Threat detection and response
Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.
Top Stories
-
News
11 Jul 2024
Ransomware gangs increasingly exploiting vulnerabilities
New research from Cisco Talos highlighted three of the most popular known vulnerabilities that were exploited by ransomware gangs for initial access during 2023 and 2024. Continue Reading
-
News
10 Jul 2024
Check Point sheds light on Windows MSHTML zero-day flaw
A Check Point Software Technologies researcher who discovered CVE-2024-38112 said the Windows spoofing vulnerability may have been exploited as far back at January 2023. Continue Reading
-
News
20 Jul 2022
DOJ report warns of escalating cybercrime, 'blended' threats
The Department of Justice's cyber review report warned that the lines between conventional cybercriminal activity and national security threats have all but disappeared. Continue Reading
-
Definition
20 Jul 2022
network packet
A network packet is a basic unit of data that's grouped together and transferred over a computer network, typically a packet-switched network, such as the internet. Continue Reading
-
Feature
20 Jul 2022
VMDR: Inside vulnerability management, detection and response
VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool? Continue Reading
-
News
20 Jul 2022
Sophos launches cross-operational task force X-Ops
The Sophos X-Ops team aims to create an AI-assisted security operations center using the cybersecurity vendor's research and threat response teams. Continue Reading
-
Feature
19 Jul 2022
Cyber-war game case study: Preparing for a ransomware attack
In this real-world cyber-war game case study, an exercise on ransomware preparedness helped a company discover shortcomings in its incident response plan. Continue Reading
-
News
15 Jul 2022
Cryptocurrency mixer activity reaches new heights in 2022
Chainalysis observed a stark uptick in April that led to a steady decline in May and June, but illicit addresses and DeFi platforms have kept mixers busy so far this year. Continue Reading
-
Podcast
15 Jul 2022
Risk & Repeat: Ransomware in 2022 so far
This podcast episode discusses ransomware in 2022, including an apparent decrease in attacks, the evolution of cybercrime operations and the lack of visibility into the threat. Continue Reading
-
Tip
15 Jul 2022
Pen testing vs. vulnerability scanning: What’s the difference?
Confused by the differences between pen tests and vulnerability scans? You're not alone. Learn the key differences between the two and when each should be used. Continue Reading
-
Definition
15 Jul 2022
user behavior analytics (UBA)
User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems. Continue Reading
-
News
14 Jul 2022
Cryptocurrency crash triggers crisis for dark web exchanges
Cybersixgill says dark web exchanges that help cybercriminals launder their funds are facing a crisis as users are cashing out amid a cryptocurrency price crash. Continue Reading
-
News
14 Jul 2022
Catalogic adds to ransomware detection trend with GuardMode
Catalogic has joined the ranks of data backup vendors that are providing ransomware detection and recovery tools to the backup admin. Continue Reading
-
News
13 Jul 2022
Researcher develops Hive ransomware decryption tool
Despite being only a year old, Hive ransomware has grown into a prominent ransomware-as-a-service operator. The decryptor tackles Hive's newer, better-encrypted version. Continue Reading
-
News
13 Jul 2022
Supreme Court justices doxxed on dark web
Five conservative Supreme Court justices were reportedly doxxed by threat actors that claim to have obtained credit card numbers, addresses and other information. Continue Reading
-
News
07 Jul 2022
Early detection crucial in stopping BEC scams
Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails. Continue Reading
-
News
07 Jul 2022
Public sector still facing ransomware attacks amid decline
While ransomware activity has reportedly decreased worldwide in recent months, several public sector organizations in the U.S. suffered attacks in June. Continue Reading
-
News
05 Jul 2022
Ransomware in 2022: Evolving threats, slow progress
Experts say trends involving new forms of leverage, increasing numbers of affiliates and the evolving cyber insurance market are shaping the ransomware landscape in 2022. Continue Reading
-
News
30 Jun 2022
SANS Institute: Human error remains the top security issue
The SANS Institute's annual report on security awareness found that human risk is still the biggest source of data breaches and security issues for enterprises. Continue Reading
-
News
28 Jun 2022
Ransomware gangs using Log4Shell to attack VMware instances
Ransomware groups are exploiting the Log4Shell flaw in VMware Horizon and using DLL sideloading techniques to exfiltrate and encrypt data, according to Trend Micro. Continue Reading
-
News
24 Jun 2022
Researchers criticize Oracle's vulnerability disclosure process
While the critical flaws were reported in April, it took the vendor nearly half a year to issue patches, exceeding the standard responsible coordinated disclosure policy. Continue Reading
-
News
23 Jun 2022
Chinese HUI Loader malware ups the ante on espionage attacks
A state-sponsored piece of malware may become a favorite weapon for Beijing-backed hacking crews looking to lift intellectual property from foreign firms. Continue Reading
-
News
22 Jun 2022
Ongoing PowerShell security threats prompt a call to action
Although PowerShell poses an ongoing risk to enterprise security as a post-exploitation tool, authorities strongly advise against disabling it completely. Continue Reading
-
Feature
22 Jun 2022
Publicly disclosed U.S. ransomware attacks database
Each day SearchSecurity looks for every publicly available instance of a ransomware attack in the U.S. and compiles this data into a list to keep readers updated on recent threats. Continue Reading
-
Podcast
16 Jun 2022
Risk & Repeat: Recapping RSA Conference 2022
This Risk & Repeat episode discusses RSA Conference 2022 and major themes, such as the evolving ransomware landscape and the government's strategy to address nation-state threats. Continue Reading
-
News
14 Jun 2022
Critical Atlassian Confluence flaw remains under attack
Researchers say a critical flaw in the Atlassian Confluence Data Center and Server is now being used to spread ransomware in the wild, making updates a top priority. Continue Reading
-
News
14 Jun 2022
How Russian sanctions may be helping US cybersecurity
Federal government officials say Russian sanctions decreased cyber attacks on the U.S. over the past few months but could potentially lead to significant threats down the road. Continue Reading
-
News
09 Jun 2022
Rob Joyce: China represents biggest long-term cyberthreat
NSA director of cybersecurity Rob Joyce spoke at RSA Conference 2022 about the cyberthreat landscape for nation-state attacks from Russia and China. Continue Reading
-
News
09 Jun 2022
Mandiant: Cyberextortion schemes increasing pressure to pay
At RSA Conference 2022, Mandiant executives discussed how attackers are pulling out all the stops to pressure victims to pay, from DDoS attacks to harassing victims' customers. Continue Reading
-
News
08 Jun 2022
SANS lists bad backups, cloud abuse as top cyberthreats
A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams. Continue Reading
-
News
08 Jun 2022
CISA director promotes collaboration and trust at RSAC 2022
Jen Easterly said there's growing momentum for stronger collaboration and communication between government agencies like CISA and private-sector cybersecurity companies. Continue Reading
-
News
07 Jun 2022
Cisco Talos: Destructive malware, supply chain attacks rising
At RSA Conference 2022, Cisco Talos discussed how adversaries have evolved and changed their tactics, leading to major shifts in the threat landscape. Continue Reading
-
News
07 Jun 2022
Ransomware Task Force calls for better incident reporting
Michael Phillips, co-chair of the Ransomware Task Force and chief claims officer at Resilience, pointed to a 'data gap' that prohibits a complete picture of the ransomware problem. Continue Reading
-
News
07 Jun 2022
Cybereason: Paying ransoms leads to more ransomware attacks
Cybereason found that the majority of organizations that pay threat actors to decrypt data are attacked again -- usually within a month and at the hands of the same attackers. Continue Reading
-
News
06 Jun 2022
Major DDoS attacks increasing after invasion of Ukraine
DDoS attacks are a growing threat to both government and commercial entities across the globe, as Russia's invasion of Ukraine has increased the rate of attacks in 2022. Continue Reading
-
News
02 Jun 2022
VMware launches 'threat intelligence cloud' Contexa
The Contexa threat intelligence service is integrated into all VMware security products and will be available to all new and existing customers at no additional cost. Continue Reading
-
Feature
01 Jun 2022
How ransomware kill chains help detect attacks
Reconstructing cyber attacks is a key step in incident response. Learn how ransomware kill chains can help security teams detect and mitigate the consequences of an attack. Continue Reading
-
Feature
01 Jun 2022
How to improve cyber attack detection using social media
Social media has cybersecurity pros and cons. One benefit is that it can help improve cyber attack detection. These four real-world examples show how. Continue Reading
-
Feature
01 Jun 2022
How to design architecture for enterprise wireless security
Learn about a five-phase design methodology that will help your company plan for and create an enterprise wireless security architecture. Continue Reading
-
Tip
31 May 2022
How to get started with multi-cloud threat hunting
More clouds mean a bigger attack surface. It also complicates how companies can accurately hunt for potential threats. But there are steps to take that can reduce the risk. Continue Reading
-
News
26 May 2022
U.S. Senate report calls out lack of ransomware reporting
The Senate Committee on Homeland Security published a report that points to a lack of ransomware reporting as a major issue in defending the U.S. from cyber attacks. Continue Reading
-
Tip
25 May 2022
Prepare for deepfake phishing attacks in the enterprise
Deepfake phishing has already cost at least one company $243,000. Learn how cybersecurity leaders can train users to recognize this emerging attack vector. Continue Reading
-
News
24 May 2022
Developers targeted by poisoned Python library
A developer's expired domain led to a threat actor taking control of an open source library and poisoning it with malware that could steal private keys for AWS instances. Continue Reading
-
News
19 May 2022
QNAP devices hit by DeadBolt ransomware again
DeadBolt ransomware is once again targeting QNAP's NAS devices, and the vendor is urging customers to patch immediately. Continue Reading
-
Tip
19 May 2022
How to conduct a cyber-war gaming exercise
A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed. Continue Reading
-
News
19 May 2022
Small businesses under fire from password stealers
Kaspersky researchers tracked notable increases in password-stealing Trojans, RDP attacks and other cyberthreats against small businesses in various countries. Continue Reading
-
News
17 May 2022
Cardiologist charged with creating Thanos, Jigsaw ransomware
Moises Luis Zagala Gonzalez, 55, faces up to five years in prison for each of the two charges connected to his alleged role in creating Thanos and Jigsaw ransomware. Continue Reading
-
Guest Post
16 May 2022
How cryptocurrencies enable attackers and defenders
Threat actors use cryptocurrencies for their anonymity, but they're not as impenetrable as once thought. Discover how cryptocurrencies can help attackers and defenders alike. Continue Reading
-
News
16 May 2022
Critical bug in Zyxel firewalls, VPNs exploited in the wild
Initially discovered by Rapid7, the vulnerability poses a critical risk to enterprise networks and could allow attackers to gain remote access to Zyxel security products. Continue Reading
-
News
12 May 2022
Iranian APT Cobalt Mirage launching ransomware attacks
Secureworks researchers said a new Iranian state-sponsored threat group is melding government and financial interests by targeting U.S. organizations with ransomware attacks. Continue Reading
-
News
12 May 2022
Vendors, governments make ransomware decryptors more common
Ransomware decryption tools are increasingly common today, thanks to cybersecurity vendors and law enforcement agencies working on cracking past and present ransomware threats. Continue Reading
-
News
10 May 2022
New clues point to REvil ransomware gang's return
New research from Secureworks' Counter Threat Unit provides further evidence that the REvil ransomware group, once thought to be defunct, is indeed back on the scene. Continue Reading
-
News
10 May 2022
US, EU attribute Viasat hack to Russia
The U.S. and U.K. governments, along with the EU, confirmed the suspicions around the attack that disrupted satellite services for customers in Ukraine as Russia invaded the country. Continue Reading
-
Definition
10 May 2022
Top 10 spyware threats
The top 10 spyware list describes the 10 common spyware threats behind famous spyware attacks and is frequently identified by Webroot's Spy Audit, a free spyware scanner tool. Continue Reading
-
News
09 May 2022
Victims of Horizon Actuarial data breach exceed 1M
Five months after the data breach was discovered, the number of Horizon Actuarial Services customers and individuals affected by the attack has climbed significantly. Continue Reading
-
News
09 May 2022
US offers $10M bounty for Conti ransomware information
The bounty follows a recent Conti ransomware attack that Costa Rica suffered in April. The country's new president, Rodrigo Chaves, declared a national emergency Sunday. Continue Reading
-
Definition
09 May 2022
parameter tampering
Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's authorization. Continue Reading
-
News
06 May 2022
Cryptocurrency mixer sanctioned over Lazarus Group ties
North Korea's Lazarus Group is accused of stealing more than $600 million in the Axie Infinity hack and laundering a chunk through the Blender.io mixing service. Continue Reading
-
Tip
06 May 2022
How to implement an attack surface management program
Keeping attackers away from corporate assets means keeping a constant vigilance over the organization's attack surface. An attack surface management program can help. Continue Reading
-
News
05 May 2022
SentinelOne finds high-severity flaws in Avast, AVG
The Avast and AVG vulnerabilities, which have been patched, went undiscovered for 10 years and potentially impact millions of devices, according to SentinelOne. Continue Reading
-
News
04 May 2022
Coveware: Double-extortion ransomware attacks fell in Q1
Coveware said double-extortion ransomware may be replaced with 'big shame ransomware,' in which an attacker threatens to leak sensitive data without encrypting it. Continue Reading
-
Definition
04 May 2022
SYN flood attack
A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server. Continue Reading
-
News
04 May 2022
Winnti threat group rides again with IP theft campaign
A Chinese cyberespionage campaign, dubbed 'Operation CuckooBees' by Cybereason, went unnoticed for years as spies siphoned off intellectual property from companies. Continue Reading
-
News
03 May 2022
Trend Micro discovers AvosLocker can disable antivirus software
AvosLocker operators are using legitimate tools and previously disclosed vulnerabilities to disable antivirus software and evade detection on infected machines. Continue Reading
-
News
03 May 2022
April ransomware attacks slam US universities
April's ransomware attacks were highlighted by several universities and colleges in the U.S. reporting attacks, plus a possible data breach at one of the world's largest beverage companies. Continue Reading
-
News
02 May 2022
Cyberespionage group exploiting network and IoT blind spots
Researchers with Mandiant have uncovered a new espionage-focused hacking operation that takes advantage of IoT and networking gear that security tools don't cover. Continue Reading
-
Feature
02 May 2022
Do phishing simulations work? Sometimes
Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question. Continue Reading
-
News
28 Apr 2022
Lapsus$ targeting SharePoint, VPNs and virtual machines
From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung. Continue Reading
-
News
28 Apr 2022
Check Point: Ransomware attacks lasted 9.9 days in 2021
Check Point Research and Kovrr found ransomware attack victims paid out 89% of the ransom demand on average in 2019. The figure dropped to 27% in 2020 before rising to 49% in 2021. Continue Reading
-
Feature
28 Apr 2022
Case study: Why it's difficult to attribute nation-state attacks
If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware. Continue Reading
-
Feature
28 Apr 2022
Tips for using a threat profile to prevent nation-state attacks
Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile. Continue Reading
-
Feature
27 Apr 2022
How to conduct Linux privilege escalations
Learn how to conduct Linux kernel exploitation with Metasploit and manually, as well as how to identify vulnerabilities on Linux using enumeration scripts. Continue Reading
-
News
27 Apr 2022
Five Eyes reveals 15 most exploited vulnerabilities of 2021
Law enforcement agencies from five countries share the top flaws they've observed being exploited this year, some of which were disclosed as early as 2018. Continue Reading
-
News
27 Apr 2022
REvil ransomware attacks resume, but operators are unknown
The notorious REvil ransomware gang appears to be up and running once more, as new attacks and malware samples have been observed, but it's unclear who is behind the operation. Continue Reading
-
News
27 Apr 2022
Sophos: 66% of organizations hit by ransomware in 2021
Forty-four percent of organizations surveyed by Sophos said they used multiple approaches to recover data following a ransomware attack, including paying ransoms and using backups. Continue Reading
-
Tip
27 Apr 2022
Best practices for creating an insider threat program
A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
-
News
26 Apr 2022
HYCU Protege updates focus on ransomware recovery
HYCU sharpens its emphasis on WORM storage with more support and 'cloud dedupe.' The ransomware-focused product updates follow the recent release of a ransomware assessment tool. Continue Reading
-
News
21 Apr 2022
Zero-day vulnerability exploitation soaring, experts say
Researchers with Mandiant and Google Project Zero say they observed significant increases in exploitation of zero-day vulnerabilities over the past year. Continue Reading
-
News
21 Apr 2022
FBI warns of 'timed' ransomware attacks on agriculture sector
In a recent alert, the FBI warned that food and agriculture businesses could become a target of ransomware attacks at the sector's busiest times of the year. Continue Reading
-
News
20 Apr 2022
U.S. warns of 'increased' threats from Russian hacking groups
The U.S. government and its Five Eyes intelligence partners issued a joint advisory warning of the dangers posed by both state-sponsored hackers and cybercriminal crews in Russia. Continue Reading
-
News
20 Apr 2022
BlackCat emerges as one of the top ransomware threats
After several notable ransomware attacks against major enterprises, the BlackCat gang is drawing the attention of security researchers who have connected it to other groups. Continue Reading
-
Tip
20 Apr 2022
EDR vs. XDR vs. MDR: Which does your company need?
Explore the differences and similarities between EDR vs. XDR vs. MDR and the role they play to help improve behavioral analysis for better threat response. Continue Reading
-
News
18 Apr 2022
Pegasus spyware discovered on U.K. government networks
Citizen Lab confirmed it spotted the notorious spyware running on systems within the U.K. prime minister's office, and it believes the United Arab Emirates is to blame. Continue Reading
-
News
18 Apr 2022
Attack on Beanstalk Farms results in $182M loss
High payouts and security weaknesses make cryptocurrency a growing target, which was highlighted even further in the latest attack involving virtual currency and a DeFi platform. Continue Reading
-
News
15 Apr 2022
Corvus: Ransomware costs, ransom payments declining
Cyber insurance provider Corvus examined how the cost of ransomware attacks declined over the past year and a half and what it means for different industries moving forward. Continue Reading
-
Opinion
14 Apr 2022
Making sense of conflicting third-party security assessments
Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective. Continue Reading
-
News
14 Apr 2022
US government, security vendors warn of new ICS malware
As attacks on critical infrastructure increase, experts warn that threat actors have developed new malware designed to take control of ICS and SCADA systems in the energy sector. Continue Reading
-
News
13 Apr 2022
Microsoft dismantles ZLoader botnet
Microsoft and ESET security teams explained how they were able to identify and dismantle the command and control infrastructure of the notorious ZLoader malware network. Continue Reading
-
News
12 Apr 2022
Ukraine energy grid hit by Russian Industroyer2 malware
The 2016 malware known as 'Industroyer' has resurfaced in a new series of targeted attacks against industrial controller hardware at a Ukraine power company. Continue Reading
-
News
08 Apr 2022
Fin7 hacker sentenced to 5 years in prison
A Ukrainian man has been sentenced to five years in prison after being convicted as one of the primary hackers behind the notorious Fin7 financial malware ring. Continue Reading
-
News
07 Apr 2022
Government officials: AI threat detection still needs humans
At the Ai4 Cybersecurity Summit, infosec professionals from CISA and the state of Tennessee discussed the promise and potential obstacles of AI for threat detection. Continue Reading
-
News
07 Apr 2022
How the FBI took down the Cyclops Blink botnet
The FBI's operation copied and removed Cyclops Blink's malware from victims' systems that were used as command and control devices, severing Sandworm's control of the botnet. Continue Reading
-
Tip
07 Apr 2022
Pen testing guide: Types, steps, methodologies and frameworks
Penetration testing helps organizations find security vulnerabilities before hackers do. Uncover details about pen testing steps, methodologies, frameworks and standards. Continue Reading
-
News
06 Apr 2022
Conti ransomware leaks show a low-tech but effective model
The Conti ransomware gang runs largely on elbow grease, according to Akamai security researchers who analyzed the group's training materials and operating policies. Continue Reading
-
News
05 Apr 2022
German authorities behead dark web Hydra Market
Police in Germany raided facilities hosting the infamous Hydra Market site as part of an international effort to crack down on dark web forums and marketplaces. Continue Reading
-
News
05 Apr 2022
March ransomware attacks strike finance, government targets
In March, ransomware reports and disclosures showed a variety of victims, from public schools and county governments to financial services firms and large enterprises. Continue Reading
-
News
04 Apr 2022
Cryptocurrency companies targeted in Mailchimp breach
Cryptocurrency wallet maker Trezor revealed phishing attacks against its customers that stemmed from a breach at Mailchimp, which the email marketing firm later confirmed. Continue Reading
-
News
01 Apr 2022
CrowdStrike finds 'logging inaccuracies' in Microsoft 365
CrowdStrike says Microsoft's cloud offering may not be accurately taking logs of user sign-ins, and that could pose a threat to protecting networks and investigating attacks. Continue Reading
-
News
30 Mar 2022
Viasat confirms cyber attack on Ukraine customers
The U.S.-based satellite internet provider said a 'multifaceted and deliberate cyber attack' struck Viasat's KA-SAT network on the first day of Russia's invasion of Ukraine. Continue Reading
-
News
30 Mar 2022
Axie Infinity hack results in $600M cryptocurrency heist
Axie Infinity, whose developer was hacked this month, is a popular NFT-based video game in which players earn cryptocurrency by raising their pay-to-play digital pets, or 'Axies.' Continue Reading
-
News
29 Mar 2022
Rapid7 finds zero-day attacks surged in 2021
Cybercriminals are turning bugs into exploits faster than ever, according to Rapid7, which found that the average time to known exploitation dropped 71% last year. Continue Reading
-
Guest Post
28 Mar 2022
The benefits and challenges of SBOMs
While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security. Continue Reading