Strela Stealer: Today's invoice is tomorrow's phish
1 2
IBM X-Force has been tracking ongoing Hive0145 campaigns delivering Strela Stealer malware for over a year. Learn more about the malware, the techniques for spreading it, and how to protect against it.
#cti #ioc #strela #infosec #hive0145 #phishing #infostealer #threatintel #cybersecurity #strelastealer
on Wed, 10AM
Why safeguarding sensitive data is so crucial
0 1
A data breach at virtual medical provider Confidant Health revealed detailed and sensitive patient information, showcasing the importance of data security.
on Sat, 1AM
Skills shortage directly tied to financial loss in data breaches
0 0
According to IBM's recent report, more than half of breached organizations now face severe security staffing shortages — and are paying the price.
on Nov 7
Quishing: A growing threat hiding in plain sight
0 0
In a rising trend called "quishing", scammers are using QR codes to direct users to malicious websites and carry out phishing attacks.
on Nov 7
Skills shortage directly tied to financial loss in data breaches
0 0
According to IBM's recent report, more than half of breached organizations now face severe security staffing shortages — and are paying the price.
on Nov 6
What's behind unchecked CVE proliferation, and what to do about it
0 1
As Common Vulnerabilities and Exposures continue to rise, organizations must adopt continuous, risk-based vulnerability management strategies to stay safe.
on Nov 2
AI hallucinations can pose a risk to your cybersecurity
0 1
As businesses and customers turn to AI for automation and decision-making, it becomes even more crucial to reduce the impact of AI hallucinations.
on Oct 23
Cybersecurity Awareness Month: Horror stories
0 0
In honor of Cybersecurity Awareness Month and everyone's favorite scary holiday this October, here are our top cybersecurity horror stories to keep you up at night.
on Oct 19
Is AI saving jobs… or taking them?
0 0
Is artificial intelligence coming to take your cybersecurity job, or save it? Like most things AI-related, the answer is complicated.
on Oct 8
Trends: Hardware gets AI updates in 2024
0 0
As AI usage continues to evolve, PC makers have found an opportunity to improve end-user devices by offering AI-specific hardware.
on Oct 3
How I got started: AI security executive
0 0
In this interview with Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, we explore the AI security executive career path.
on Oct 3
Spooky action: Phantom domains create hijackable hyperlinks
0 0
So-called "phantom domains" make it possible for malicious actors to hijack hyperlinks and exploit users' trust in familiar websites.
on Oct 2
FYSA - Critical RCE Flaw in GNU-Linux Systems - Security Intelligence
0 0
A severe, unauthenticated remote code execution (RCE) flaw has been discovered in GNU Linux systems. The vulnerability, rated CVSS 9.9, affects multiple Linux distributions and has the potential to be exploited by threat actors to gain unauthorized access to sensitive systems.
on Sep 27
SANS Institute: Top 5 dangerous cyberattack techniques in 2024
0 0
The SANS Institute, a leading authority in cybersecurity research, released its annual Top Attacks and Threats Report. Here's what you should know.
on Sep 25
The rising threat of cyberattacks in the restaurant industry
0 0
As restaurant businesses big and small face a rising number of cyberattacks, how can the industry avoid costly data breaches and outages?
on Sep 16
Warren Buffett's warning highlights growing risk of cyber insurance losses
0 0
For enterprises to find effective coverage and cyber insurers to reduce the risk of spiraling costs, both sides need to do their due diligence.
on Sep 12
ChatGPT 4 can exploit 87% of one-day vulnerabilities: Really that impressive?
0 0
Some research suggests the catastrophic cybersecurity risks that large language models could pose. But are they really that dangerous?
on Sep 11
How cyber criminals are compromising AI software supply chains
0 0
With the adoption of AI soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.
on Sep 10
New report shows ongoing gender pay gap in cybersecurity
0 0
The cybersecurity gender gap has gone on for decades. A recent study explores those ongoing effects, as well as how to work on closing the gap.
on Sep 9
National Public Data breach publishes private data of 2.9B U.S. citizens
0 1
A data breach from the background check business National Public Data may be one of the largest data breaches of all time.
on Sep 2
How Paris Olympic authorities battled cyberattacks, and won gold
0 1
Before and during the 2024 Paris Olympics, authorities faced cybersecurity threats from a wide number of vectors. Here's how their defenses held up.
on Aug 23
0 0
Vectored Exception Handlers (VEH) have been used in malware for over a decade, but now they're gaining attention from the offensive security industry. Let's take a closer look.
on Aug 23
CISOs list human error as their top cybersecurity risk
0 1
Three in four CISOs label human error as their top cybersecurity risk. How can organizations manage this internal attack vector?
on Aug 16
Digital solidarity vs. digital sovereignty: Which side are you on?
0 1
When it comes to cyber diplomacy, finding the balance between protection and cooperation is key—and each side offers distinct benefits and drawbacks.
on Aug 10
Crisis communication: What not to do
0 1
In the midst of a stressful cybersecurity breach, the way your company handles its crisis communication can make an enormous difference in your recovery.
on Aug 10
How CIRCIA is changing crisis communication
0 0
CIRCIA arose in response to high-profile cyberattacks on critical infrastructure, and organizations must get their crisis plans in order.
on Aug 9
Cost of a data breach: The healthcare industry
0 0
The healthcare industry grapples with unique cybersecurity challenges that make securing critical patient data more complicated.
on Aug 8
PR vs cybersecurity teams: Handling disagreements in a crisis
0 1
Splitting duties between your PR and cybersecurity teams is usually a good approach — until your organization is in the middle of a cyber crisis.
on Aug 1
Unveiling the latest banking trojan threats in LATAM
0 0
The Latin American region has seen its fair share of malicious cyber campaigns over the years. Let's take a look at the latest banking trojan threats in the region.
on Aug 1
Racing round and round: The little bug that could
0 0
Get the straightforward approach to bug hunting — from an IBM X-Force Red expert.
on Jul 30
White House mandates stricter cybersecurity for R&D institutions
0 0
A recent memo from the Office of Science and Technology Policy heralds big changes in cybersecurity policy impacting research and development.
on Jul 25
CISA director says banning ransomware payments is off the table
0 0
Should paying a ransom after a cyberattack be illegal? CISA Director Jen Easterly says such a ban would not likely be possible.
on Jul 21
Cybersecurity crisis communication: What to do
0 0
Amid a cyberattack, your team's crisis communication skills are paramount. Do you have a plan in place to weather the storm?
on Jul 17
A decade of global cyberattacks, and where they left us
0 0
The past ten years have seen monumental shifts in the cyberattack landscape. Here are some of the largest trends and their lasting implications.
on Jul 15
ChatGPT 4 can exploit 87% of one-day vulnerabilities
0 0
A team of researchers has found that ChatGPT 4 is highly effective at exploiting one-day vulnerabilities from the CVE database.
on Jul 2
New ransomware over browser threat targets uploaded files
0 0
An insidious new ransomware threat embeds malware into a web browser, infecting computers through file uploads. Here's how to stay safe.
on Jun 26
How generative AI is expanding the insider threat attack surface
0 0
As businesses increasingly adopt generative AI technology into their daily workflows, the importance of defending against insider threats is paramount.
on Jun 25
Important details about CIRCIA ransomware reporting
0 0
CIRCIA and its newly published Notice of Proposed Rulemaking will have many implications for how organizations must report ransomware attacks.
on Jun 5
Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about
0 0
Dive into the top takeaways from the RSA Conference 2024 (RSAC).
on May 19
Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns
0 0
Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan.
on May 18
Researchers develop malicious AI ‘worm’ targeting generative AI systems
0 0
Researchers created a never-before-seen "Morris II" worm, which spreads through popular AI services, infecting new systems and stealing data.
on Apr 30
CISA releases landmark cyber incident reporting proposal
0 0
CISA has released a draft of landmark regulation to determine how organizations must report cyber incidents to the government. Here's what you need to know.
on Apr 15
Ransomware payouts hit all-time high, but that’s not the whole story
0 0
While ransomware payments hit an all-time high of $1.1 billion last year, many cyber criminal groups are struggling with recruitment.
on Apr 11
Hive0051 Goes All In With A Triple Threat
0 0
IBM X-Force has been closely monitoring Hive0051, and now they are tracking the latest waves of attacks. Learn more.
on Apr 10
How will the Merck settlement affect the insurance industry?
0 0
In June of 2017, the NotPetya incident hit 40,000 Merck computers, costing $1.7 billion in damages. It also changed the cyber insurance industry forever.
on Apr 2
0 0
Dive into the analysis and exploitation of a vulnerability in the Windows Ancillary Function Driver for Winsock for Local Privilege Escalation on Windows 11. More from X-Force Red experts.
on Mar 22
How AI can be hacked with prompt injection: NIST report
0 0
NIST closely observes the AI lifecycle for good reason. As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities.
on Mar 19
CISA hit by hackers, key systems taken offline
0 1
The organization protecting all levels of the U.S. government against cyberattacks has been hacked. Here's what you need to know.
on Mar 19
Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns
0 0
X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents covering several topics. Learn more about this continuing threat.
on Mar 18
New Fakext malware targets Latin American banks
0 0
Here's what cyber professionals need to know about the Fakext malware campaign and the different attacks the extension performs.
on Mar 7