Information security threats
Mitigating information security threats is an ongoing battle. Here you'll find information on the latest malware and cyberattacks facing enterprises, from viruses and Trojans to social engineering techniques, as well as news, expert advice and learning tools to address these threats.
Top Stories
-
Tip
28 Aug 2024
Stop phishing with help from updated DMARC policy handling
Exchange admins got a boost from Microsoft when it improved how it handles DMARC authentication failures to help organizations fight back from email-based attacks on their users. Continue Reading
-
Tip
18 Jul 2024
What dangling pointers are and how to avoid them
Plenty of legacy systems are vulnerable to attackers looking for dangling pointers to gain unauthorized access. Learn how to identify dangling pointers and protect your network. Continue Reading
-
Feature
01 Aug 2018
Overwhelmed by security data? Science to the rescue
Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives. Continue Reading
-
Tip
07 Jun 2018
Where machine learning for cybersecurity works best now
Need to up your endpoint protection endgame? Learn how applying machine learning for cybersecurity aids in the fight against botnets, evasive malware and more. Continue Reading
-
Tip
07 Jun 2018
AI and machine learning in network security advance detection
Applying AI, and specifically machine learning, in network security helps protect enterprises against advanced persistent threats and sophisticated cybercriminals. Continue Reading
-
Opinion
01 Jun 2018
Cybercrime study: Growing economic ecosystem spells trouble
New research shows that cybercriminals are gaining momentum with connected infrastructure and collectively earning billions annually from a cybercrime economy. Now what? Continue Reading
-
Podcast
12 Apr 2018
Risk & Repeat: RSAC 2018 trends focus on AI, blockchain
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the big questions ahead of RSA Conference 2018, as well as notable sessions and speakers scheduled for the event. Continue Reading
-
Feature
21 Dec 2017
Get the best botnet protection with the right array of tools
Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can. Continue Reading
-
Answer
08 Dec 2017
LDAP injection: How was it exploited in a Joomla attack?
After eight years, Joomla discovered an LDAP vulnerability that could be exploited by threat actors. Learn how the attack works from expert Matt Pascucci. Continue Reading
-
Guide
01 Dec 2017
Cyberthreats, cyber vulnerabilities, and how to fight back
The key to countering cyberthreats today is to first understand your biggest vulnerabilities and then research the most effective countermeasures available to minimize them. Continue Reading
-
Feature
27 Nov 2017
Security for applications: What tools and principles work?
Better app security requires both designing security in and protecting it from without. Learn how to work it from both angles and what tools you'll need for the job. Continue Reading
-
Tip
09 Nov 2017
Email security issues: How to root out and solve them
Effectively tackling email security issues requires infosec pros to address a broad range of areas, including cloud, endpoints, user training and more. Continue Reading
-
Podcast
02 Aug 2017
Risk & Repeat: Black Hat 2017 highlights
In this week's Risk & Repeat podcast, SearchSecurity editors recap Black Hat 2017 and discuss some of the big news from the event, including the Broadpwn remote exploit. Continue Reading
-
News
26 Jul 2017
At Black Hat 2017, an industry hits a milestone and finds new directions
Long a conference that has thrived on technical sophistication and nuanced attacks, Black Hat USA 2017 in Las Vegas also found room for softer themes. Continue Reading
-
Tip
11 Jul 2017
Tactics for security threat analysis tools and better protection
Threat analysis tools need to be in top form to counter a deluge of deadly security issues. Here are tips for getting the most from your analytics tool. Continue Reading
-
Answer
07 Jul 2017
How are hackers using Unicode domains for spoofing attacks?
A proof of concept showed that hackers can use Unicode domains to make phishing sites look legitimate. Expert Matthew Pascucci explains how this spoofing attack works. Continue Reading
-
Feature
23 May 2017
Learn what breach detection system is best for your network
Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs. Continue Reading
-
Answer
03 Apr 2017
How did firmware create an Android backdoor in budget devices?
An Android backdoor was discovered in the Ragentek firmware used in almost three million low-cost devices. Expert Michael Cobb explains how to prevent attacks on affected devices. Continue Reading
-
Tip
28 Mar 2017
Android VPN apps: How to address privacy and security issues
New research on Android VPN apps revealed the extent of their privacy and security flaws. Expert Kevin Beaver explains how IT professionals can mitigate the risks. Continue Reading
-
Answer
22 Mar 2017
How does the Drammer attack exploit ARM-based mobile devices?
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ARM processors. Continue Reading
-
News
10 Mar 2017
Report on zero-day vulnerabilities highlights shelf life, overlap
News roundup: Report on zero-day vulnerabilities questions government stockpiling. Plus, Comey talks encryption and privacy, FCC blocks consumer protection rule, and more. Continue Reading
-
News
08 Mar 2017
Responsible vulnerability disclosure lacking by CIA and WikiLeaks
Experts criticize both WikiLeaks and the CIA for failing responsible vulnerability disclosure around the Vault 7 documents, and question the CIA's use of the VEP. Continue Reading
-
Answer
08 Mar 2017
How can attacks bypass ASLR protection on Intel chips?
An Intel chip flaw lets attackers bypass ASLR protection on most operating systems. Expert Michael Cobb explains the vulnerability and how to prevent attacks. Continue Reading
-
Answer
27 Feb 2017
How can enterprises leverage Google's Project Wycheproof?
Google's Project Wycheproof tests crypto libraries for known vulnerabilities, but there are potential drawbacks to this tool. Expert Matthew Pascucci explains them. Continue Reading
-
News
06 Feb 2017
Q&A: Rapid7's Beardsley and Brown take on bug bounty programs, IoT
Rapid7's Beardsley and Brown are back with more insight into vulnerability disclosure, the value of bug bounty programs and, of course, IoT. Continue Reading
-
Answer
02 Feb 2017
What are the best anti-network reconnaissance tools for Linux systems?
Anti-network reconnaissance tools can prevent attackers from getting access to system information. Expert Judith Myerson goes over the best enterprise options. Continue Reading
-
Tip
24 Jan 2017
Monitoring outbound traffic on your network: What to look for
Outbound network traffic remains a weakness for many enterprises and is a major attack vector. Expert Kevin Beaver explains how to spot irregular occurrences in your network. Continue Reading
-
News
20 Jan 2017
Vulnerable Adobe extension downloads covertly to Chrome
News roundup: A flawed Adobe extension was secretly installed on 30 million Chrome browsers. Plus, the Mirai author has been identified; Google releases security details; and more. Continue Reading
-
News
13 Jan 2017
St. Jude Medical finally patches vulnerable medical IoT devices
News roundup: St. Jude Medical patches vulnerable medical IoT devices after a five-month controversy. Plus, the Email Privacy Act is reintroduced; Juniper warns of a firewall flaw; and more. Continue Reading
-
Answer
11 Jan 2017
Are bug bounty programs secure enough for enterprise use?
The use of bug bounty programs in enterprises is growing, but they aren't risk free. Expert Mike O. Villegas discusses some concerns related to bug bounties. Continue Reading
-
Feature
09 Feb 2016
Comparing the top vulnerability management tools
Expert Ed Tittel compares how the top-rated vulnerability management tools measure up against each other so you can select the right one for your organization. Continue Reading
-
Feature
19 Jan 2016
Seven criteria for buying vulnerability management tools
Expert contributor Ed Tittel describes purchasing criteria for full-featured vulnerability management tools for small organizations to large enterprises. Continue Reading
-
Tip
14 Oct 2015
The malware lifecycle: Knowing when to analyze threats
Not responding to low-level threats can be perilous, yet enterprises can't always examine each issue. Expert Nick Lewis explains when an investigation is imperative. Continue Reading
-
Tip
12 Oct 2015
Getting to the bottom of the software vulnerability disclosure debate
The vulnerability disclosure debate rages on: Enterprises should know they are at risk, but vendors need time to patch flaws. Which side should prevail? Expert Michael Cobb discusses. Continue Reading
-
Answer
06 Oct 2015
How can enterprises manage the cybersecurity skills gap?
Due to the demand for professionals with backgrounds in both computer science and networking, filling cybersecurity jobs is difficult. Technology will have to play a bigger role. Continue Reading
-
Feature
01 Oct 2015
Choose the best vulnerability assessment tools
This Buyer's Essentials guide helps InfoSec pros assess vulnerability management products by explaining how they work and by highlighting key features corporate buyers should look for so they can evaluate vendor offerings. Continue Reading
-
News
16 Jul 2015
Flash Player security failures turn up the hate
There have been calls for the death of the Adobe Flash Player for years either due to performance issues or the threat of exploit. But with a recent rash of zero-day vulnerabilities, those calls are getting louder. Continue Reading
-
Tip
01 Jun 2015
Understanding and mitigating a FREAK vulnerability attack
After the discovery that the FREAK vulnerability can affect a wide variety of OSes, enterprises should amp up mitigation efforts. Here's some background on the attack and how to stop it. Continue Reading
-
Tip
13 Jan 2015
Lessons learned: Network security implications of Shellshock
Shellshock had a tremendous impact on network security, affecting many popular vendors and products. Expert Kevin Beaver discusses what Shellshock means to network security, and the lessons that can be learned from the vulnerability. Continue Reading
-
Tip
06 Nov 2014
The three stages of the ISO 31000 risk management process
The ISO 31000 risk management process proposes three stages. Expert Mike Chapple reviews this alternative to the ISO 27001 framework. Continue Reading
-
Quiz
19 Aug 2014
Authenticated vulnerability scanning: How much do you know?
This vulnerability scanning quiz will test you on the key points we've covered in the webcast, podcast and article in this Security School. Continue Reading
-
Tip
11 Nov 2013
Inside the BREACH attack: How to avoid HTTPS traffic exploits
Enterprise threats expert Nick Lewis examines how the BREACH attack exploits HTTPS traffic and what enterprises can do to mitigate the attack risk. Continue Reading
-
Answer
25 May 2010
Which tools will help in validating form input in a website?
Find out how to validate form input in a website. Continue Reading