and to change them from time to time. How to Make the Most of Your Pen Test: If your organization wants to get more out of penetration tests, it’s important to focus not only on the results of the test itself, but also to carefully observe and learn from the process as it unfolds. A thorough debrief involving your team, incident responders and decision makers will help you reduce your time to insight, accelerate learning, and increase experience. Malware Exploiting Windows ‘God Mode’: A devious new malware has discovered a way to exploit Windows God Mode in order to gain access and control over an infected user’s computer. While this malware is difficult to delete, there are a few steps that can be taken to remove the exploit from the infected device. Chrome Dethrones Explorer: After many years as the king of desktop browsers, Internet Explorer has finally been usurped by Google Chrome, whose 4
3 minutes | May 1, 2016
The InfoSecond, Week of May 2: JIGSAW Ransomware, GozNym Malware and More!
Hello internet, let’s play a little game… In this week’s episode of the InfoSecond we’ll learn about a new form of crypto-ransomware that’s using an iconic horror villain to scare users into playing (and paying). In equally terrifying news, we’ll examine how the newly discovered GozNym banking malware is spreading across Europe and leaving financial havoc in its wake. Finally, we’ll share a useful approach to help decision makers make better choices regarding high stakes cyber risks and will discover why it’s getting increasingly difficult to determine if your mobile apps have been hacked. In Case You Missed It JIGSAW Ransomware Scaring Up Payments: A new, particularly scary form of crypto-ransomware has been making its presence felt across the web – and it’s using an iconic horror villain to scare users into playing their game. Make your choice: act quickly or lose all of your files. GozNym Goes Global: Early in April IBM X-Force discovered the GozNym banking malware aggressively attacking 24 banks in North America. Now, it’s gotten even worse, as dangerous new configurations are spreading internationally. Currently 17 Polish banks and one in Portugal are being targeted by GozNym. How to Improve Cyber Risk Decisions: Decision makers from the boardroom to the C-Suite must ensure they’re doing everything they can to make informed decisions when it comes to the high stakes associated with cyber risks. Fortunately, we’ve got a useful approach to help them review their options and narrow their choices to help make the best decision possible. Would You Know If You’re Being Hacked? Cybercriminals are actively
3 minutes | Apr 24, 2016
The InfoSecond, Week of April 25: Winter is Coming for QuickTime, Top Phishing Schemes and More!
Winter has come – and now it’s gone, as springtime has finally begun to arrive across the land (not including Westeros, that is). While you wait the final moments until the new ‘Game of Thrones’ season premiere, or perhaps wait for G.R.R.M. to finish ‘The Winds of Winter’ (how ever many more springs that may be!), there’s thankfully no need to wait any longer for the latest in cybersecurity news. Alas, a brand new InfoSecond is here! In this week’s GoT-themed episode, discover how and why bankers have become organized cybercrime’s new key target, learn the spring cleaning tips that CISOs should conduct, discover why Windows users are being urged to uninstall QuickTime immediately, and find out what the three most convincing phishing attacks of 2016 are revolving around In Case You Missed It Organized Cybercrime Places a Bull’s-eye on Bankers: If you work at a bank or are part of your organization’s financial team, cybercriminals are coming for you just as surely as the White Walkers are coming for Castle Black. Armed with advanced persistent threats (APTs) schemes rather than ice blades and an army of wights, these skilled fraudsters are capable of infiltrating corporate systems and wreaking serious havoc. To make sure you aren’t the one to let such an attack into your network, learn about the ins and outs of APTs in our complimentary on-demand webinar. Your CISO Guide to Spring Cleaning: Spring has sprung and now is the time for CISOs to do some spring cleaning inside their security environments. The most important activities include knowing your architecture, gathering your ‘cleaning’ supplies and tossing out the junk to ensure that your organization is battle-ready and secured against any threats – wildling, White Walker or otherwise – looming beyond the Wall. Uninstall QuickTime for Windows Today: Now that Apple has stopped supporti
7 minutes | Apr 10, 2016
InfoSecond, Week of Mar. 28th: Improving Your Security Posture, Malvertising & More!
Another week, another InfoSecond! In this edition we explore the motivations behind cyberattacks, discover how intrepid security professionals are using collaboration platforms to outthink cybercriminals, investigate the possibility of a silver lining associated with a ransomware infection, and reveal the proper steps organizations should take to enable secure content collaboration for today’s mobile workforce. In Case You Missed It What Motivates a Cyberattacker? With cybercrime expected to cost the global economy over $2.1 trillion (yep, that’s trillion with a T) by 2019, criminals unquestionably want their share of the pie. Even though the profits associated with cyberattacks can be tempting, it’s not always about the money for cybercriminals – and it’s vital that security professionals understand what else motivates attackers. Predicting Trends in Cybercrime: For decades, cybercriminals have driven the security agenda, engaging security professionals in a vicious innovation cycle to stop impending threats. Now, researchers and analysts are taking a page from the attackers’ playbook and collaborating with information sharing on threat, vulnerabilities and more to help develop proactive defenses that’ll give industries early warnings to threats – and they’re doing it with two key exchange platforms. Ransomware’s Silver Lining? Ransomware is an ever-evolving threat to consumers and businesses alike, having cost more than $18 million in damage last year and expected to cost even more in 2016. Although a ransomware attack is costly and undeniably stressful, is it possible that there is a silver lining to such an infection in the enterprise? It turns out, yes. Securing Mobile Content and Collaboration: If an organization could effectively secure all its data and content, it would have nothing to worry about when it comes to securing mobile content and collaboration. While there is no silver bullet for this mobility conundrum, there is a right approach to solving this challenge. Forrester Analyst Tyler Shields shares his important in
7 minutes | Apr 3, 2016
The Infosecond: Forrester Analyst Interview pt.1, Botnets, Water Treatment Plant Breached, & More!
♫♫ Yeah, you know we got baaaaaad bots ♫♫ … in this week’s InfoSecond! In our latest entry, learn why botnets are the go-to weapon for cybercriminals and how this will change in the future, discover the 10 major security priorities your organization should focus on this spring and summer, find out how a water treatment plant was breached without notice, and understand what you can do to battle back against bad bots. In Case You Missed It Botnets – Go-To Weapon for Cybercriminals: For more than 20 years botnets have wreaked havoc on the Internet, stealing personal information, online banking credentials, confidential documents, trade secrets, intellectual property and much more. To help you understand these dangerous go-to weapons for cybercriminals, IBM has compiled a new research report. Take a deep dive into the most common protocols, uses and trends in the world of botnets. Top 10 Security Priorities For Spring and Summer 2016: Not everyone can attend (or even keep track of) all the latest security conferences and events. Even so, there’s no excuse for organizations not to follow these 10 security priorities that Kevin Beaver gleaned from the first few conferences of the year. These priorities fall into three primary areas: understanding your data, understanding technology, and focusing on the people involved. Water Treatment Plant Breached: When an organization becomes too complacent and reliant on outdated systems, it can be an invitation for trouble. That’s precisely what happened when hacktivists targeted a water treatment plant and gained access to water usage, personally identifiable information (PII) for 2.5 million customers, payment data and much more. Oh, and they did all this without being noticed.
3 minutes | Mar 27, 2016
The InfoSecond, Week of March 28: Malvertising, Improving Your Security Posture and More!
This week’s InfoSecond promises to be just as exciting as that movie with two legendary superheroes battling it out. Maybe. In this edition, take a trip to an emerging international target for banking malware, get tips on how to improve your security posture in just five steps, discover the large scale malvertising campaign targeting top-tier sites, and meet the newly discovered Samas malware. In Case You Missed It Singapore: An Emerging Target for Banking Cyberattacks: Targeted malware has impacted banks and financial institutions in many countries across the globe, and we can now add Singapore to this evergrowing list. Find out what strains of malware are targeting Singapore’s banks, the steps these banks should take to improve security, and why threat intelligence sharing platforms could play a key role in fighting back against advanced threats. How to Correct Your Security Posture: Bad habits lead to bad results. If you’ve spent years hunched over a computer, you’ll likely end up with bad posture. The same is true for organizations that spend years practicing poor security. Fortunately, there are five areas your organization should focus on to help relieve the aches and pains of bad security posture. Massive New Malvertising Scheme Reels in Mainstream Sites: Risky clicks from unsolicited emails or shady websites can expose you to a plethora of potential dangers, including malware. Top-tier sites have generally managed to avoid those issues… until now. A newly discovered massive malvertising campaign has potentially affected tens of thousands of browsers. Pen Testing Tools Used as Ransomware Delivery Device: Is the pen mightier than the sword? According to a newly discovered malware, it
3 minutes | Mar 20, 2016
The InfoSecond, Week of March 21: X-Force Report, Thingbots and More!
Bracket busted? Don’t worry, we’ve got a brand new episode of The InfoSecond to take your mind off of your team’s crushing loss. In this week’s edition, we’re delving into the latest IBM X-Force Report around the current state of affairs in cybersecurity, revealing the next evolution in malware aimed at disrupting the Internet of Things, exploring why medical data is so difficult to protect and how to secure it, and providing you with some security tips from the IRS to help protect you and your identity this tax season. In Case You Missed It The 2016 IBM X-Force Report: The newly released 2016 IBM X-Force Report has revealed that cybercrime had quite an epic year in 2015. With breaches impacting organizations in countries across the globe, organized crime groups becoming more prominent, higher value records (like Health related PII) increasingly targeted and mobile malware making a quantum leap forward, cybercrime truly did have an epic year – in a bad way. The Rise of Thingbots: While we fawn over newly designed connected devices that are helping make our lives more efficient and simple, a danger does lurk in the shadows within the Internet of Things in the form of Thingbots, the next evolution of malware. Sure the name doesn’t conjure up much fear, but it should, as these botnets of connected devices can wreak havoc on individuals and organizations. Read in-depth and learn how to ensure your devices don’t join the fracas. Challenges Around Protecting Medical Data: Our most sensitive personally identifiable information (PII) can be found in medical records, and with it passing through so many hands, an inadvertent error could lead to serious ramifications for individuals and the organization. Fortunately, breaches are avoidable, and you can learn how to avoid them through stringent access policies and assessments, compliance training, strong authentication and monitoring technologies l
5 minutes | Mar 13, 2016
The Infosecond: IBM X-Force Report and Security Services Customer Insight
Hello and welcome to another episode of the Infosecond. This week we’re playing some catch up with all of the great things that came out of the two conferences. First thing on the docket is the IBM X-Force report where we have an exclusive interview with Pam Cobb, Portfolio Marketing for IBM X-Force. You can find the report at ibm.com/security/xforce We follow that up with some customer insight on the security services front. Please be sure to tweet us @ibmsecurity with the hashtag #infosecond and share anything you’d like! Thank you and see you next week!
0 minutes | Mar 7, 2016
The Infosecond: RSA Conference, Resilient Systems, Carbon Black, and IBM X-Force
We had a great week in San Francisco attending the RSA Security conference. IBM Security announced the intent to acquire Resilient Systems, a leader in incident response, an expanded partnership with Carbon Black, and new IBM X-Force incident response services. We had exclusive interviews with the co-founder of Resilient Systems, and Ian Lee of Carbon black on end point security. Check out securityintelligence.com for more information. Tweet us @ibmsecurity with the #infosecond to discuss anything you’ve heard in the following episode!
2 minutes | Feb 29, 2016
The InfoSecond, Week of Feb. 29: How Much Cybercriminals Make, Lockdroid and More!
Whether you’re a student, an Android user or even a florist, this week’s InfoSecondshows that anyone can be a target for cybercrime. In this edition, we uncover how much money cybercriminals make, identify the reasons that colleges and universities are prime targets for data breaches, reveal why florists got unexpected — and unwanted — deliveries this Valentine’s Day and tell you why Android users can breathe a huge sigh of relief! In Case You Missed It Cybercrime Doesn’t Pay: Have you ever wondered just how much money cybercriminals make from their nefarious practice? According to a new survey of more than 300 threat experts, it’s actually less than what you might expect — with reported yearly earnings of around 25 percent of the yearly wages of IT security practitioners. Another College Hacked: Universities house troves of personally identifiable information (PII) on students and faculty alike, and that’s precisely why cybercriminals are increasingly targeting them. Will the recently revealed data breach at the University of Virginia be a wake-up call for other colleges and universities across the world to increase their security? Or will more students and faculty find themselves at risk because of insufficient cybersecurity? Unwanted Cyber Deliveries on Valentine’s Day: It wasn’t all love this Valentine’s Day as florists across the country saw an increase in DDoS attacks designed to extort money from them. While cybercriminals often target businesses around major events and holidays, an attack could happen anytime, and businesses must be prepared with the right security solutions year-round. Lockdroid Android Foiled: When the Lockdroid Android ransomw
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2022