You've requested...

IBM X-Force Threat Intelligence: Quartalsbericht 3. Quartal 2014

If a new window did not open, click here to view this asset.

Download this next:

How Do Vulnerabilities Get into Software?

According to the Department of Homeland Security, 90% of security incidents result from exploits against defects in software. While it’s important to focus on external threats, it’s equally critical to ensure the management of internal vulnerabilities.

In this white paper, take an in-depth look at 4 common causes that lead to software vulnerabilities, which include:

  • Insecure coding practices
  • The evolving threat landscape
  • Reusing vulnerable components & code
  • Programming language idiosyncrasies

These are also closely related to: "IBM X-Force Threat Intelligence: Quartalsbericht 3. Quartal 2014"

  • Venafi Study: Machine Identities Drive Rapid Expansion of Enterprise Attack Surface

    Digital transformation strategies have led to an explosion of machines needing unique identities to connect securely. But threat actors have learned that improperly managed machine identities are an ideal way to infiltrate and attack organizations. Read this study to learn why SSL/TLS, SSH and code signing machine identities so appeal to cybercriminals—and how an enterprise-wide machine identity management solution can stop them.

  • Vulnerability management for modern automobiles

    As automobiles become increasingly digital, vulnerabilities found in their software are more dangerous than ever before.

    In order to better understand the current automobile security landscape, Cybellum conducted this study, utilizing their secuirty team’s experience to draw actionable conclusions.

    Download this report to learn more about the state of automotive security and unlock key findings, including:

    • Old threats remain persistent
    • Security is playing a bigger role
    • Fewer private keys are being detected
    • And more

Find more content like what you just read:

  • Focus: Securing the cloud

    While cloud services' benefits of quick deployment and flexible scalability at a lower cost have driven enterprise adoption, security concerns continue to be a key factor in determining the extent and style of cloud adoption.


  • Top trends shaping APAC's tech landscape in 2024

    While GenAI is not expected to supersede other IT priorities such as cloud, application development and cyber security, it will augment those areas by making it easier to build software and improve cyber resilience. In this round-up, we review some of the key IT trends that are likely to shape the industry across the region in 2024.


  • Computer Weekly - 21 December 2021: What is Log4Shell - and why the panic?

    In this week's Computer Weekly, we assess the risks from Log4Shell, a new web software vulnerability described as "catastrophic". We look at SASE – secure access service edge – which is set to be one of the networking priorities for 2022. And some victims of the Post Office IT scandal are still waiting for proper compensation. Read the issue now.


  • Top 10 cyber security stories of 2019

    2019 was a busy year in the world of cyber security, with big stories around network security, data privacy and protection, and the state of General Data Protection Regulation compliance all hitting the headlines – and that's before we even get started on the issue of cyber crime. Here are Computer Weekly's top 10 cyber security stories of 2019.


  • Top threats to security asset management: What to know

    17% of organizations report that their approach to security hygiene and posture management (SHPM) is completely decentralized, while 41% consider their approach to be only partially centralized, according to research by Enterprise Strategy Group (ESG). To learn more about the complex state of SHPM, dig into this ESG report.


  • Royal Holloway: Rowhammer – From DRAM faults to escalating privileges

    Discover how Rowhammer attacks, created from a side effect in dynamic random-access memory (DRAM) that occurs due to increased density, can affect your company's cyber security and how best to protect against them


  • Assessing your network-security posture: 6 considerations

    With advanced threats crowding the cyber landscape, how can you secure your dispersed workforce? This research report by Palo Alto Networks’ Unit 42 unpacks 6 components of a strong network-security posture. Keep reading to discover those insights – and much more.


  • 30-page e-book: IoT security benchmark report 2023

    81% of security leaders surveyed by Starfleet Research reported that their business was struck by an IoT-focused attack within the past year. So, how can you boost IoT security at your own organization? Find guidance in this 30-page e-book.


  • AI-based application testing: Simulate attacks at scale

    With advances in AI capabilities, hackers have leveraged the evolving technology in order to perform more sophisticated attacks at scale. If actual attacks are using AI, then simulated attack testing that is performed at scale using AI is as close of a simulation to the real thing as one could hope for. Read on to learn more.


  • CrowdStrike vs. Rapid7 vs. Tenable for risk-based vulnerability platforms

    Risk-based vulnerability management (RBVM) platforms were developed to help customers prioritize vulnerabilities. Read this IDC MarketScape report to compare 15 RBVM platforms—including CrowdStrike, Rapid7, Tenable, and Ivanti—to find the platform most suitable for your organization.


  • Vulnerability management trends for 2024

    44% of organizations have a formal vulnerability management program in place internally, with 28% of organizations identifying 100 or more vulnerabilities each month. These findings and more are from Dark Reading’s The State of Vulnerability Management Report. Read the report here.


  • Pentesting in 2024: Thoughts from 450 IT pros

    Based off survey responses from 450 IT professionals, this 27-page research report by Pentera explores the state of penetration testing (pentesting) in 2024. Dig into the report to learn about what security leaders are pentesting, what pentesting budgets look like this year, and much more.


  • Case study: Armellini Logistics experiences shadow IT's impact

    To analyze the state of attack surface management (ASM), Enterprise Strategy Group and Randori, an IBM Company, surveyed 398 IT decision-makers. Tap into this report to review the findings, which explore three forces driving organizations to adopt a more continuous approach to ASM.


  • Developer’s guide to secure coding

    This 31-page eBook provides a roadmap to secure coding in practice. Inside, find a deep dive into common software vulnerabilities, how hackers exploit them, what you need to know to prevent a breach, and more.


  • 34-page report: Software supply chain landscape

    To understand the state of the software supply chain landscape in 2024, tap into this 34-page research report.


  • In 2017, the insider threat epidemic begins

    Cyber security resiliency depends on detecting, deterring and mitigating insider threats. This report from the Institute for Critical Infrastructure Technology assesses the risks and potential solutions.


  • Secure Voting

    This report from WebRoots Democracy, a pressure group for e-voting, aims to answer the key questions surrounding online voting security and the potential e-voting systems.


  • 24-page e-book: IoT security in retail

    By 2030, IoT technology in retail is expected to increase to $297 billion, according to a 2023 report by Grand View Research. So, what is driving that massive adoption, and how can retail organizations ensure strong IoT security? Find answers in this 24-page e-book.


  • How Graph Databases Help Solve Security Vulnerabilities in SBOMs

    A software bill of materials (SBOM) is one of the pillars of risk management and cybersecurity. As the scope and complexity of cyberthreats increase, the development and adoption of secure SBOMs, combined with graphs, emerge as a critical imperative to safeguard an organization's digital infrastructure.


  • The State of Security Hygiene and Posture Management (SHPM)

    To understand how organizations are tackling security hygiene and posture management (SHPM), ESG surveyed 383 cybersecurity professionals. Review this report to learn about the common coverage gaps and challenges associated with SHPM.


  • Focus: Securing for the future

    2016 saw the rapid increase in the use of ransomware and a resurgence of distributed denial of service (DDoS) attacks using hijacked devices making up the internet of things (IoT) against a background of new and newly-reported breaches of personal information involving an ever-increasing number of online user accounts.


  • How to prevent email security threats before they enter your inbox

    In March, Microsoft disclosed the CVE-2023- 23307 vulnerability, a threat impacting Outlook with a 9.8 CVSS Rating. Download this white paper to see how Checkpoint’s Harmony Email & Collaboration (HEC) API can prevent malicious emails from reaching the inbox.


  • Royal Holloway: Attack mapping for the internet of things

    The introduction of each internet-connected device to a home network increases the risk of cyber attack. This article in our Royal Holloway security series presents a practical model for investigating the security of a home network to evaluate and track what pathways an attacker may use to compromise it.


  • The fastest route to PCI DSS compliance

    PCI DSS compliance has dropped 28% since 2016 – and while there are several factors that can explain this, most of them can be addressed by enhancing compliance programs with automated penetration testing and continuous validations capabilities. Read this solution brief to learn how PenTera can help speed up your route to PCI DSS compliance.


  • Lessons in attack surface risk based on observable data

    Software as a service (SaaS) deployments and cloud migration initiatives have fueled a dramatic increase in infrastructure, too rapid to be accurately understood. To put these trends into context and provide actionable intelligence, Unit 42 analyzed several petabytes of public internet data. Download this report to unlock all their key findings.


  • Compare 3 Leading SASE Solutions

    SASE solutions aim to simplify system management by allowing IT administrators to easy manage all the necessary security measures and access permissions from a single cloud-based management architecture. Tap into this comparative report of SASE offerings by Palo Alto Networks, Cisco and Zscaler broken down by 8 sub-tests.


  • SASE put to the test: Top tools and vendors, compared

    To find out how three SASE products – Cisco Umbrella, Palo Alto Networks Prisma Access Enterprise and Zscaler Internet Access – stack up against each other, read this 20-page report by AV Comparatives.


  • How to implement the Essential Eight framework

    To help organizations prevent and defend against evolving cyberthreats, the Australian Cyber Security Centre (ACSC) developed the Essential Eight framework. In this e-book, access an introduction to the framework and guidance for implementing it.


  • CW Europe: December 2016 - February 2017

    Security continues to be a huge pan-European challenge for governments and businesses harnessing the latest technologies. In this quarter's CW Europe, we feature two articles focusing on security in Europe and what authorities and IT firms are doing to reduce risks.


  • Proactive cyber risk management requires visibility into 5 areas

    CrowdStrike's Falcon Exposure Management utilizes security telemetry and AI to enhance visibility into cyber risks. Read this e-book to discover more about the Falcon platform and to view proactive cyber risk management strategies and results from CrowdStrike’s 2024 Global Threat Report.


  • Proactive Security: Software vulnerability management and beyond

    In this e-guide we discover why modern security professionals are moving to a more pro-active approach to cyber defence, and how managing vulnerabilities is a key element of that.


  • CW Nordics - May-July 2019: Facing up to fintech

    In this issue of CW Nordics, we take a look at how one of the Nordic region's big, traditional banks is going about meeting the challenges posed by new digital entrants into the finance sector. And it is another large traditional player, but this time in the IT world, which Nordea is turning to for support– none other than Big Blue.


  • Computer Weekly – 25 July 2023: Getting comfortable with data

    In this week's Computer Weekly, we talk to the head of IT at furniture retailer DFS about building trust in data. The vulnerabilities in MOVEit software continue to attract new victims – we assess the impact of the breaches. And we find out how online investigators are trawling social media to gather evidence of war crimes. Read the issue now.


  • Hacking the Human Operating System

    Cyber attackers often bypass the consciousness of their targets and attempt to manipulate victims through subconscious influences. This report from Intel Security offers advice on how to mitigate these risks.


  • Security validation e-book: 11 must-have capabilities

    By 2026, Gartner predicts, businesses that prioritize their security investments based on a continuous exposure management program will be 3 times less likely to suffer a breach. To discover what continuous threat exposure management (CTEM) looks like, and to learn why security validation is a key part of it, dig into this buyer’s guide.


  • Cyber Security: 2021 Worst in Show

    In this e-guide: Throughout 2021, there has been a strong focus worldwide on how to combat cyber security attacks for most businesses. In this e-guide we take a look at the best of the worst of those attacks to happen throughout January to June this year and how businesses can learn/adapt from these attacks.


  • Essential Guide: Securing hybrid IT infrastructure

    In this essential guide, we examine the key security considerations for infrastructure, networks, data and hybrid cloud.


  • Application security: More important than ever

    In this e-guide we look at why application security is more important than ever due to traditional software and cloud-based, web and mobile applications playing an increasingly important role in business.


  • Protecting the IT attack surface while advancing digital transformation

    To survive and to thrive, organizations must continue innovating, launching new products and services, and optimizing old ones. As a result, every organization’s attack surface will continue to change and, likely, grow. Learn how business leaders can keep up with these changes in this latest technical deep dive from Tanium experts.


  • CrowdStrike found a 288% increase in cloud environment targeting

    Cloud environments are more vulnerable than ever before, and you need a solution that can mitigate attacks faster than hackers can execute them. Download this white paper to learn how you can secure your cloud environment with Falcon Cloud Security.


  • 2024 security report: Predictions from 3 CISOs

    In this 103-page research report by Check Point Software Technologies, access 2024 cybersecurity predictions, a timeline of cyber events in 2023, and much more.


  • BadUSB 2.0: Exploring USB man-in-the-middle attacks

    This article in our Royal Holloway Security Series explores the uses and capabilities of rogue USB hardware implants for use in cyber espionage activities.


  • Cybersecurity in hospitality: 2023 insights

    Because of the sheer amount of sensitive data that hospitality organizations maintain, a data breach can cause major reputational damage. This report delves into the hospitality industry’s unique cybersecurity threat profile. Read on to learn about boosting your company’s security stance.


  • Data security: Don't make these 5 common mistakes

    Take a look through this IBM Security e-book to learn how to avoid five common data security missteps.


  • The 4 key phases of cyberthreat defense

    See how to protect your entire enterprise by shifting from a tactical to a strategic approach in this white paper. Discover the 4 key phases of cyberthreat defense and how ServiceNow’s portfolio of SecOps and risk management tools is here to help.


  • Phishing for Dummies

    Protecting yourself and your business from phishing attacks can be a daunting task. While it's impossible to eliminate all risk, there are steps you can take to reduce the odds and your brand. Enter "Phishing for Dummies" – the definitive guide for IT professionals seeking comprehensive knowledge and defense against phishing attacks.


  • Healthcare Organizations: Actionable Cybersecurity Insights

    In 2022, over 28.5 million healthcare records were breached, according to The U.S. Department of Health and Human Services. So, how can today’s healthcare organizations protect their records and defend against advanced threats? To unlock actionable insights, dig into this 46-page report.