Threat detection and response
Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.
Top Stories
-
Podcast
20 Nov 2024
Risk & Repeat: China hacks major telecom companies
The FBI and CISA confirmed reports that Salt Typhoon breached several major telecom companies and accessed data related to law enforcement requests. Continue Reading
-
News
20 Nov 2024
Apple warns 2 macOS zero-day vulnerabilities under attack
The macOS Sequoia vulnerabilities are the latest to be targeted and exploited by threat actors as cybersecurity vendors report a shift in the landscape. Continue Reading
-
Feature
22 Jun 2022
Publicly disclosed U.S. ransomware attacks database
Each day SearchSecurity looks for every publicly available instance of a ransomware attack in the U.S. and compiles this data into a list to keep readers updated on recent threats. Continue Reading
-
Podcast
16 Jun 2022
Risk & Repeat: Recapping RSA Conference 2022
This Risk & Repeat episode discusses RSA Conference 2022 and major themes, such as the evolving ransomware landscape and the government's strategy to address nation-state threats. Continue Reading
-
News
14 Jun 2022
Critical Atlassian Confluence flaw remains under attack
Researchers say a critical flaw in the Atlassian Confluence Data Center and Server is now being used to spread ransomware in the wild, making updates a top priority. Continue Reading
-
News
14 Jun 2022
How Russian sanctions may be helping US cybersecurity
Federal government officials say Russian sanctions decreased cyber attacks on the U.S. over the past few months but could potentially lead to significant threats down the road. Continue Reading
-
News
09 Jun 2022
Rob Joyce: China represents biggest long-term cyberthreat
NSA director of cybersecurity Rob Joyce spoke at RSA Conference 2022 about the cyberthreat landscape for nation-state attacks from Russia and China. Continue Reading
-
News
09 Jun 2022
Mandiant: Cyberextortion schemes increasing pressure to pay
At RSA Conference 2022, Mandiant executives discussed how attackers are pulling out all the stops to pressure victims to pay, from DDoS attacks to harassing victims' customers. Continue Reading
-
News
08 Jun 2022
SANS lists bad backups, cloud abuse as top cyberthreats
A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams. Continue Reading
-
News
08 Jun 2022
CISA director promotes collaboration and trust at RSAC 2022
Jen Easterly said there's growing momentum for stronger collaboration and communication between government agencies like CISA and private-sector cybersecurity companies. Continue Reading
-
News
07 Jun 2022
Cisco Talos: Destructive malware, supply chain attacks rising
At RSA Conference 2022, Cisco Talos discussed how adversaries have evolved and changed their tactics, leading to major shifts in the threat landscape. Continue Reading
-
News
07 Jun 2022
Ransomware Task Force calls for better incident reporting
Michael Phillips, co-chair of the Ransomware Task Force and chief claims officer at Resilience, pointed to a 'data gap' that prohibits a complete picture of the ransomware problem. Continue Reading
-
News
07 Jun 2022
Cybereason: Paying ransoms leads to more ransomware attacks
Cybereason found that the majority of organizations that pay threat actors to decrypt data are attacked again -- usually within a month and at the hands of the same attackers. Continue Reading
-
News
06 Jun 2022
Major DDoS attacks increasing after invasion of Ukraine
DDoS attacks are a growing threat to both government and commercial entities across the globe, as Russia's invasion of Ukraine has increased the rate of attacks in 2022. Continue Reading
-
News
02 Jun 2022
VMware launches 'threat intelligence cloud' Contexa
The Contexa threat intelligence service is integrated into all VMware security products and will be available to all new and existing customers at no additional cost. Continue Reading
-
Feature
01 Jun 2022
How ransomware kill chains help detect attacks
Reconstructing cyber attacks is a key step in incident response. Learn how ransomware kill chains can help security teams detect and mitigate the consequences of an attack. Continue Reading
-
Feature
01 Jun 2022
How to improve cyber attack detection using social media
Social media has cybersecurity pros and cons. One benefit is that it can help improve cyber attack detection. These four real-world examples show how. Continue Reading
-
Feature
01 Jun 2022
How to design architecture for enterprise wireless security
Learn about a five-phase design methodology that will help your company plan for and create an enterprise wireless security architecture. Continue Reading
-
Tip
31 May 2022
How to get started with multi-cloud threat hunting
More clouds mean a bigger attack surface. It also complicates how companies can accurately hunt for potential threats. But there are steps to take that can reduce the risk. Continue Reading
-
News
26 May 2022
U.S. Senate report calls out lack of ransomware reporting
The Senate Committee on Homeland Security published a report that points to a lack of ransomware reporting as a major issue in defending the U.S. from cyber attacks. Continue Reading
-
Tip
25 May 2022
Prepare for deepfake phishing attacks in the enterprise
Deepfake phishing has already cost at least one company $243,000. Learn how cybersecurity leaders can train users to recognize this emerging attack vector. Continue Reading
-
News
24 May 2022
Developers targeted by poisoned Python library
A developer's expired domain led to a threat actor taking control of an open source library and poisoning it with malware that could steal private keys for AWS instances. Continue Reading
-
News
19 May 2022
QNAP devices hit by DeadBolt ransomware again
DeadBolt ransomware is once again targeting QNAP's NAS devices, and the vendor is urging customers to patch immediately. Continue Reading
-
Tip
19 May 2022
How to conduct a cyber-war gaming exercise
A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed. Continue Reading
-
News
19 May 2022
Small businesses under fire from password stealers
Kaspersky researchers tracked notable increases in password-stealing Trojans, RDP attacks and other cyberthreats against small businesses in various countries. Continue Reading
-
News
17 May 2022
Cardiologist charged with creating Thanos, Jigsaw ransomware
Moises Luis Zagala Gonzalez, 55, faces up to five years in prison for each of the two charges connected to his alleged role in creating Thanos and Jigsaw ransomware. Continue Reading
-
Guest Post
16 May 2022
How cryptocurrencies enable attackers and defenders
Threat actors use cryptocurrencies for their anonymity, but they're not as impenetrable as once thought. Discover how cryptocurrencies can help attackers and defenders alike. Continue Reading
-
News
16 May 2022
Critical bug in Zyxel firewalls, VPNs exploited in the wild
Initially discovered by Rapid7, the vulnerability poses a critical risk to enterprise networks and could allow attackers to gain remote access to Zyxel security products. Continue Reading
-
News
12 May 2022
Iranian APT Cobalt Mirage launching ransomware attacks
Secureworks researchers said a new Iranian state-sponsored threat group is melding government and financial interests by targeting U.S. organizations with ransomware attacks. Continue Reading
-
News
12 May 2022
Vendors, governments make ransomware decryptors more common
Ransomware decryption tools are increasingly common today, thanks to cybersecurity vendors and law enforcement agencies working on cracking past and present ransomware threats. Continue Reading
-
News
10 May 2022
New clues point to REvil ransomware gang's return
New research from Secureworks' Counter Threat Unit provides further evidence that the REvil ransomware group, once thought to be defunct, is indeed back on the scene. Continue Reading
-
News
10 May 2022
US, EU attribute Viasat hack to Russia
The U.S. and U.K. governments, along with the EU, confirmed the suspicions around the attack that disrupted satellite services for customers in Ukraine as Russia invaded the country. Continue Reading
-
Definition
10 May 2022
Top 10 spyware threats
The top 10 spyware list describes the 10 common spyware threats behind famous spyware attacks and is frequently identified by Webroot's Spy Audit, a free spyware scanner tool. Continue Reading
-
News
09 May 2022
Victims of Horizon Actuarial data breach exceed 1M
Five months after the data breach was discovered, the number of Horizon Actuarial Services customers and individuals affected by the attack has climbed significantly. Continue Reading
-
News
09 May 2022
US offers $10M bounty for Conti ransomware information
The bounty follows a recent Conti ransomware attack that Costa Rica suffered in April. The country's new president, Rodrigo Chaves, declared a national emergency Sunday. Continue Reading
-
Definition
09 May 2022
parameter tampering
Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's authorization. Continue Reading
-
News
06 May 2022
Cryptocurrency mixer sanctioned over Lazarus Group ties
North Korea's Lazarus Group is accused of stealing more than $600 million in the Axie Infinity hack and laundering a chunk through the Blender.io mixing service. Continue Reading
-
News
05 May 2022
SentinelOne finds high-severity flaws in Avast, AVG
The Avast and AVG vulnerabilities, which have been patched, went undiscovered for 10 years and potentially impact millions of devices, according to SentinelOne. Continue Reading
-
News
04 May 2022
Coveware: Double-extortion ransomware attacks fell in Q1
Coveware said double-extortion ransomware may be replaced with 'big shame ransomware,' in which an attacker threatens to leak sensitive data without encrypting it. Continue Reading
-
Definition
04 May 2022
SYN flood attack
A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server. Continue Reading
-
News
04 May 2022
Winnti threat group rides again with IP theft campaign
A Chinese cyberespionage campaign, dubbed 'Operation CuckooBees' by Cybereason, went unnoticed for years as spies siphoned off intellectual property from companies. Continue Reading
-
News
03 May 2022
Trend Micro discovers AvosLocker can disable antivirus software
AvosLocker operators are using legitimate tools and previously disclosed vulnerabilities to disable antivirus software and evade detection on infected machines. Continue Reading
-
News
03 May 2022
April ransomware attacks slam US universities
April's ransomware attacks were highlighted by several universities and colleges in the U.S. reporting attacks, plus a possible data breach at one of the world's largest beverage companies. Continue Reading
-
News
02 May 2022
Cyberespionage group exploiting network and IoT blind spots
Researchers with Mandiant have uncovered a new espionage-focused hacking operation that takes advantage of IoT and networking gear that security tools don't cover. Continue Reading
-
Feature
02 May 2022
Do phishing simulations work? Sometimes
Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question. Continue Reading
-
News
28 Apr 2022
Lapsus$ targeting SharePoint, VPNs and virtual machines
From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung. Continue Reading
-
News
28 Apr 2022
Check Point: Ransomware attacks lasted 9.9 days in 2021
Check Point Research and Kovrr found ransomware attack victims paid out 89% of the ransom demand on average in 2019. The figure dropped to 27% in 2020 before rising to 49% in 2021. Continue Reading
-
Feature
28 Apr 2022
Case study: Why it's difficult to attribute nation-state attacks
If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware. Continue Reading
-
Feature
28 Apr 2022
Tips for using a threat profile to prevent nation-state attacks
Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile. Continue Reading
-
Feature
27 Apr 2022
How to conduct Linux privilege escalations
Learn how to conduct Linux kernel exploitation with Metasploit and manually, as well as how to identify vulnerabilities on Linux using enumeration scripts. Continue Reading
-
News
27 Apr 2022
Five Eyes reveals 15 most exploited vulnerabilities of 2021
Law enforcement agencies from five countries share the top flaws they've observed being exploited this year, some of which were disclosed as early as 2018. Continue Reading
-
News
27 Apr 2022
REvil ransomware attacks resume, but operators are unknown
The notorious REvil ransomware gang appears to be up and running once more, as new attacks and malware samples have been observed, but it's unclear who is behind the operation. Continue Reading
-
News
27 Apr 2022
Sophos: 66% of organizations hit by ransomware in 2021
Forty-four percent of organizations surveyed by Sophos said they used multiple approaches to recover data following a ransomware attack, including paying ransoms and using backups. Continue Reading
-
Tip
27 Apr 2022
Best practices for creating an insider threat program
A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
-
News
26 Apr 2022
HYCU Protege updates focus on ransomware recovery
HYCU sharpens its emphasis on WORM storage with more support and 'cloud dedupe.' The ransomware-focused product updates follow the recent release of a ransomware assessment tool. Continue Reading
-
News
21 Apr 2022
Zero-day vulnerability exploitation soaring, experts say
Researchers with Mandiant and Google Project Zero say they observed significant increases in exploitation of zero-day vulnerabilities over the past year. Continue Reading
-
News
21 Apr 2022
FBI warns of 'timed' ransomware attacks on agriculture sector
In a recent alert, the FBI warned that food and agriculture businesses could become a target of ransomware attacks at the sector's busiest times of the year. Continue Reading
-
News
20 Apr 2022
U.S. warns of 'increased' threats from Russian hacking groups
The U.S. government and its Five Eyes intelligence partners issued a joint advisory warning of the dangers posed by both state-sponsored hackers and cybercriminal crews in Russia. Continue Reading
-
News
20 Apr 2022
BlackCat emerges as one of the top ransomware threats
After several notable ransomware attacks against major enterprises, the BlackCat gang is drawing the attention of security researchers who have connected it to other groups. Continue Reading
-
News
18 Apr 2022
Pegasus spyware discovered on U.K. government networks
Citizen Lab confirmed it spotted the notorious spyware running on systems within the U.K. prime minister's office, and it believes the United Arab Emirates is to blame. Continue Reading
-
News
18 Apr 2022
Attack on Beanstalk Farms results in $182M loss
High payouts and security weaknesses make cryptocurrency a growing target, which was highlighted even further in the latest attack involving virtual currency and a DeFi platform. Continue Reading
-
News
15 Apr 2022
Corvus: Ransomware costs, ransom payments declining
Cyber insurance provider Corvus examined how the cost of ransomware attacks declined over the past year and a half and what it means for different industries moving forward. Continue Reading
-
Opinion
14 Apr 2022
Making sense of conflicting third-party security assessments
Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective. Continue Reading
-
News
14 Apr 2022
US government, security vendors warn of new ICS malware
As attacks on critical infrastructure increase, experts warn that threat actors have developed new malware designed to take control of ICS and SCADA systems in the energy sector. Continue Reading
-
News
13 Apr 2022
Microsoft dismantles ZLoader botnet
Microsoft and ESET security teams explained how they were able to identify and dismantle the command and control infrastructure of the notorious ZLoader malware network. Continue Reading
-
News
12 Apr 2022
Ukraine energy grid hit by Russian Industroyer2 malware
The 2016 malware known as 'Industroyer' has resurfaced in a new series of targeted attacks against industrial controller hardware at a Ukraine power company. Continue Reading
-
News
08 Apr 2022
Fin7 hacker sentenced to 5 years in prison
A Ukrainian man has been sentenced to five years in prison after being convicted as one of the primary hackers behind the notorious Fin7 financial malware ring. Continue Reading
-
News
07 Apr 2022
Government officials: AI threat detection still needs humans
At the Ai4 Cybersecurity Summit, infosec professionals from CISA and the state of Tennessee discussed the promise and potential obstacles of AI for threat detection. Continue Reading
-
News
07 Apr 2022
How the FBI took down the Cyclops Blink botnet
The FBI's operation copied and removed Cyclops Blink's malware from victims' systems that were used as command and control devices, severing Sandworm's control of the botnet. Continue Reading
-
Tip
07 Apr 2022
Pen testing guide: Types, steps, methodologies and frameworks
Penetration testing helps organizations find security vulnerabilities before hackers do. Uncover details about pen testing steps, methodologies, frameworks and standards. Continue Reading
-
News
06 Apr 2022
Conti ransomware leaks show a low-tech but effective model
The Conti ransomware gang runs largely on elbow grease, according to Akamai security researchers who analyzed the group's training materials and operating policies. Continue Reading
-
News
05 Apr 2022
German authorities behead dark web Hydra Market
Police in Germany raided facilities hosting the infamous Hydra Market site as part of an international effort to crack down on dark web forums and marketplaces. Continue Reading
-
News
05 Apr 2022
March ransomware attacks strike finance, government targets
In March, ransomware reports and disclosures showed a variety of victims, from public schools and county governments to financial services firms and large enterprises. Continue Reading
-
News
04 Apr 2022
Cryptocurrency companies targeted in Mailchimp breach
Cryptocurrency wallet maker Trezor revealed phishing attacks against its customers that stemmed from a breach at Mailchimp, which the email marketing firm later confirmed. Continue Reading
-
News
01 Apr 2022
CrowdStrike finds 'logging inaccuracies' in Microsoft 365
CrowdStrike says Microsoft's cloud offering may not be accurately taking logs of user sign-ins, and that could pose a threat to protecting networks and investigating attacks. Continue Reading
-
News
30 Mar 2022
Viasat confirms cyber attack on Ukraine customers
The U.S.-based satellite internet provider said a 'multifaceted and deliberate cyber attack' struck Viasat's KA-SAT network on the first day of Russia's invasion of Ukraine. Continue Reading
-
News
30 Mar 2022
Axie Infinity hack results in $600M cryptocurrency heist
Axie Infinity, whose developer was hacked this month, is a popular NFT-based video game in which players earn cryptocurrency by raising their pay-to-play digital pets, or 'Axies.' Continue Reading
-
News
29 Mar 2022
Rapid7 finds zero-day attacks surged in 2021
Cybercriminals are turning bugs into exploits faster than ever, according to Rapid7, which found that the average time to known exploitation dropped 71% last year. Continue Reading
-
Guest Post
28 Mar 2022
The benefits and challenges of SBOMs
While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security. Continue Reading
-
News
25 Mar 2022
US indicts Russian nationals for critical infrastructure attacks
One defendant is accused of deploying the infamous Trisis or Triton malware against energy-sector companies, including a petrochemical plant in Saudi Arabia in a 2017 attack. Continue Reading
-
Tip
25 Mar 2022
Review Microsoft Defender for endpoint security pros and cons
Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls. Continue Reading
-
Podcast
25 Mar 2022
Risk & Repeat: Lapsus$ highlights poor breach disclosures
This Risk & Repeat podcast episode examines two high-profile breaches by emerging threat group Lapsus$ and how Microsoft and Okta responded to these attacks. Continue Reading
-
Tip
25 Mar 2022
6 types of insider threats and how to prevent them
From disgruntled employees to compromised users to third-party vendors, here are six types of insider threats and best practices to mitigate the issues. Continue Reading
-
News
24 Mar 2022
North Korean hackers exploited Chrome zero-day for 6 weeks
Google researchers say a Chrome zero-day bug stemming from a use-after-free error was exploited by North Korean hackers against both media and financial targets earlier this year. Continue Reading
-
News
24 Mar 2022
FBI: Ransomware hit 649 critical infrastructure entities in 2021
The FBI's Internet Crime Complaint Center found ransomware was a top threat to critical infrastructure security in 2021, hitting a wide range of organizations. Continue Reading
-
News
24 Mar 2022
Okta provides new details on Lapsus$ attack
The authentication provider shed new light on how a customer service agent at subcontractor Sitel was hacked and then used to obtain data on hundreds of Okta clients. Continue Reading
-
News
23 Mar 2022
Microsoft confirms breach, attributes attack to Lapsus$
Microsoft disclosed it had been breached by emerging threat group Lapsus$ toward the end of a threat intelligence post dedicated to the extortion gang and its tactics. Continue Reading
-
News
22 Mar 2022
Lapsus$ hacking group hit authentication vendor Okta
Authentication vendor Okta is the latest tech giant to be named as a victim of the prolific Lapsus$ crew, through key details about the attack remain in dispute. Continue Reading
-
News
22 Mar 2022
F-Secure splits in two as WithSecure launches
The Finnish security vendor's enterprise business sets off on its own as a new brand called WithSecure, while F-Secure will continue to operate the consumer side of the business. Continue Reading
-
News
22 Mar 2022
Biden: Russia exploring cyber attacks against US
President Joe Biden's warning of potential Russian attacks against U.S. critical infrastructure is the latest call to action for the private sector to fortify its cyberdefenses. Continue Reading
-
News
16 Mar 2022
FTC accuses CafePress of covering up 2019 data breach
The proposed FTC settlement would require CafePress' former owner to pay $500,000 in compensation to customers who were victimized in the company's 2019 data breach. Continue Reading
-
News
16 Mar 2022
Biden signs law on reporting critical infrastructure cyber attacks
President Joe Biden signed a law that requires critical infrastructure entities to report cyber attacks within 72 hours and report ransom payments in 24 hours. Continue Reading
-
News
15 Mar 2022
SentinelOne acquires Attivo Networks for $617M
SentinelOne is acquiring Attivo Networks for a $616.5 million price tag and plans to merge the company's identity threat detection services with its XDR offering. Continue Reading
-
News
15 Mar 2022
Infosec news cycles: How quickly do they fade?
Google Trends spikes, on average, lasted a few weeks for major infosec news events like SolarWinds, Log4Shell and the Colonial Pipeline ransomware attack. Continue Reading
-
News
14 Mar 2022
Cyber insurance war exclusions loom amid Ukraine crisis
Changes in insurance exemptions for acts of war reflect an increase in damages caused to enterprises related to state-sponsored cyber attacks. Continue Reading
-
Guest Post
11 Mar 2022
How to build a security champions program
Security champions are key to promoting and creating a security-first company. Learn how to build a security champions program using these four steps. Continue Reading
-
News
10 Mar 2022
Log4Shell vulnerability continues to menace developers
Months after it was first disclosed, the Log4j RCE vulnerability remains widespread on code-sharing sites and open source repositories, according to security researchers. Continue Reading
-
Answer
10 Mar 2022
Use microsegmentation to mitigate lateral attacks
Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
-
News
09 Mar 2022
Immersive Labs: Average cyberthreat response takes 96 days
Immersive Labs' Cyber Workforce Benchmark found that some critical threats, including a zero-day vulnerability, took an average of six months to fully address. Continue Reading
-
News
08 Mar 2022
FBI finds Ragnar Locker hit 52 U.S. critical infrastructure targets
While providing an updated list of indicators of compromise, the FBI revealed that a range of critical sectors were attacked by the ransomware group. Continue Reading
-
News
08 Mar 2022
Google to acquire Mandiant for $5.4B
Google's acquisition announcement came less than a year after Mandiant and FireEye split. FireEye was sold to Symphony Technology Group last fall for $1.2 billion. Continue Reading
-
News
04 Mar 2022
Hackers using stolen Nvidia certificates to sign malware
The recent breach of Nvidia's corporate network has resulted in the posting of valid software certificates that are now being used to spread malware in the wild. Continue Reading