Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
News
15 Nov 2024
Palo Alto Networks PAN-OS management interfaces under attack
Palo Alto Networks confirmed that threat actors are exploiting a vulnerability in PAN-OS firewall management interfaces after warning customers to secure them for nearly a week. Continue Reading
-
News
14 Nov 2024
Infoblox: 800,000 domains vulnerable to hijacking attack
While the 'Sitting Ducks' attack vector continues to pose a problem, Infoblox says domain registrars, DNS providers and government bodies remain inactive. Continue Reading
-
Answer
27 Sep 2018
BlackTDS: How can enterprise security teams avoid an attack?
Proofpoint researchers found a bulletproof hosting evolution, BlackTDS, this is believed to be advertised on the dark web. Learn what security teams should know with Nick Lewis. Continue Reading
-
News
25 Sep 2018
Cybersecurity Tech Accord expands with new members, partners
Microsoft announced that, six months after its introduction, the Cybersecurity Tech Accord has nearly doubled its membership and partnered with the Global Forum on Cyber Expertise. Continue Reading
-
Answer
25 Sep 2018
Can monitoring help defend against Sanny malware update?
Changes to the Sanny malware were recently discovered by FireEye researchers. Learn who is at risk and how elevated privileges can help protect you with Nick Lewis. Continue Reading
-
News
21 Sep 2018
CrowdStrike responds to NSS Labs lawsuit over product testing
CrowdStrike and the Anti-Malware Testing Standards Organization responds the allegations made by NSS Labs in a bombshell antitrust suit over product testing practices. Continue Reading
-
News
19 Sep 2018
NSS Labs lawsuit takes aim at CrowdStrike, Symantec and ESET
In an antitrust lawsuit, NSS Labs accused some of the top antimalware vendors in the industry, including CrowdStrike and Symantec, of conspiring to undermine its testing efforts. Continue Reading
-
News
14 Sep 2018
Researchers bring back cold boot attacks on modern computers
The idea of cold boot attacks began 10 years ago, but researchers at F-Secure found the attack can be used on modern computers to steal encryption keys and other data. Continue Reading
-
Answer
14 Sep 2018
How does the SynAck ransomware use Process Doppelgänging?
A technique called Process Doppelgänging was used by the SynAck ransomware to bypass security software. Expert Michael Cobb explains how this technique works and why it's unique. Continue Reading
-
Answer
12 Sep 2018
How does Android Protected Confirmation provide security for users?
Android P integrates Android Protected Confirmation, which provides sufficient trust in the authentication process. Learn more about this new feature with expert Michael Cobb. Continue Reading
-
News
11 Sep 2018
Robot social engineering works because people personify robots
Brittany 'Straithe' Postnikoff studied robot social engineering and found personification of robots can lead to effective attacks, regardless of whether or not AI is involved. Continue Reading
-
News
07 Sep 2018
Another mSpy leak exposed millions of sensitive user records
News roundup: An mSpy leak has again exposed millions of customer records on the internet. Plus, the FIDO Alliance launched a biometrics certification, and more. Continue Reading
-
News
07 Sep 2018
Lazarus Group hacker charged in WannaCry, Sony attacks
The Department of Justice charged one Lazarus Group hacker, Park Jin Hyok, for his role in the WannaCry attack, Sony hack, SWIFT banking theft and more. Continue Reading
-
Tip
06 Sep 2018
How the STARTTLS Everywhere initiative will affect surveillance
The EFF's STARTTLS Everywhere initiative encrypts email during delivery and aims to prevent mass email surveillance. Expert Michael Cobb explains how STARTTLS works. Continue Reading
-
Answer
29 Aug 2018
ATM jackpotting: How does the Ploutus.D malware work?
Ploutus.D malware recently started popping up in the U.S. after several ATM jackpotting attacks. Discover how this is possible and what banks can do to prevent this with Nick Lewis. Continue Reading
-
Answer
28 Aug 2018
SamSam ransomware: How can enterprises prevent an attack?
SamSam ransomware infected the Colorado DOT after hitting hospitals, city councils and companies. Learn how this version differs from those we've seen in the past. Continue Reading
-
News
24 Aug 2018
Hundreds of Facebook accounts deleted for spreading misinformation
News roundup: Social media platforms shut down accounts spreading misinformation. The Facebook accounts deleted were tied to Iran, Russia. Plus, Ryuk ransomware spreads, and more. Continue Reading
-
News
23 Aug 2018
Laura Noren advocates data science ethics for employee info
Expert Laura Norén believes companies should be held to standards of data science ethics both when it comes to customer data and also for the data collected about employees. Continue Reading
-
News
17 Aug 2018
ICS security fails the Black Hat test
Industrial control systems hit the mainstream at Black Hat this year, with over two dozen program sessions tackling different angles of the subject. The takeaway: Vendors still aren't really trying. Continue Reading
-
Answer
17 Aug 2018
How is Oracle Micros POS affected by CVE 2018-2636?
A security researcher found a security flaw dubbed CVE-2018-2636 that enables the installation of malware on Oracle Micros POS systems. Learn more about the vulnerability. Continue Reading
-
Tip
16 Aug 2018
How to mitigate the Efail flaws in OpenPGP and S/MIME
Efail exploits vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext in encrypted emails. Learn more about the Efail vulnerabilities from expert Michael Cobb. Continue Reading
-
Answer
15 Aug 2018
Skygofree Trojan: What makes this spyware unique?
Android malware was discovered by Kaspersky Labs and named Skygofree. This Trojan targets smartphones and tablets using spyware and gathers user information and app data. Continue Reading
-
News
14 Aug 2018
Google location tracking continues even when turned off
New research has discovered mobile apps may still store where users have been even after Google location-tracking services have been turned off. Continue Reading
-
Answer
14 Aug 2018
Ransomware recovery: How can enterprises operate post-attack?
A report detailed how Maersk recovered its infrastructure from a NotPetya ransomware attack along with its chosen recovery option. Expert Nick Lewis explains how it worked. Continue Reading
-
Answer
13 Aug 2018
Okiru malware: How does this Mirai malware variant work?
A Mirai variant has the ability to put billions of devices at risk of becoming part of a botnet. Discover how this works and what devices are at risk with expert Nick Lewis. Continue Reading
-
News
10 Aug 2018
2018 Pwnie Awards cast light and shade on infosec winners
The Meltdown and Spectre research teams won big at the Pwnie Awards this year at Black Hat, while the late-entry Bitfi Wallet team overwhelmingly won for Lamest Vendor Response. Continue Reading
-
News
08 Aug 2018
Parisa Tabriz's Black Hat 2018 keynote challenges infosec's status quo
In her Black Hat 2018 keynote, Google's Parisa Tabriz celebrated the unrecognized, long-term work that can cause real change in security and challenge the status quo. Continue Reading
-
Answer
08 Aug 2018
How do SDKs for ad networks cause data leaks?
SDKs made user data susceptible to security vulnerabilities in mobile apps. Expert Michael Cobb explains how this security vulnerability put user data at risk. Continue Reading
-
Tip
07 Aug 2018
Four new Mac malware strains exposed by Malwarebytes
Mac platforms are at risk after Malwarebytes discovered four new Mac malware strains. Learn how to protect your enterprise and how to mitigate these attacks with expert Nick Lewis. Continue Reading
-
News
06 Aug 2018
Coinhive malware infects tens of thousands of MikroTik routers
The cryptominer Coinhive malware has infected tens of thousands of MikroTik routers around the world, as malicious actors take advantage of poor patching habits by users. Continue Reading
-
Blog Post
03 Aug 2018
Five things to watch for at Black Hat USA this year
As Black Hat USA 2018 approaches, we take a quick look at trends in the conference agenda and sessions not to miss. Continue Reading
-
Podcast
02 Aug 2018
Risk & Repeat: A deep dive on SamSam ransomware
In this week's Risk & Repeat podcast, SearchSecurity editors talk about the SamSam ransomware campaign, which may be the work of a single hacker who's made nearly $6 million. Continue Reading
-
News
02 Aug 2018
FIN7 members arrested after stealing 15 million credit card records
The FBI arrested three members of the FIN7 cybercrime gang -- also known as the Carbanak Group -- for targeting more than 100 businesses and stealing 15 million credit card records. Continue Reading
-
Conference Coverage
02 Aug 2018
Black Hat 2018 conference coverage
The SearchSecurity team covers the latest threats and vulnerabilities featured at this year's Black Hat USA with news, interviews and more from Las Vegas. Continue Reading
-
Feature
01 Aug 2018
Overwhelmed by security data? Science to the rescue
Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives. Continue Reading
-
News
31 Jul 2018
Malvertising campaign tied to legitimate online ad companies
A new report from Check Point Research uncovers an extensive malvertising campaign known as Master134 and implicates several online advertising companies in the scheme. Continue Reading
-
News
31 Jul 2018
SamSam ransomware payments reach nearly $6 million
New research reveals SamSam ransomware campaign has generated almost $6 million for attacker and appears to be the work of a single hacker who shows no sign of slowing down. Continue Reading
-
News
31 Jul 2018
NetSpectre is a remote side-channel attack, but a slow one
A new PoC attack using Spectre variant 1 called NetSpectre marks the first time Spectre v1 has been exploited remotely, although questions remain on the practicality of the attack. Continue Reading
- 27 Jul 2018
-
Answer
27 Jul 2018
Powerhammering: Can a power cable be used in air-gapped attacks?
Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power cables. Continue Reading
-
Podcast
26 Jul 2018
Risk & Repeat: DHS warns of power grid cyberattacks
In this week's Risk & Repeat podcast, SearchSecurity editors discuss a new warning from the Department of Homeland Security regarding Russian hackers targeting the U.S. power grid. Continue Reading
-
News
26 Jul 2018
DHS details electrical grid attacks by Russian agents
For the first time, DHS has offered more detailed and unclassified information about electrical grid attacks carried out by Russian hackers and the dangers to U.S. infrastructure. Continue Reading
-
News
19 Jul 2018
Vendor admits election systems included remote software
A vendor admitted to compromising its election system security by installing remote access software on systems over the span of six years, but claims to have stopped the practice. Continue Reading
-
Answer
19 Jul 2018
Zealot campaign: How is the Apache Struts vulnerability used?
The Zealot campaign discovered by F5 Networks uses the same Apache Struts vulnerability exploited in the Equifax breach. Learn how else it performs cryptomining with Nick Lewis. Continue Reading
-
Tip
19 Jul 2018
Domain fronting: Why cloud providers are concerned about it
Domain fronting is a popular way to bypass censorship controls, but cloud providers like AWS and Google have outlawed its use. Expert Michael Cobb explains why. Continue Reading
-
News
17 Jul 2018
X-Agent malware lurked on DNC systems for months after hack
The indictment of Russian intelligence officers accused of hacking the DNC revealed a troubling timeline, including the X-Agent malware lurking on DNC systems for months. Continue Reading
-
News
13 Jul 2018
Russian intelligence officers indicted for DNC hack
A grand jury for special counsel Robert Mueller's election-interference investigation indicted 12 Russian intelligence officers for crimes related to the DNC and DCCC hacks. Continue Reading
-
News
13 Jul 2018
New Spectre variants earn $100,000 bounty from Intel
Researchers discovered two new Spectre variants that can be used to bypass protections and attack systems and earned $100,000 in bug bounties from Intel. Continue Reading
-
News
13 Jul 2018
Ticketmaster breach part of worldwide card-skimming campaign
News roundup: The Ticketmaster breach was part of a massive digital credit card-skimming campaign. Plus, the U.K. fined Facebook over the Cambridge Analytica scandal, and more. Continue Reading
-
Answer
13 Jul 2018
Drupalgeddon 2.0: Why is this vulnerability highly critical?
A recently discovered Drupal vulnerability in its open source CMS allowed attackers to control websites. Learn how almost one million sites were affected with Michael Cobb. Continue Reading
-
News
11 Jul 2018
GandCrab ransomware adds NSA tools for faster spreading
NSA exploit tools have already been used in high-profile malware. And now, GandCrab ransomware v4 has added the NSA's SMB exploit in order to spread faster. Continue Reading
-
Podcast
11 Jul 2018
Risk & Repeat: New concerns about smartphone spying
In this week's Risk & Repeat podcast, SearchSecurity editors discuss research that shows some Android apps record video of users' screens without permission or notifications. Continue Reading
-
News
10 Jul 2018
Stolen digital certificates used in Plead malware spread
Researchers found the spread of Plead malware was aided by the use of stolen digital certificates, making the software appear legitimate and hiding the true nature of the attacks. Continue Reading
-
News
06 Jul 2018
Researchers discover Android apps spying on users' screens
News roundup: Academic researchers discover Android apps secretly recording and sharing video of users' screens. Plus, an NSO Group employee lands in hot water, and more. Continue Reading
-
News
03 Jul 2018
RAMpage attack unlikely to pose real-world risk, expert says
The RAMpage attack against the Rowhammer vulnerability in Android devices is theoretically possible, but it may be more academic than it is a practical concern, one expert said. Continue Reading
-
Blog Post
29 Jun 2018
Cyber attribution: Why it won't be easy to stop the blame game
Infosec experts have argued that too much focus is put on cyber attribution, but moving away from publicly identifying threat groups and nation-states may be easier said than done. Continue Reading
-
News
29 Jun 2018
McAfee details rise in blockchain threats, cryptocurrency attacks
McAfee's new 'Blockchain Threat Report' charts a dramatic rise in cryptomining malware and details four major attack vectors for cryptocurrency-related threats. Continue Reading
-
News
28 Jun 2018
EFF's STARTTLS Everywhere aims to protect email in transit
The EFF's new STARTTLS Everywhere initiative aims to secure email as it transits the internet between mail servers to prevent mass surveillance, as well as email spoofing. Continue Reading
-
Answer
28 Jun 2018
How can a text editor plug-in enable privilege escalation?
Developers use text editors to enhance efficiency in the workplace even though they require vulnerable third-party plug-ins. Discover these vulnerabilities with Judith Myerson. Continue Reading
-
News
27 Jun 2018
TLBleed attack can extract signing keys, but exploit is difficult
A new side-channel attack on Intel chips, named TLBleed, can extract signing keys. But the researcher who discovered it said users shouldn't worry, because it's not the next Spectre. Continue Reading
-
Tip
26 Jun 2018
How studying the black hat community can help enterprises
White hat hackers often assimilate themselves into the black hat community to track the latest threats. Discover how this behavior actually benefits the enterprise with David Geer. Continue Reading
-
Answer
26 Jun 2018
How can a hardcoded password vulnerability affect Cisco PCP?
Cisco patched a hardcoded password vulnerability found in their PCP software. Learn how the software works and how attackers can exploit this vulnerability with Judith Myerson. Continue Reading
-
News
22 Jun 2018
China-based Thrip hacking group targets U.S. telecoms
News roundup: China-based Thrip hacking group used legitimate tools to attack companies in the U.S. and Southeast Asia. Plus, election officials didn't know about hacks, and more. Continue Reading
-
Tip
19 Jun 2018
How white hat hackers can tell you more than threat intelligence
White hat hackers can play a key role in assessing threats lurking on the dark web. Discover what traditional threat intelligence isn't telling you and how white hats can help. Continue Reading
-
News
18 Jun 2018
PyRoMineIoT cryptojacker uses NSA exploit to spread
The latest malware threat based on the EternalRomance NSA exploit is PyRoMineIoT, a cryptojacker infecting IoT devices. But experts said the NSA shouldn't be held responsible for the damages. Continue Reading
-
News
15 Jun 2018
FBI fights business email compromise with global crackdown
U.S. federal agencies worked with international law enforcement in Operation Wire Wire to find and prosecute alleged cybercriminals conducting business-email-compromise scams. Continue Reading
-
Answer
15 Jun 2018
How does UBoatRAT use Google services and GitHub to spread?
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can protect enterprises with Nick Lewis. Continue Reading
-
News
13 Jun 2018
North Korea hacking threat still looms despite summit
Despite a summit between President Trump and North Korean leader Kim Jong Un, the threat of North Korean hacking and cyberespionage still looms large, according to experts. Continue Reading
-
Answer
13 Jun 2018
Scarab ransomware: How do botnets alter ransomware threats?
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect data with Nick Lewis. Continue Reading
-
Answer
11 Jun 2018
AVGater vulnerability: How are antivirus products impacted?
A security researcher recently discovered a new vulnerability -- the AVGater vulnerability -- that puts antivirus products at risk. Discover how this vulnerability works with Nick Lewis. Continue Reading
-
Answer
06 Jun 2018
How did cryptomining malware exploit a Telegram vulnerability?
Hackers were able to exploit a Telegram vulnerability to launch cryptomining malware. Expert Michael Cobb explains how they were able to do so and how to prevent similar attacks. Continue Reading
-
Answer
04 Jun 2018
How bad is the iBoot source code leak for Apple security?
The iBoot source code on Apple devices was leaked to the public on GitHub. Expert Michael Cobb explains how it happened and what the implications are for iOS security. Continue Reading
-
Feature
01 Jun 2018
Business email compromise moves closer to advanced threats
The sophisticated techniques used in BEC scams differ from other email fraud in the steps taken to construct the criminal campaign. Here's how to stop these APT-style attacks. Continue Reading
-
Opinion
01 Jun 2018
Cybercrime study: Growing economic ecosystem spells trouble
New research shows that cybercriminals are gaining momentum with connected infrastructure and collectively earning billions annually from a cybercrime economy. Now what? Continue Reading
-
Podcast
31 May 2018
Risk & Repeat: Are ICS threats being overblown or ignored?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss dangers to critical infrastructure in the wake of a new report on the threat actors behind the Trisis malware. Continue Reading
-
News
31 May 2018
Yahoo hacker sentenced to five years in prison for massive breach
One of four Yahoo hackers was sentenced to five years in prison for his role in the massive 2014 breach, which included accessing millions of sensitive email accounts. Continue Reading
-
News
31 May 2018
Dragos' Robert Lee discusses latest ICS threats, hacking back
In part two of this interview from RSA Conference 2018, Dragos CEO Robert Lee discusses the latest threats to industrial control systems and how those threats can be exaggerated. Continue Reading
-
News
30 May 2018
Feds issue new alert on North Korean hacking campaigns
The U.S. government claims two notable malware campaigns are the work of North Korean nation-state hacking group Hidden Cobra, also known as the Lazarus Group. Continue Reading
- 29 May 2018
- 29 May 2018
-
News
25 May 2018
Creators of Trisis malware have expanded their ICS attacks
News roundup: Dragos researchers say the group behind the Trisis malware has expanded its ICS attacks. Plus, Roaming Mantis malware now targets iOS devices, and more. Continue Reading
-
News
25 May 2018
Dragos' Robert Lee explains why ICS security isn't all doom and gloom
Dragos' Robert Lee talks with SearchSecurity at RSA Conference 2018 about why there are reasons to be optimistic about the state of ICS security, despite growing threats. Continue Reading
-
Podcast
24 May 2018
Risk & Repeat: Breaking down the Efail flaws
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Efail vulnerabilities in PGP and S/Mime protocols, as well as the rocky disclosure process for the flaws. Continue Reading
-
Tip
24 May 2018
How the Meltdown and Spectre vulnerabilities impact security
The Meltdown and Spectre vulnerabilities impact the physical and hardware security of systems, making them extremely difficult to detect. Learn how to prevent these attacks with Nick Lewis. Continue Reading
-
News
23 May 2018
Wicked botnet: Another Mirai variant targets connected devices
Fortinet researchers uncovered a new variant of the Mirai malware, known as the Wicked botnet, which targets vulnerable IoT devices and uses multiple existing exploits. Continue Reading
-
News
22 May 2018
Newly disclosed Spectre variant 4 brings more side channel concerns
A new Spectre vulnerability was disclosed this week, adding to concerns about side channel attacks exploiting speculative execution in modern processors. Continue Reading
-
News
22 May 2018
Recorded Future sheds light on Iranian hacking operations
Recorded Future's Levi Gundert discusses how the Iranian government uses proxies and contractors to launch cyberattacks, and how its strategy presents challenges for the country. Continue Reading
-
News
22 May 2018
North Korean hackers linked to Google Play spyware
The 'Sun Team' group of North Korean hackers placed malicious apps in the Google Play store to target defectors and steal personal data such as photos, contacts and SMS messages. Continue Reading
-
News
21 May 2018
Recorded Future: Iranian cyberattacks poised to resume
Recorded Future's Levi Gundert explains why major cyberattacks against Western enterprises are expected to resume following the United States' withdrawal from the Iran nuclear deal. Continue Reading
-
News
18 May 2018
Telegrab malware threatens Telegram desktop users
News roundup: Telegrab malware enables hackers to grab encryption keys and browser credentials from Telegram sessions. Plus, DHS released its new cybersecurity strategy, and more. Continue Reading
-
Answer
18 May 2018
How does the Terror exploit kit spread through malicious ads
Zscaler recently discovered a malvertising campaign that spreads the Terror exploit kit through malicious ads. Discover more about the threat with expert Nick Lewis. Continue Reading
-
Podcast
17 May 2018
Risk & Repeat: Business email compromise on the rise
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rise in business email compromise activity based on new data from the FBI's 2017 Internet Crime Report. Continue Reading
-
Tip
17 May 2018
Are Meltdown and Spectre real vulnerabilities or mere flaws?
There's been some debate over whether Meltdown and Spectre are true vulnerabilities. Expert Michael Cobb discusses what qualifies as a vulnerability and if these two make the cut. Continue Reading
-
Feature
16 May 2018
Illumio: Subtle data manipulation attacks pose serious threats
Illumio CTO P.J. Kirner discusses the threat of data manipulation and explains why subtle, hard to detect attacks could have devastating effects on enterprises. Continue Reading
-
Answer
16 May 2018
How does a DDE attack exploit Microsoft Word functionality?
The SANS Internet Storm Center discovered a DDE attack spreading Locky ransomware through Microsoft Word. Learn what a DDE attack is and how to mitigate it with expert Nick Lewis. Continue Reading
-
News
16 May 2018
Efail disclosure troubles highlight branded vulnerability issues
The Efail disclosure process was one day away from completion, but attempts to generate hype for the vulnerabilities led to details leaking earlier than researchers intended. Continue Reading
-
News
14 May 2018
Efail flaws highlight risky implementations of PGP and S/MIME
The messy disclosure of the Efail flaws raised questions about the security of email encryption, while experts said S/MIME may be more at risk than some PGP implementations. Continue Reading
-
News
14 May 2018
FBI: Business email compromise tops $676 million in losses
Verizon's Data Breach Investigations Report indicates an increase in ransomware while the FBI's Internet Crime Report shows a downward trend, with business email compromise on the rise. Continue Reading
-
Answer
14 May 2018
Bad Rabbit ransomware: How does it compare to other variants?
Bad Rabbit ransomware mimics other recent ransomware variants, such as NotPetya. Discover the similarities and differences between the two with expert Nick Lewis. Continue Reading
-
News
11 May 2018
Hardware debug documentation leads to widespread vulnerability
A hardware debug bug, apparently caused by unclear Intel hardware architecture documentation, infested almost all major OSes, as well as leading virtualization software. Continue Reading
-
Tip
10 May 2018
Three IoT encryption alternatives for enterprises to consider
The use of cryptography alternatives for IoT devices grants users certain benefits and potential security challenges. Learn more about each alternative with expert Judith Myerson. Continue Reading
-
News
09 May 2018
Microsoft patches Internet Explorer zero-day 'Double Kill'
Microsoft's Patch Tuesday for May includes fixes for two zero-day vulnerabilities under attack, including an Internet Explorer exploit known as Double Kill. Continue Reading
