Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
News
15 Nov 2024
Palo Alto Networks PAN-OS management interfaces under attack
Palo Alto Networks confirmed that threat actors are exploiting a vulnerability in PAN-OS firewall management interfaces after warning customers to secure them for nearly a week. Continue Reading
-
News
14 Nov 2024
Infoblox: 800,000 domains vulnerable to hijacking attack
While the 'Sitting Ducks' attack vector continues to pose a problem, Infoblox says domain registrars, DNS providers and government bodies remain inactive. Continue Reading
-
News
03 Apr 2019
'Triple threat' malware campaign combines Emotet, TrickBot and Ryuk
Cybereason sounds off on the recently discovered 'triple threat' campaign and highlights interesting features of the attack technique used by cybercriminals. Continue Reading
-
News
26 Mar 2019
CrowdStrike: Cybercrime groups joining forces to pack more punch
CrowdStrike sounds off on the enhanced partnership between the cybercrime groups behind the TrickBot and BokBot malware and explains what such collaborations signify. Continue Reading
-
News
26 Mar 2019
Asus backdoor hits targets with officially signed update
Attackers infected the official Asus Live Updater to install a malicious backdoor on hundreds of thousands of systems, with the intent of targeting a small subset of those users. Continue Reading
-
Answer
26 Mar 2019
Can PDF digital signatures be trusted?
Digital signatures on PDF documents don't necessarily guarantee their contents are valid, as new research shows viewer implementations don't always detect incomplete signatures. Continue Reading
-
News
20 Mar 2019
New Mirai malware variant targets enterprise devices
Researchers from Palo Alto Networks have spotted a new variant of the Mirai botnet that is targeting enterprise presentation systems and digital signage with 11 new exploits. Continue Reading
-
News
20 Mar 2019
Experts praise Norsk Hydro cyberattack response
Aluminum manufacturer Norsk Hydro was hit with ransomware that forced a switch to manual operations. The company's incident response has experts impressed. Continue Reading
-
Tip
20 Mar 2019
Find out whether secure email really protects user data in transit
Outside of user perceptions, how safe is secure email in terms of protecting users' data in transit? Our expert explains how much the SSL and TLS protocols can protect email. Continue Reading
-
Tip
19 Mar 2019
An introduction to building management system vulnerabilities
Understanding what a building management system is and does is important for organizations to have stronger security postures. Expert Ernie Hayden examines the BMS and its flaws. Continue Reading
-
Tip
14 Mar 2019
Nine email security features to help prevent phishing attacks
Check out nine email security features that can help protect you from phishing attacks. First, make sure they're enabled on your email system configuration, and if not, start your wish list. Continue Reading
-
News
13 Mar 2019
Election security threats loom as presidential campaigns begin
Fragile electronic voting systems and the weaponization of social media continue to menace U.S. election systems as presidential candidates ramp up their 2020 campaigns. Continue Reading
-
News
13 Mar 2019
SANS Institute: DNS attacks gaining steam in 2019
At RSA Conference 2019, experts from the SANS Institute discuss the most dangerous attack techniques they've seen, including DNS manipulation and domain fronting. Continue Reading
-
News
11 Mar 2019
Zscaler charts sharp increase in SSL threats like phishing, botnets
Threat actors are exploiting encryption protocols to deliver malicious content, according to Zscaler, which found a 400% increase in SSL-based phishing threats last year. Continue Reading
-
News
07 Mar 2019
Nation-state threats grow more sophisticated, converge on targets
Incident response experts say nation-state cyberattacks are so common that they find threat actors from multiple nations operating in the same victim environment. Continue Reading
-
Conference Coverage
07 Mar 2019
RSAC 2019: Coverage of the premiere security gathering
Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team. Continue Reading
-
News
06 Mar 2019
FBI director calls for public-private cybersecurity partnerships
At the recent RSA Conference, FBI Director Christopher Wray called for public-private partnerships to fend off cyberadversaries and threats. Continue Reading
-
Tip
01 Mar 2019
Understanding the new breed of command-and-control servers
Command-and-control servers are now using public cloud services, social media and other resources to evade detection. What should enterprises do to combat these threats? Continue Reading
-
News
01 Mar 2019
Research sparks debate over password manager vulnerabilities
Researchers found several popular password managers expose master passwords in system memory, but experts recommend consumers and enterprises should still use the products. Continue Reading
-
Tip
01 Mar 2019
Top 5 email security issues to address in 2019
The top five email security issues come from a variety of places, from email phishing to account takeovers. Our security expert recommends being vigilant and poised to take action. Continue Reading
-
Answer
25 Feb 2019
How does a WordPress SEO malware injection work and how can enterprises prevent it?
Security expert Nick Lewis explains how to prevent WordPress SEO malware injection attacks that rank the attacker's search engine results higher than legitimate webpages. Continue Reading
-
News
20 Feb 2019
ConnectWise plugin flaw exploited in ransomware attacks on MSPs
GandCrab ransomware infected several managed service providers, thanks to an old a ConnectWise manage plugin vulnerability, but a new decryptor tool is offering relief to victims. Continue Reading
-
Answer
20 Feb 2019
Is a Mirai botnet variant targeting unpatched enterprises?
New variants of popular botnets were found targeting IoT devices by Palo Alto Networks' Unit 42. Discover how these variants differ from their sources and what new risks they pose. Continue Reading
-
Answer
20 Feb 2019
Why is the N-gram content search key for threat detection?
Detected malware can now efficiently be tracked due to VirusTotal's enterprise version of its software. Discover what N-gram is and how it can be used with Nick Lewis. Continue Reading
-
Answer
20 Feb 2019
What new technique does the Osiris banking Trojan use?
A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it poses with Nick Lewis. Continue Reading
-
Blog Post
20 Feb 2019
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks. Continue Reading
-
Answer
18 Feb 2019
How does the iPhone phishing scam work?
An iPhone phishing scam leads users to believe malicious incoming calls are from Apple Support. How can enterprises protect their employee against this threat? Continue Reading
-
News
15 Feb 2019
Astaroth Trojan returns, abuses antivirus software
Cybereason's Nocturnus Research team has discovered a new strain of the Astaroth Trojan that attacks antivirus software to steal credentials. Continue Reading
-
Answer
14 Feb 2019
How did the Dirty COW exploit get shipped in software?
An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what this vulnerability can do. Continue Reading
-
Answer
08 Feb 2019
How did the Python supply chain attack occur?
A Python supply chain attack made it possible for an attacker to steal cryptocurrency. What steps should be taken to prevent incidents like this? Continue Reading
-
News
08 Feb 2019
'SpeakUp' backdoor Trojan could spell further trouble for Linux servers
Check Point Research explains why SpeakUp, the new Trojan targeting Linux servers, has the potential to unleash more harm and offers pointers on how to defend against such malware. Continue Reading
-
Feature
08 Feb 2019
USB attacks: Big threats to ICS from small devices
USB devices can carry malware that can wreak havoc on industrial control systems. Expert Ernie Hayden explores the history of USB attacks and possible mitigations. Continue Reading
-
Feature
01 Feb 2019
Battling nation-state cyberattacks in a federal leadership vacuum
Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers. Continue Reading
- 01 Feb 2019
-
Quiz
01 Feb 2019
Try this quiz on cybersecurity problems to earn CPE credit
This quiz tests your understanding of key cybersecurity issues in 2019 covered in the February issue of 'Information Security' magazine. Pass the quiz and earn CPE credit. Continue Reading
-
Feature
01 Feb 2019
Cyber NYC initiative strives to make New York a cybersecurity hub
New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation. Continue Reading
-
News
29 Jan 2019
Major Apple FaceTime bug allows audio eavesdropping
A new major FaceTime bug can allow someone to hear the other party's audio before they answer the call and the issue was reported to Apple more than a week ago. Continue Reading
-
News
29 Jan 2019
Dailymotion credential stuffing attacks lasted more than 6 days
Video-sharing website Dailymotion reset passwords for an unknown number of users following 'large-scale' credential stuffing attacks that lasted for more than six days before being stopped. Continue Reading
-
News
25 Jan 2019
DNS hijack attacks lead to government directive from DHS
Following a string of DNS hijack attacks around the globe, the Department of Homeland Security has directed federal agencies to harden defenses against DNS tampering. Continue Reading
-
Answer
24 Jan 2019
How can synthetic clicks aid a privilege escalation attack?
An Apple security expert introduced the concept of synthetic clicks, which can bypass privilege escalation defenses. Find out how this new attack technique works with Nick Lewis. Continue Reading
-
News
22 Jan 2019
DNC lawsuit claims Russian hackers attacked again after midterms
A Democratic National Committee lawsuit regarding Russian cyberattacks in the lead-up to the 2016 election now also claims Russia attacked DNC systems after the 2018 midterms. Continue Reading
-
Answer
21 Jan 2019
Man-in-the-disk attack: How are Android products affected?
Researchers from Check Point announced a new attack at Black Hat 2018 that targets Android devices. Discover how this attack works and how devices should be protected with Nick Lewis. Continue Reading
-
News
18 Jan 2019
Collection #1 breach data includes 773 million unique emails
Have I Been Pwned added a new trove of 773 million unique emails and 21 million passwords -- known as the Collection #1 breach data -- but there are questions about the freshness of the data. Continue Reading
-
News
15 Jan 2019
Ryuk ransomware poses growing threat to enterprises
Cybersecurity vendors CrowdStrike and FireEye both published new research that shows an increase in Ryuk ransomware attacks on enterprises, which have earned hackers $3.7 million. Continue Reading
-
Answer
15 Jan 2019
How was a credit card skimmer used to steal data from Newegg?
Researchers believe that malicious JavaScript code was used to steal credit card data from online retailer Newegg. Learn more about this attack with Judith Myerson. Continue Reading
-
News
11 Jan 2019
Iran implicated in DNS hijacking campaign around the world
FireEye researchers investigating a DNS hijacking campaign against governments and telecom companies said those who are potential targets of Iran should take precautions. Continue Reading
-
News
10 Jan 2019
McAfee casts doubt on Ryuk ransomware connection to North Korea
New research from McAfee refutes the connection between recent Ryuk ransomware attacks and the North Korean government. Instead, it points the finger at cybercriminals. Continue Reading
-
Podcast
10 Jan 2019
Risk & Repeat: What APT10 means for managed service providers
This week's Risk & Repeat podcast discusses how a Chinese state-sponsored threat group known as APT10 hacked into managed service providers to gain access to their clients. Continue Reading
-
Tip
10 Jan 2019
How NIST is preparing to defend against quantum attacks
The NSA has begun the transition from ECC to new algorithms to resist quantum attacks. Learn about the threat posed by quantum computing from expert Michael Cobb. Continue Reading
-
News
02 Jan 2019
Tribune Publishing cyberattack raises attribution questions
Malware hit the Tribune Publishing Company and disrupted the publication of several major newspapers, but the nature of the attack and threat actors remain unclear. Continue Reading
-
News
27 Dec 2018
Malwarebytes: Fileless ransomware an emerging threat for U.S.
A new Malwarebytes report examines Sorebrect, a fileless ransomware threat that's been detected in the U.S. this year, as well as with three other fileless attacks. Continue Reading
-
Answer
21 Dec 2018
How is SamSam ransomware using a manual attack process?
Sophos researchers believe the SamSam ransomware campaign could be the work of one or a few threat actors using manual techniques. Learn how it works and if recovery is possible. Continue Reading
-
News
20 Dec 2018
McAfee: When quantum computing threats strike, we won't know it
Quantum computing systems may not be powerful enough to break current encryption protocols, but McAfee CTO Steve Grobman says it will be tough to tell when that day arrives. Continue Reading
-
Answer
19 Dec 2018
GandCrab ransomware: How does it differ from previous versions?
A new version of GandCrab was discovered by researchers in July 2018 and involves the use of legacy systems. Learn how this version differs and who is at risk with Nick Lewis. Continue Reading
-
Answer
17 Dec 2018
Kronos banking Trojan: How does the new variant compare?
Proofpoint researchers found a Kronos variant after it targeted victims in Germany, Japan and Poland. Learn how this variant compares to the original banking Trojan with Nick Lewis. Continue Reading
-
News
14 Dec 2018
Facebook API bug exposed photos of 6.8 million users
GDPR regulators are already investigating a new Facebook API bug the social media giant announced Friday that might have exposed photos belonging to up to 6.8 million users. Continue Reading
-
Answer
14 Dec 2018
How does the new Dharma Ransomware variant work?
Brrr ransomware, a Dharma variant, was found adding malicious extensions to encrypted files. Discover how this is possible and how this attack can be mitigated with Judith Myerson. Continue Reading
-
News
13 Dec 2018
Operation Sharpshooter targets infrastructure around the world
Operation Sharpshooter is a recently discovered global cyberattack campaign targeting critical infrastructure organizations, including nuclear, defense and financial companies. Continue Reading
-
News
06 Dec 2018
NRCC email breach confirmed eight months later
A security company was brought in to investigate a National Republican Congressional Committee breach from April, but little is known about the NRCC email theft. Continue Reading
-
News
06 Dec 2018
NSO Group's Pegasus spyware linked to Saudi journalist death
Soon after the Pegasus spyware was linked to the death of a Mexican journalist, a new lawsuit alleged the NSO Group and its spyware were also linked to the death of a Saudi journalist. Continue Reading
-
Feature
05 Dec 2018
Testing email security products: Results and analysis
Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products and the challenges it faced to come up with sound methodologies. Continue Reading
-
News
05 Dec 2018
New VirusTotal hash causes drop in antivirus detection rates
Questions were raised about how antivirus vendors use the VirusTotal database after a researcher highlighted a significant drop in malware detection rates following an upload of a new VirusTotal hash. Continue Reading
-
Answer
04 Dec 2018
What are the security risks of third-party app stores?
Unlike most apps developed in app stores, users can download Fortnite from Epic Games' website. Expert Michael Cobb explains the security risks of third-party app stores. Continue Reading
-
Feature
30 Nov 2018
Testing email security products: Challenges and methodologies
Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products, as well as the challenges it faced to come up with sound methodologies. Continue Reading
-
Tip
30 Nov 2018
How supply chain security has evolved over two decades
Both physical and cyber supply chain security are critically important. Expert Ernie Hayden outlines the recent history of supply chain defenses and what enterprises need to know. Continue Reading
-
News
28 Nov 2018
Botnet takedown snares 3ve, Methbot ad fraud campaigns
The Justice Department indicted eight individuals accused of running major ad fraud campaigns, including the 3ve botnet, which generated millions of dollars in fake ad revenue. Continue Reading
-
Answer
28 Nov 2018
How did the Emotet banking Trojan lead to a rise in attacks?
A report on cybercrime shows a rise in banking Trojans, such as Emotet, targeting businesses over consumers. Malwarebytes' Adam Kujawa shares his thoughts on what's behind this shift. Continue Reading
-
Tip
27 Nov 2018
How bring-your-own-land attacks are challenging enterprises
FireEye researchers developed a new technique called bring your own land, which involves attackers creating their own tools. Discover more about how this works with Nick Lewis. Continue Reading
-
Answer
23 Nov 2018
How was a MikroTik router hack used to hijack traffic?
Qihoo 360 Netlab researchers found that TZSP traffic was being redirected from vulnerable routers. Learn what this type of traffic is and how this attack is possible. Continue Reading
-
Answer
21 Nov 2018
How were attackers able to bypass 2FA in a Reddit breach?
Reddit announced a breach after users were socially engineered and attackers bypassed 2FA protocols. Discover how this attack was possible and how sites can avoid falling victim. Continue Reading
-
News
16 Nov 2018
Cylance acquisition shifts BlackBerry towards security
BlackBerry made its strongest move yet toward enterprise security with a $1.4 billion acquisition of cybersecurity startup Cylance, which specializes in AI-powered threat protection. Continue Reading
-
News
16 Nov 2018
Google BGP route leak was accidental, not hijacking
Despite early speculation, experts concluded the BGP route leak that sent Google traffic through China and Russia was due to an accidental misconfiguration and not malicious activity. Continue Reading
-
Podcast
16 Nov 2018
Risk & Repeat: Are we winning the war on cybercrime?
On this week's Risk & Repeat podcast, Chet Wisniewski of Sophos discusses his company's latest research and explains why there's reason for optimism in the war on cybercrime. Continue Reading
-
Answer
16 Nov 2018
How does Thanatos ransomware decryptor tool restore data?
Cisco Talos' Thanatos ransomware decryptor can recover files affected by new ransomware that won't decrypt ransomed files even when a ransom has been paid. Continue Reading
-
Answer
15 Nov 2018
How is the Trezor cryptocurrency online wallet under attack?
A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it with expert Nick Lewis. Continue Reading
-
News
14 Nov 2018
Cybercrime agreement signed by 50 nations, not U.S., China and Russia
An international cybercrime agreement was signed by 50 nations and 150 companies in Paris, but the U.S., China and Russia were not part of the accord. Continue Reading
-
Answer
14 Nov 2018
How does signed software help mitigate malware?
Okta researchers found a bypass that allows macOS malware to pose as signed Apple files. Discover how this is possible and how to mitigate this attack. Continue Reading
-
Answer
13 Nov 2018
How does the Mylobot botnet differ from a typical botnet?
The new Mylobot botnet demonstrated new, complex tools and techniques that are modifying botnet attacks. Learn how this botnet differs from a typical botnet with Nick Lewis. Continue Reading
-
Answer
09 Nov 2018
How is Plead malware used for cyberespionage attacks?
Cyberespionage hackers have used stolen digital certificates to steal data. Expert Michael Cobb explains how hackers sign Plead malware to conduct these attacks. Continue Reading
-
Answer
08 Nov 2018
What is behind the growing trend of BEC attacks?
BEC attacks cost over $676 million in 2017, according to the FBI's Internet Crime Report. Learn how to recognize possible BEC attacks from expert Michael Cobb. Continue Reading
-
News
06 Nov 2018
PortSmash side-channel attack targets Intel Hyper-Threading
The latest side-channel attack against Intel chips, known as PortSmash, targets Hyper-Threading in order to steal data, such as private OpenSSL keys from a TLS server. Continue Reading
-
News
02 Nov 2018
SamSam ransomware campaigns continue to target U.S. in 2018
News roundup: SamSam ransomware targeted 67 organizations in 2018, according to research. Plus, Equifax is sending its breach victims to Experian for credit monitoring, and more. Continue Reading
-
News
02 Nov 2018
Kraken ransomware gets packaged into Fallout EK
Researchers found Kraken ransomware has become more popular after being packaged in the Fallout exploit kit and becoming part of an affiliate program. Continue Reading
-
News
31 Oct 2018
The first sandboxed antivirus is Windows Defender
Microsoft created the first sandboxed antivirus solution in its latest Insider version of Windows Defender for Windows 10, moving proactively to harden the product against attacks. Continue Reading
-
News
25 Oct 2018
Malwarebytes cybercrime report shows increase in attacks on businesses
Malwarebytes' report, 'Cybercrime Tactics and Techniques Q3 2018,' highlights how businesses became the focus of cyberattacks versus consumers over the past three months. Continue Reading
-
News
25 Oct 2018
FireEye ties Russia to Triton malware attack in Saudi Arabia
FireEye security researchers claimed the Russian government was 'most likely' behind the Triton malware attack on an industrial control system in Saudi Arabia last year. Continue Reading
-
News
19 Oct 2018
GreyEnergy threat group detected attacking high-value targets
Researchers claim a new threat group called GreyEnergy is the successor to BlackEnergy, but experts are unsure if the evidence supports the claims or warnings of future attacks. Continue Reading
-
News
18 Oct 2018
New libSSH vulnerability gives root access to servers
A 4-year-old libSSH vulnerability can allow attackers to easily log in to servers with full administrative control, but it is still unclear exactly how many devices are at risk. Continue Reading
-
Tip
18 Oct 2018
The implications of the NetSpectre vulnerability
The NetSpectre vulnerability could enable a slow leak of data remotely via side channels. Expert Michael Cobb explains why data on secure microprocessors is not actually safe. Continue Reading
-
Answer
17 Oct 2018
How did the IcedID and TrickBot banking Trojans join forces?
The TrickBot banking Trojan joined forces with IcedID to form a dual threat that targets victims for money. Discover how this union occurred and how it has changed their behaviors. Continue Reading
-
News
16 Oct 2018
Pentagon data breach exposed travel data for 30,000 individuals
The Department of Defense said a Pentagon data breach exposed travel records for approximately 30,000 military and civilian personnel, but the investigation is still in progress. Continue Reading
-
Answer
15 Oct 2018
How does the MnuBot banking Trojan use unusual C&C servers?
IBM X-Force found MnuBot -- a new banking Trojan -- manipulating C&C servers in an unusual way. Learn how this is possible and how this malware differs from those in the past. Continue Reading
-
News
12 Oct 2018
Industroyer, NotPetya linked to TeleBots group by ESET researchers
News roundup: An APT group called TeleBots group was linked to Industroyer malware and NotPetya ransomware, according to researchers. Plus, Imperva is acquired by Thoma Bravo and more. Continue Reading
-
Answer
10 Oct 2018
How do hackers use legitimate admin tools to compromise networks?
Hackers use legitimate admin tools to exfiltrate data in living off the land attacks that are hard to detect. Learn about this cyberattack tactic from expert Michael Cobb. Continue Reading
-
News
05 Oct 2018
GRU indictment accuses 7 Russians in global cyberattacks
The U.S., U.K. and other allies accused seven Russian military officers in cybercrimes around the world, and the GRU indictment from the U.S. formally pressed charges. Continue Reading
-
News
04 Oct 2018
North Korean cybertheft of $100-plus million attributed to APT38
Security researchers tracked an aggressive cybertheft campaign -- attributed to North Korean APT38 -- in which threat actors attempted to steal more than $1 billion and destroy all evidence along the way. Continue Reading
-
Answer
04 Oct 2018
How does stegware malware exploit steganography techniques?
Researchers at the 2018 RSA Conference discussed the increasing availability of malware that uses steganography, dubbed stegware. Discover how this works with expert Nick Lewis. Continue Reading
-
Tip
04 Oct 2018
How is Android Accessibility Service affected by a banking Trojan?
ThreatFabric researchers uncovered MysteryBot, Android malware that uses overlay attacks to avoid detection. Learn how this malware affects Google's Android Accessibility Service. Continue Reading
-
Answer
02 Oct 2018
How does MassMiner malware infect systems across the web?
Researchers from AlienVault found a new cryptocurrency mining malware -- dubbed MassMiner -- that infects systems across the web. Learn how this malware operates with Nick Lewis. Continue Reading
-
Answer
02 Oct 2018
How can GravityRAT check for antimalware sandboxes?
A remote access Trojan -- dubbed GravityRAT -- was discovered checking for antimalware sandboxes by Cisco Talos. Learn how this technique works and how it can be mitigated. Continue Reading
-
News
28 Sep 2018
Facebook breach affected nearly 50 million accounts
Nearly 50 million accounts were affected in a Facebook breach, but it is still unclear what data attackers may have obtained and who might have been behind the breach. Continue Reading
-
Podcast
28 Sep 2018
Risk & Repeat: NSS Labs lawsuit shakes infosec industry
This week's Risk & Repeat podcast discusses NSS Labs' antitrust suit against several security vendors, including CrowdStrike and the Anti-Malware Testing Standards Organization. Continue Reading
