Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
Answer
19 Dec 2024
How bad is generative AI data leakage and how can you stop it?
Mismanaged training data, weak models, prompt injection attacks can all lead to data leakage in GenAI, with serious costs for companies. The good news? Risks can be mitigated. Continue Reading
-
News
18 Dec 2024
CISA issues mobile security guidance following China hacks
Following the Salt Typhoon attacks, CISA offers advice to 'highly targeted' individuals, such as using end-to-end encryption and moving away from purely SMS-based MFA. Continue Reading
-
News
25 May 2018
Creators of Trisis malware have expanded their ICS attacks
News roundup: Dragos researchers say the group behind the Trisis malware has expanded its ICS attacks. Plus, Roaming Mantis malware now targets iOS devices, and more. Continue Reading
-
News
25 May 2018
Dragos' Robert Lee explains why ICS security isn't all doom and gloom
Dragos' Robert Lee talks with SearchSecurity at RSA Conference 2018 about why there are reasons to be optimistic about the state of ICS security, despite growing threats. Continue Reading
-
Podcast
24 May 2018
Risk & Repeat: Breaking down the Efail flaws
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Efail vulnerabilities in PGP and S/Mime protocols, as well as the rocky disclosure process for the flaws. Continue Reading
-
Tip
24 May 2018
How the Meltdown and Spectre vulnerabilities impact security
The Meltdown and Spectre vulnerabilities impact the physical and hardware security of systems, making them extremely difficult to detect. Learn how to prevent these attacks with Nick Lewis. Continue Reading
-
News
22 May 2018
Newly disclosed Spectre variant 4 brings more side channel concerns
A new Spectre vulnerability was disclosed this week, adding to concerns about side channel attacks exploiting speculative execution in modern processors. Continue Reading
-
News
22 May 2018
Recorded Future sheds light on Iranian hacking operations
Recorded Future's Levi Gundert discusses how the Iranian government uses proxies and contractors to launch cyberattacks, and how its strategy presents challenges for the country. Continue Reading
-
News
22 May 2018
North Korean hackers linked to Google Play spyware
The 'Sun Team' group of North Korean hackers placed malicious apps in the Google Play store to target defectors and steal personal data such as photos, contacts and SMS messages. Continue Reading
-
News
21 May 2018
Recorded Future: Iranian cyberattacks poised to resume
Recorded Future's Levi Gundert explains why major cyberattacks against Western enterprises are expected to resume following the United States' withdrawal from the Iran nuclear deal. Continue Reading
-
News
18 May 2018
Telegrab malware threatens Telegram desktop users
News roundup: Telegrab malware enables hackers to grab encryption keys and browser credentials from Telegram sessions. Plus, DHS released its new cybersecurity strategy, and more. Continue Reading
-
Answer
18 May 2018
How does the Terror exploit kit spread through malicious ads
Zscaler recently discovered a malvertising campaign that spreads the Terror exploit kit through malicious ads. Discover more about the threat with expert Nick Lewis. Continue Reading
-
Podcast
17 May 2018
Risk & Repeat: Business email compromise on the rise
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rise in business email compromise activity based on new data from the FBI's 2017 Internet Crime Report. Continue Reading
-
Tip
17 May 2018
Are Meltdown and Spectre real vulnerabilities or mere flaws?
There's been some debate over whether Meltdown and Spectre are true vulnerabilities. Expert Michael Cobb discusses what qualifies as a vulnerability and if these two make the cut. Continue Reading
-
Feature
16 May 2018
Illumio: Subtle data manipulation attacks pose serious threats
Illumio CTO P.J. Kirner discusses the threat of data manipulation and explains why subtle, hard to detect attacks could have devastating effects on enterprises. Continue Reading
-
News
16 May 2018
Efail disclosure troubles highlight branded vulnerability issues
The Efail disclosure process was one day away from completion, but attempts to generate hype for the vulnerabilities led to details leaking earlier than researchers intended. Continue Reading
-
Answer
16 May 2018
How does a DDE attack exploit Microsoft Word functionality?
The SANS Internet Storm Center discovered a DDE attack spreading Locky ransomware through Microsoft Word. Learn what a DDE attack is and how to mitigate it with expert Nick Lewis. Continue Reading
-
News
14 May 2018
Efail flaws highlight risky implementations of PGP and S/MIME
The messy disclosure of the Efail flaws raised questions about the security of email encryption, while experts said S/MIME may be more at risk than some PGP implementations. Continue Reading
-
News
14 May 2018
FBI: Business email compromise tops $676 million in losses
Verizon's Data Breach Investigations Report indicates an increase in ransomware while the FBI's Internet Crime Report shows a downward trend, with business email compromise on the rise. Continue Reading
-
Answer
14 May 2018
Bad Rabbit ransomware: How does it compare to other variants?
Bad Rabbit ransomware mimics other recent ransomware variants, such as NotPetya. Discover the similarities and differences between the two with expert Nick Lewis. Continue Reading
-
News
11 May 2018
Hardware debug documentation leads to widespread vulnerability
A hardware debug bug, apparently caused by unclear Intel hardware architecture documentation, infested almost all major OSes, as well as leading virtualization software. Continue Reading
-
News
09 May 2018
Microsoft patches Internet Explorer zero-day 'Double Kill'
Microsoft's Patch Tuesday for May includes fixes for two zero-day vulnerabilities under attack, including an Internet Explorer exploit known as Double Kill. Continue Reading
-
Blog Post
03 May 2018
Cybersecurity pervasiveness subsumes all security concerns
Given the increased digitization of society and explosion of devices generating data (including retail, social media, search, mobile, and the internet of things), it seems like it might have been ... Continue Reading
-
Answer
03 May 2018
IoT botnets: How are new Mirai variants impacting systems?
An increase of IoT botnets has been seen since the Mirai malware source code was leaked. Learn how the new variants pose to be a serious threat to IoT devices with Michael Cobb. Continue Reading
-
Answer
02 May 2018
How were Android Pixel vulnerabilities exploited?
Android Pixel vulnerabilities could open the smartphone up to attack. Expert Michael Cobb explains the vulnerabilities and how to defend against them. Continue Reading
-
News
30 Apr 2018
Windows NTFS flaw posted after disclosure gets nowhere
Proof-of-concept code showing how an NTFS flaw can shut down Windows systems was published by a security researcher nine months after he disclosed it to Microsoft. Continue Reading
-
News
30 Apr 2018
Phishing threats still dwarf vulnerabilities, zero-days
Proofpoint research shows that while phishing attacks now require victims to take more steps, the success rate for such attacks hasn't declined and enterprises are still on the defensive. Continue Reading
-
News
27 Apr 2018
DDoS-for-hire website taken down by law enforcement
Webstresser.org, a popular DDoS-for-hire website, was taken down by several law enforcement agencies across the globe. Details are sparse, but arrests have reportedly been made. Continue Reading
-
News
27 Apr 2018
Microsoft releases Spectre variant 2 microcode patches
Microsoft released new fixes that include the Intel microcode patches for Spectre variant 2 to help protect users on Windows 10 and Windows Server 2016. Continue Reading
-
Guide
27 Apr 2018
How air gap attacks challenge the notion of secure networks
Today's cyberattacks are taking new shapes and sizes in the ever-changing tech environment. This guide explores air gap attacks, the history behind them and the latest threats facing air-gapped networks. Continue Reading
-
News
26 Apr 2018
SecureWorks warns of business email compromise campaign
SecureWorks researchers uncovered an extensive business email compromise campaign targeting the maritime shipping industry, which may have cost organizations millions of dollars. Continue Reading
-
News
25 Apr 2018
BGP routing security flaw caused Amazon Route 53 incident
A BGP routing security flaw enabled unknown threat actors to steal cryptocurrency by hijacking internet routing and rerouting traffic to a phishing site in Russia. Continue Reading
-
Blog Post
19 Apr 2018
CrowdStrike unveils Meltdown exploit in unusual fashion
At RSA Conference 2018, CrowdStrike demonstrated a new Meltdown exploit that can harvest sensitive data such as passwords even on systems that are patched. Continue Reading
-
News
19 Apr 2018
Passive DNS techniques can reduce DNS abuse
Presenting at RSAC 2018, Farsight Security's Merike Kaeo explains how defenders can adopt passive techniques to reduce DNS abuse and stop attacks before they happen. Continue Reading
-
News
18 Apr 2018
Paul Kocher weighs in on Spectre flaws, vulnerability disclosure
At RSA Conference 2018, Paul Kocher, who co-discovered the Spectre flaws, discussed the chip vulnerabilities and explained why disclosure and mitigation efforts were so troubled. Continue Reading
-
News
17 Apr 2018
RSAC keynote speakers push teamwork, incremental improvements
The RSAC keynote speakers pushed a unified idea of collaboration across public and private sectors, improved teamwork and the value of incremental improvements in cybersecurity. Continue Reading
-
News
17 Apr 2018
Microsoft's Brad Smith urges action on nation-state cyberthreats
At RSA Conference 2018, Microsoft President Brad Smith warned of nation-state cyberattacks and called on governments and the private sector to do more to address them. Continue Reading
-
News
16 Apr 2018
Nuix hacker survey shows how easy it is to breach perimeters
The second annual Black Report -- a hacker survey aimed at getting a different perspective on cybersecurity -- detailed how long it takes to breach a perimeter and what attacks are easiest. Continue Reading
-
News
12 Apr 2018
Cryptojacking attacks may not challenge ransomware dominance
Cryptojacking attacks are on the rise, but experts are unsure if the threat can overtake the malware dominance of ransomware due to regulatory and profit questions. Continue Reading
-
News
06 Apr 2018
Pipeline cyberattack shuts down natural gas company communications
News roundup: A pipeline cyberattack shut down communications for several U.S. natural gas providers. Plus, Facebook removed accounts and pages run by the Russian IRA, and more. Continue Reading
-
E-Zine
03 Apr 2018
Cloud security threats in 2018: Get ahead of the storm
Consistent security for all data from cloud providers and third-party partners is what many consider the next evolution of cloud. The biggest cloud security threats for most companies, however, result from in-house staff mistakes, lack of patching and misconfiguration.
Even when the risks associated with cloud security threats are high, the cost benefits to organizations outweigh the risks. Enterprise spending for public cloud services worldwide is expected to reach $160 billion in 2018, according to the International Data Corporation. Software as a service still has the highest growth, followed by infrastructure as a service and platform as a service. Many technology platforms take advantage of public cloud security features, but large-scale clouds don't always mean large-scale threat protection. What cloud security threats should you watch out for in 2018?
"It seems like there's a lot of money to be made in cryptocurrency, and it is so much easier to attack [the internet of things] with Linux malware," said Mounir Hahad, head of threat research at Juniper Networks.
Botnets increasingly pose cloud security threats, powering distributed denial of service, ransomware and other crippling attacks. Ransomware remains one of the most lucrative for cybercriminals, who can easily find ransomware kits online. In this issue of Information Security magazine, we look at cloud security in 2018 and strategies to protect sensitive data from internal and external threats.
Continue Reading -
Opinion
03 Apr 2018
Marcus Ranum decodes hardware vulnerabilities with Joe Grand
Computer hardware designs with dangerous security flaws? That's no surprise to renowned hardware hacker Grand. Continue Reading
- 30 Mar 2018
-
Tip
27 Mar 2018
Emotet Trojan: How to defend against fileless attacks
An increase in fileless malware, including PowerShell malware, was reported in McAfee Labs' December 2017 Threat Report. Discover how enterprises can defend again fileless attacks. Continue Reading
-
Answer
27 Mar 2018
How can a Moxa MXview vulnerability be exploited by hackers?
A vulnerability was found in Moxa MXview -- a software used to visualize network devices and physical connections. Learn how this vulnerability can enable privilege escalation. Continue Reading
-
News
16 Mar 2018
Russian government hacking earns U.S. sanctions, warnings
The U.S. Treasury Department levied sanctions for Russian government hacking, as a joint alert from the FBI and DHS confirms election meddling and critical infrastructure attacks. Continue Reading
-
News
16 Mar 2018
Leaked report on AMD chip flaws raises ethical disclosure questions
Researchers announced AMD chip flaws without the coordinated disclosure procedure, and a leak of the research to a short seller has raised further suspicions about the process. Continue Reading
-
Answer
16 Mar 2018
AIR-Jumper: How can security camera lights transmit data?
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to prevent it with expert Nick Lewis. Continue Reading
-
Answer
15 Mar 2018
Com.google.provision virus: How does it attack Android devices?
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common Malware Enumeration may help. Continue Reading
-
News
13 Mar 2018
Researchers claim AMD flaws threaten Ryzen, EPYC chips
Ryzen and EPYC AMD flaws were partially detailed with just 24 hours' disclosure notice, despite potentially significant exploits, including secure processor takeover or security bypass. Continue Reading
-
Answer
13 Mar 2018
CCleaner malware: How dangerous is it to enterprises?
A watering hole attack led to CCleaner malware being installed on millions of systems. Nick Lewis explains how the attack worked and why it should concern enterprises. Continue Reading
-
News
12 Mar 2018
Olympic Destroyer was a false flag cyberattack, research claims
New research claims Olympic Destroyer was not the work of the North Korea-backed Lazarus Group; rather, it was a false flag cyberattack designed to mislead attribution efforts. Continue Reading
-
Answer
12 Mar 2018
ExpensiveWall malware: How does this SMS attack function?
A new SMS malware known as ExpensiveWall was recently discovered by Check Point. Learn how it infects devices and puts Android device users at risk with expert Nick Lewis. Continue Reading
-
News
08 Mar 2018
NSA tracking program watched foreign hackers in action
Researchers discovered evidence of an NSA tracking program designed to watch nation-state hackers and gather information as attacks were in progress. Continue Reading
-
Answer
07 Mar 2018
How can users deal with app trackers that collect customer data?
App trackers were found in hundreds of Google Play apps. Expert Michael Cobb explains the threat they pose and how GDPR has the potential to reduce the risk. Continue Reading
-
News
06 Mar 2018
Terabit DDoS attack hits 1.7Tbps and experts expect higher
Five days after a record breaking terabit DDoS attack, a new 1.7Tbps DDoS attack was detected taking advantage of improperly secured memcached servers to launch a reflection attack. Continue Reading
-
Answer
01 Mar 2018
Search engine poisoning: How are poisoned results detected?
Poisoned search results have spread the Zeus Panda banking Trojan throughout Google. Learn what this means, how search engine poisoning works and what can be done to stop it. Continue Reading
-
Answer
28 Feb 2018
Fileless malware: What tools can jeopardize your system?
A report from CrowdStrike highlights the growth of malware-less attacks using certain command-line tools. Learn how to handle these growing attacks with Matt Pascucci. Continue Reading
-
News
27 Feb 2018
Ad network cryptojacking attack bypasses ad blockers
Qihoo 360's Netlab team discovered an online ad network has been bypassing ad blockers and running cryptomining software in the browsers of unsuspecting visitors. Continue Reading
-
News
23 Feb 2018
Hackers used SWIFT-based attacks to steal millions from banks
News roundup: Hackers once again used SWIFT-based attacks to steal millions from Russian and Indian banks. Plus, hackers used an L.A. Times website for cryptojacking, and more. Continue Reading
-
Answer
22 Feb 2018
Typosquatting: How did threat actors access NPM libraries?
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it means for users. Continue Reading
-
News
21 Feb 2018
Cryptojacking attacks hit enterprises' cloud servers
Cloud security vendor RedLock discovered threat actors had gained access to several enterprise cloud environments, including Tesla's, and used them for cryptojacking schemes. Continue Reading
-
Podcast
21 Feb 2018
Risk & Repeat: Intel bug bounty tackles side channel attacks
In this week's Risk & Repeat podcast, SearchSecurity editors examine Intel's new bug bounty for side channel attacks and what it says about Meltdown and Spectre. Continue Reading
-
Answer
21 Feb 2018
How are tech support scams using phishing emails?
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work with expert Nick Lewis. Continue Reading
-
Tip
20 Feb 2018
Protecting safety instrumented systems from malware attacks
Trisis malware targets safety instrumented systems and puts industrial control systems at risk. Expert Ernie Hayden reviews what to know about SIS and its security measures. Continue Reading
-
News
16 Feb 2018
Olympic Destroyer malware more complex than first thought
News roundup: The Olympic Destroyer malware is more sophisticated than researchers first thought. Plus, Microsoft looks to change identity management with blockchain, and more. Continue Reading
-
Answer
16 Feb 2018
What can be done to prevent a swatting attack?
A swatting attack resulted in the death of a Kansas man. Expert Judith Myerson looks at the technology these attacks use and what can be done to make sure they don't happen again. Continue Reading
-
News
14 Feb 2018
Zero-day Telegram vulnerability exploited for cryptomining
Kaspersky Lab disclosed a zero-day vulnerability in Telegram that the security vendor says was abused by Russian cybercriminals in a cryptomining malware campaign. Continue Reading
-
Answer
14 Feb 2018
What can enterprises do to prevent an IoT botnet attack?
An IoT botnet attack on Huawei home routers showed similarities to the Mirai malware. Expert Judith Myerson explains the threat and how enterprises can protect themselves. Continue Reading
-
Tip
13 Feb 2018
What enterprises need to know about ransomware attacks
Ransomware attacks on enterprises are often the result of a company's poor IT hygiene. Expert Joe Granneman looks at attacks like those by WannaCry and SamSam ransomware. Continue Reading
-
Tip
08 Feb 2018
Mobile security issues require a unified approach
Security gaps in mobile devices can be many and varied, but they must be addressed immediately. Unified endpoint management is the next-gen way to close the gaps. Continue Reading
-
Tip
08 Feb 2018
Counter mobile device security threats with unified tools
Attacks on enterprise mobile endpoints are more lethal than ever. To help infosec pros fight back, enterprise mobile management has unified to fortify defenses. Continue Reading
-
Podcast
07 Feb 2018
Risk & Repeat: Cryptomining malware on the rise
In this week's Risk & Repeat podcast, SearchSecurity editors discuss how the threat of cryptomining malware is evolving and what it means for enterprises and infosec vendors. Continue Reading
-
News
05 Feb 2018
Cryptojacking malware using EternalBlue to build botnets
Proofpoint researchers discovered a large Monero mining botnet that uses EternalBlue to spread, and it isn't the first time the Windows flaw has been used for cryptojacking. Continue Reading
-
News
02 Feb 2018
Hackers use ATM jackpotting technique to steal $1M in US
News roundup: Hackers used ATM jackpotting attacks to steal over $1M in the U.S. Plus, a fitness tracking app accidentally exposed the locations of military bases, and more. Continue Reading
-
Answer
02 Feb 2018
NotPetya malware: How does it detect security products?
Bitdefender discovered that the NotPetya malware changes its behavior when Kaspersky security products are detected. Nick Lewis explains how the malware's tricks work. Continue Reading
-
News
01 Feb 2018
Meltdown and Spectre malware discovered in the wild
Nearly 140 samples of malware that exploit the Meltdown and Spectre vulnerabilities have been discovered by AV-TEST, but most samples are based on existing proof-of-concept code. Continue Reading
-
Answer
31 Jan 2018
RSA-1024 keys: How does a Libgcrypt vulnerability expose them?
A Libgcrypt vulnerability could allow attackers to recover private RSA-1024 keys, as it allows a left-to-right sliding window that shows how specific parts of the algorithm work. Continue Reading
-
Answer
30 Jan 2018
CopyCat malware: How does this Android threat operate?
Check Point researchers discovered new Android malware named CopyCat, which has infected 14 million devices. Learn how this malware works and how it spread from expert Nick Lewis. Continue Reading
-
Answer
26 Jan 2018
How does credential stuffing enable account takeover attacks?
Credential stuffing activity is outpacing the growth of other cyberattacks and enabling account takeover attacks. Akamai Technologies' Patrick Sullivan explains the threat. Continue Reading
-
Guide
25 Jan 2018
Containing ransomware outbreaks now a top infosec priority
Prepping for and dealing with an outbreak of ransomware is the IT version of the flu shot. Learn how company systems and data from these potentially deadline infections. Continue Reading
-
News
19 Jan 2018
Trisis ICS malware was publicly available after attack
The Trisis ICS malware used in a cyberattack on an oil and gas company in Saudi Arabia in December has been publicly available for weeks after being copied by unknown actors. Continue Reading
-
Blog Post
18 Jan 2018
The strange case of the 'HP backdoor' in Lenovo switches
Lenovo's discovery of an authentication bypass, literally titled "HP backdoor," within its networking switches brings unsettling implications for the IT industry. Continue Reading
-
News
12 Jan 2018
AMD backtracks on Spectre vulnerabilities, plans microcode updates
AMD initially believed the Spectre vulnerabilities posed "near zero risk" to its chip, but the company this week reversed course and is planning microcode updates for its products. Continue Reading
-
News
12 Jan 2018
Fancy Bears hackers target International Olympic Committee
News roundup: The hacking group called Fancy Bears claims to have hacked the Olympics again. Plus, a former NSA contractor pleads guilty to stealing government data, and more. Continue Reading
-
Answer
12 Jan 2018
What went wrong with the Dirty COW vulnerability patch?
A patch was issued for the Dirty COW vulnerability, but researchers later discovered problems with the patch. Expert Judith Myerson explains what went wrong. Continue Reading
-
Podcast
11 Jan 2018
Risk & Repeat: Meltdown and Spectre vulnerabilities shake industry
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the discovery of the Meltdown and Spectre vulnerabilities and their effect on information security. Continue Reading
-
Blog Post
09 Jan 2018
Intel keynote misses the mark on Meltdown and Spectre vulnerabilities
With CEO Brian Krzanich's keynote at the 2018 Consumer Electronics Show, Intel missed an opportunity for the Meltdown and Spectre vulnerabilities. Continue Reading
-
News
03 Jan 2018
Intel CPU flaw gets third-party patch but no details
Release of a third-party patch for a mysterious Intel CPU flaw led to many questions but few answers, and details on the issue may not be imminent. Continue Reading
-
News
22 Dec 2017
Cryptocurrency exchanges increasingly targeted by cyberattacks
News roundup: Cryptocurrency exchanges are folding because of targeted cyberattacks. Plus, five hackers were arrested in connection with international ransomware attacks, and more. Continue Reading
-
Podcast
22 Dec 2017
Risk & Repeat: Cryptojacking looms amid the bitcoin boom
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rising threat of cryptojacking and how hackers can steal computing power from unsuspecting users. Continue Reading
-
Answer
22 Dec 2017
Brutal Kangaroo: How does it hop to air-gapped computers?
The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is possible with expert Nick Lewis. Continue Reading
-
Feature
21 Dec 2017
Get the best botnet protection with the right array of tools
Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can. Continue Reading
-
News
15 Dec 2017
Triton framework used in industrial control attacks
Security researchers discovered new ICS attacks using the Triton framework that may have been nation-state-sponsored and intended to cause real-world damage. Continue Reading
-
Answer
13 Dec 2017
How can a local file inclusion attack be stopped?
A botnet-based local file inclusion attack targeted IBM X-Force customers. Expert Judith Myerson explains how these attacks work and how enterprises can defend against them. Continue Reading
-
Answer
11 Dec 2017
How does port swapping work to bypass two-factor authentication?
With a port swapping attack, hackers can bypass two-factor authentication and control a victim's mobile device. Judith Myerson explains how the attacks work and how to stop them. Continue Reading
-
Answer
07 Dec 2017
BlueBorne vulnerabilities: Are your Bluetooth devices safe?
Armis Labs discovered a series of vulnerabilities that enables remote connection to Bluetooth devices. Learn more about the BlueBorne vulnerabilities with expert Matt Pascucci. Continue Reading
-
Answer
04 Dec 2017
PGP keys: Can accidental exposures be mitigated?
The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys. Continue Reading
-
News
01 Dec 2017
Yahoo data breach hacker pleads guilty to cybercrime charges
One of the Yahoo data breach hackers pleaded guilty to his involvement in the attack. Plus, the FBI failed to notify U.S. officials that they were targets of Fancy Bear, and more. Continue Reading
-
Guide
01 Dec 2017
Cyberthreats, cyber vulnerabilities, and how to fight back
The key to countering cyberthreats today is to first understand your biggest vulnerabilities and then research the most effective countermeasures available to minimize them. Continue Reading
-
Answer
30 Nov 2017
How can Intel AMT be used to bypass the Windows firewall?
Software developed by the hacking group Platinum takes advantage of Intel AMT to bypass the built-in Windows firewall. Expert Michael Cobb explains how it works. Continue Reading
-
News
28 Nov 2017
Scarab ransomware joins with Necurs botnet for faster spread
The Scarab ransomware received an upgrade, and researchers have seen it being spread via the Necurs botnet, meaning the malware can spread to millions in a handful of hours. Continue Reading
