Threats and vulnerabilities

What is the SS7 protocol and what are its security implications?

The SS7 protocol has been a source of controversy lately because of its security vulnerabilities. Expert Judith Myerson explains what the protocol is and what its issues are. Continue Reading

By

• Judith Myerson

Microsoft slams NSA over cyberweapon in WannaCry ransomware

Microsoft blames the U.S. government for cyberweapon stockpiling as WannaCry ransomware infections continue to spread, though some experts say Microsoft shares responsibility. Continue Reading

By

• Michael Heller, TechTarget

WannaCry ransomware prompts legacy MS17-010 patch

Microsoft responds to WannaCry ransomware with an MS17-010 patch for legacy systems as new ransomware variants spread to more countries around the globe. Continue Reading

By

• Michael Heller, TechTarget

Android clickjacking attacks possible from Google Play apps

Google implemented clickjacking attack mitigations in Android but left a potential avenue for malicious actors that won't be fixed until Android O is released. Continue Reading

By

• Michael Heller, TechTarget

New types of ransomware innovate to find opportunity

There is no shortage of new types of ransomware, many with unique features, and experts say it's an exercise in innovation and finding revenue opportunity. Continue Reading

By

• Michael Heller, TechTarget

Why did the PHPMailer library vulnerability have to be patched twice?

After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the critical vulnerability works. Continue Reading

By

• Michael Cobb

Google Docs phishing attack grants attacker full Gmail access

A Google Docs phishing attack abused OAuth to give malicious actors full access to a victim's Gmail account and contacts, but Google claims to have blocked the attacks. Continue Reading

By

• Michael Heller, TechTarget

Panasonic Avionics IFE systems: How serious are the vulnerabilities?

Panasonic Avionics' in-flight entertainment system vulnerabilities allow attackers to tamper with passenger seat displays. Expert Michael Cobb explains the impact of these flaws. Continue Reading

By

• Michael Cobb

Risk & Repeat: More Equation Group cyberweapons leaked

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the latest round of Equation Group cyberweapons and how Microsoft patched them. Continue Reading

By

• Rob Wright, Senior News Director

Handbook of System Safety and Security

In this excerpt from chapter 10 of Handbook of System Safety and Security, editor Edward Griffor discusses cloud and mobile cloud architecture and security. Continue Reading

By

• SearchSecurity and Syngress

How does the boot mode vulnerability in Android work?

A boot mode vulnerability allowed attackers to eavesdrop on calls made on certain Android devices. Expert Judith Myerson explains how the complex exploit works. Continue Reading

By

• Judith Myerson

NSA spyware found infecting tens of thousands worldwide

A new security tool will let users scan their systems for the presence of NSA spyware found in the latest Equation Group leak, and tens of thousands are already infected. Continue Reading

By

• Michael Heller, TechTarget

Hajime worm fights the forces of evil IoT malware, maybe

News roundup: The Hajime worm is the nicer, sneakier brother of Mirai malware. Plus, the FBI and CIA hunt for the Vault 7 whistleblower, Symantec adds to Zscaler lawsuit, and more. Continue Reading

By

• Madelyn Bacon, TechTarget

How does Exaspy spyware disguise itself on Android devices?

Exaspy spyware, which can access messages, video chats and more, was found on Android devices owned by executives. Expert Nick Lewis explains how Exaspy is able to avoid detection. Continue Reading

By

• Nick Lewis

Shadow Brokers' Windows exploits target unsupported systems

A new release of NSA cyberweapons falls flat, as Windows exploits from the Shadow Brokers have mostly been patched. But unsupported systems are still at risk. Continue Reading

By

• Michael Heller, TechTarget

Shadow Brokers release SWIFT banking and Windows exploits

The Shadow Brokers released another cache of cyberweapons linked to the Equation Group, including Windows exploits and attack details for the SWIFT banking system. Continue Reading

By

• Michael Heller, TechTarget

U.S. election hacking not an act of cyberwarfare, experts say

The government needs a better definition for an act of cyberwarfare, says ex-CIA Director Michael Hayden, because he doesn't think the U.S. election hacking applies. Continue Reading

By

• Michael Heller, TechTarget

CIA Vault 7 tools attributed to hacking group for years

Security researchers said the CIA Vault 7 tools and techniques are linked to cyberattacks over the past six years targeting various foreign entities. Continue Reading

By

• Michael Heller, TechTarget

Pegasus malware expands from iOS to Android

One of the more malicious iOS threats -- Pegasus malware -- has made its way to Android devices and it has some dangerous new tricks in its arsenal. Continue Reading

By

• Michael Heller, TechTarget

Five criteria for purchasing from threat intelligence providers

Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs. Continue Reading

By

• Ed Tittel

Politics of cyber attribution pose risk for private industry

Why nation-state attribution plays a major role in the U.S. government's willingness to share cyberthreat intelligence with private-sector companies. Continue Reading

By

• Adam Rice and Mark Maunu

How did firmware create an Android backdoor in budget devices?

An Android backdoor was discovered in the Ragentek firmware used in almost three million low-cost devices. Expert Michael Cobb explains how to prevent attacks on affected devices. Continue Reading

By

• Michael Cobb

How did vulnerabilities in AirWatch Agent and Inbox work?

Flaws in AirWatch Agent and AirWatch Inbox allowed rooted devices to bypass the software's security measures. Expert Matthew Pascucci explains how these vulnerabilities worked. Continue Reading

By

• Matthew Pascucci

Politics of cyber attribution pose risk for private industry

 Continue Reading

Cisco issues fix for Vault 7 vulnerability without help from WikiLeaks

News roundup: Cisco fixes a Vault 7 flaw unaided, despite WikiLeaks' pledge to work with vendors. Plus, LastPass flaws leak user data; Apple held hostage by hackers; and more. Continue Reading

By

• Madelyn Bacon, TechTarget

How does the Locky ransomware file type affect enterprise protection?

Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust protections for this shift. Continue Reading

By

• Nick Lewis

Hajime malware: How does it differ from the Mirai worm?

Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime differs from Mirai. Continue Reading

By

• Nick Lewis

How does the Drammer attack exploit ARM-based mobile devices?

Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ARM processors. Continue Reading

By

• Nick Lewis

How can attackers turn Instagram into C&C infrastructure?

An Instagram application can be turned into C&C infrastructure with the help of image steganography malware attacks. Expert Nick Lewis explains how this works. Continue Reading

By

• Nick Lewis

Patched Apache Struts vulnerability exploited in the wild

News roundup: An Apache Struts vulnerability is still being exploited, despite being patched. Plus, WhatsApp and Telegram release patches; Assange contacts Microsoft; and more. Continue Reading

By

• Madelyn Bacon, TechTarget

Is the antivirus industry dead? Experts weigh in

RSAC 2017: With malware-detecting software increasingly coming under fire for vulnerabilities, find out what the experts had to say about the future of the antivirus industry. Continue Reading

By

• Peter Loshin, Former Senior Technology Editor

How can the Dirty COW vulnerability be used to attack Android devices?

A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack. Continue Reading

By

• Michael Cobb

What's the best corporate email security policy for erroneous emails?

If an employee receives invalidated emails, should the corporate email security policy handle it? Expert Matthew Pascucci discusses the rights of the enterprise. Continue Reading

By

• Matthew Pascucci

What to consider about signatureless malware detection

Endpoint security is changing into signatureless malware detection and protection. Expert Matthew Pascucci discusses the transition away from signatures. Continue Reading

By

• Matthew Pascucci

Ransomware costs not limited to ransoms, research shows

The financial fallout from ransomware involves more than bitcoins, one study found. Targeted companies invest in security technology and fear loss of reputation and customers. Continue Reading

By

• Kathleen Richards

Doxware: New ransomware threat, or just extortionware rebranded?

 Continue Reading

Ransomware costs not limited to ransoms, research shows

 Continue Reading

IoT malware: How can internet-connected devices be secured?

IoT botnet DDoS attacks have been growing in volume and impact. Expert Nick Lewis explains how you can ensure your internet-connected devices are secure from IoT malware. Continue Reading

By

• Nick Lewis

How can obfuscated macro malware be located and removed?

A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to find and remove this malware. Continue Reading

By

• Nick Lewis

How can open FTP servers be protected from Miner-C malware?

Enterprises with open FTP servers are being targeted by Miner-C malware for crypto coin mining activities. Expert Nick Lewis explains how enterprises can protect their servers. Continue Reading

By

• Nick Lewis

Connected medical devices spark debate at RSA Conference session

An RSA Conference session on a new attack on connected medical devices led to a spirited debate on vulnerability disclosure and manufacturer responsibility. Continue Reading

By

• Rob Wright, Senior News Director

Christopher Young: Don't sleep on the Mirai botnet

RSA Conference 2017 was full of talk about future IoT attacks, but Intel Security's Christopher Young said the Mirai botnet is still an enormous threat and demonstrated why that is. Continue Reading

By

• Rob Wright, Senior News Director

Microsoft: Nation-state cyberattacks have changed the security game

Microsoft's Brad Smith spoke at RSA Conference 2017 about the effects of nation-state cyberattacks and what businesses and governments can do about them. Continue Reading

By

• Rob Wright, Senior News Director

Ransomware threat continues to evolve, defense needs to catch up

With the rapid expansion of the ransomware threat landscape, defenders are scrambling to find ways to fight back. RSAC 2017 dedicated a full day for a ransomware seminar. Continue Reading

By

• Peter Loshin, Former Senior Technology Editor

Five things to watch at RSA Conference 2017

With no single trend or theme dominating at RSA Conference 2017, this year's show will still have plenty of material on machine learning, IoT security and much more. Continue Reading

By

• Rob Wright, Senior News Director

How did a Signal app bug let attackers alter encrypted attachments?

The Signal app, used for end-to-end encrypted mobile messaging, contained a bug that allowed data to be added to attachments. Expert Michael Cobb explains the flaw. Continue Reading

By

• Michael Cobb

How does Overseer spyware work on infected Android apps?

Spyware was found on infected Android apps, which were meant to convey embassy information and news, in the Google Play Store. Expert Michael Cobb explains how the spyware works. Continue Reading

By

• Michael Cobb

Recent ransomware attacks: Data shows 50% growth in 2016

With high sums paid, ransomware gets all the attention. But malware is not the only way that criminals gained control of enterprise systems, a new report shows. Continue Reading

By

• Kathleen Richards

Looming cloud security threats: How attacks will follow your data

You can move your data to cloud-based systems and web services, but you can't hide it there. Hackers and predators have more ways to find it. Continue Reading

By

• Johannes Ullrich, SANS Technology Institute

In 2017, cybersecurity attacks will follow your data

Thanks to a polarizing election, the potential ramifications of cybersecurity attacks are front and center. Your friends and relatives probably have some concept of what it is that you actually do and its importance. But the daily challenges of protecting most enterprise environments is less like The Americans than they might think. Still, it's exciting. In this issue of Information Security magazine, we look at the incoming threats in 2017 and some countermeasures that can help your organization bolster its defenses.

Last year, we saw the internet of things used as a beachhead in larger cybersecurity attacks. Many devices now use cloud-based systems to communicate. They regularly send status updates to the cloud server and retrieve new commands to execute. Weak and incorrectly implemented authentication between device and cloud is often the point of failure that can be exploited to either attack the cloud infrastructure or the device. So far, destructive attacks are not common and are mostly limited to distributed denial-of-service attacks, which do not cause permanent damage. But future attacks, if they are combined with ransom demands, may destroy devices intentionally.

Breaches of cloud storage that modify data instead of just "stealing" it and vulnerabilities in microservices environments are other areas in which attackers may get more leverage. With the emergence of cloud-based microservices, this problem will only become worse. Instead of including a library in software shipped to clients, the software now relies on cloud-based web services to perform certain functions. We look at what is coming next and ways to mitigate these cybersecurity attacks. Continue Reading

Hacked CCTV cameras in DC before inauguration leave unanswered questions

The Washington, D.C., Police Department spotted hacked CCTV cameras before the inauguration and has remediated the ransomware, but questions still surround the attack. Continue Reading

By

• Michael Heller, TechTarget

Recent ransomware attacks: Data shows 50% growth in 2016

 Continue Reading

Looming cloud security threats: How attacks will follow your data

 Continue Reading

How does Stampado ransomware spread to external drives?

The Stampado ransomware is a low-cost threat to networks and external drives. Expert Matthew Pascucci explains how Stampado works and how enterprises should handle it. Continue Reading

By

• Matthew Pascucci

Carbanak gang using Google services for command and control

Researchers find the Carbanak gang has evolved its attacks on financial institutions to use Google services for command and control infrastructure in malware. Continue Reading

By

• Michael Heller, TechTarget

How does RIPPER ATM malware use malicious EMV chips?

RIPPER malware has been found responsible for the theft of $378,000 from ATMs in Thailand. Expert Nick Lewis explains how this ATM malware works. Continue Reading

By

• Nick Lewis

Risk & Repeat: Doxware emerges as a new threat to data privacy

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the emergence of doxware and extortionware and what that means for enterprises and their employees. Continue Reading

By

• Rob Wright, Senior News Director

Insecure MongoDB configuration leads to boom in ransom attacks

Poor authentication in MongoDB configurations has led to a sharp increase in ransom attacks, and experts say tens of thousands of databases could be at risk. Continue Reading

By

• Michael Heller, TechTarget

Insider Edition: Attaining security for IoT, through discovery, identity and testing

Ever since the internet of things became a "thing," the potential for abuse has been well documented; how best to achieve security for IoT is not yet clear. This Insider Edition of Information Security magazine tackles that second issue head on.

In three feature stories, our experts examine the key aspects closely related to IoT security: device discovery, IoT identity and IoT security testing. It's basic to security that, to devise a proper security strategy, a security team must possess an accurate record of what exactly needs to be secured. The challenge when it comes to security for IoT is in cataloging, assessing and classifying devices that can number into the thousands and are often located outside an enterprise's physical boundaries. Certain industries, such as healthcare, are well into tackling this challenge. But increasingly more companies of all sizes will have to give the issue careful attention. Discovery involves identity issues, another focus of this edition, and once a security team has refined their IoT security policy, the next logical step is to implement a process of IoT security testing.

Readers of this Insider Edition will come away with a deeper understanding of how to approach security for IoT, from how to create a compilation of what needs to be secured to how to set up a successful security testing process. When it comes to internet of things security, the threat of breaches may never be fully eliminated, but the odds that enterprises will thwart attacks can be improved through proper policy and security systems.

 Continue Reading

How are hackers using Twitter as C&C servers for malware?

C&C servers have been replaced with Twitter accounts, which spread the Android Trojan Twitoor to user devices. Expert Michael Cobb explains how to stop this attack. Continue Reading

By

• Michael Cobb

Doxware: New ransomware threat, or just extortionware rebranded?

The threat of ransomware continues to evolve, with a new spin on extortionware, called doxware, that's designed to target and potentially expose sensitive data of ransomware victims. Continue Reading

By

• Michael Heller, TechTarget

What should happen after an employee clicks on a malicious link?

The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack. Continue Reading

By

• Matthew Pascucci

SF Municipal Railway restores systems after ransomware attack

The San Francisco Municipal Transportation Authority restored systems without paying following a ransomware attack that allowed free rides for travelers over the weekend. Continue Reading

By

• Michael Heller, TechTarget

Chinese company caught preinstalling Android spyware on budget devices

A Chinese company was found to be preinstalling Android spyware on budget smartphones and collecting phone call and messaging data without consent. Continue Reading

By

• Michael Heller, TechTarget

How can users protect mobile devices from SandJacking attacks?

Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this attack. Continue Reading

By

• Nick Lewis

Pegasus iOS exploit uses three zero days to attack high-value targets

A new remote iOS exploit called Pegasus leverages three zero days in what appear to be state-sponsored targeted attack campaigns against political dissidents. Continue Reading

By

• Michael Heller, TechTarget

What new Asacub Trojan features should enterprises watch out for?

The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching out for. Continue Reading

By

• Nick Lewis

Ransomware worm raises concerns for enterprise security

In this Risk & Repeat podcast, SearchSecurity editors break down the discovery of the ZCryptor ransomware worm and what it means for future ransomware threats. Continue Reading

By

• Rob Wright, Senior News Director

Detecting and Combating Malicious Email

In this excerpt of Detecting and Combating Malicious Email, authors Julie JCH Ryan and Cade Kamachi discuss the elements of an email structure and touch on how attackers can use these elements to trick unwitting victims. Continue Reading

By

• SearchSecurity and Syngress

How does the new voicemail phishing scam work?

A new phishing scam uses voicemail notification emails to spread malware. Expert Nick Lewis explains how this attack works and how enterprises can prevent it. Continue Reading

By

• Nick Lewis

Introduction to vulnerability management tools

Expert Ed Tittel explores how vulnerability management tools can help organizations of all sizes uncover defense weaknesses and close security gaps before they are exploited by attackers. Continue Reading

By

• Ed Tittel

Symantec Messaging Gateway and Symantec Email Security.cloud: Product overview

Expert Karen Scarfone examines the Symantec Messaging Gateway and Symantec Email Security.cloud email security gateway products that detects and blocks messages that contain suspicious content and threats. Continue Reading

By

• Karen Scarfone, Scarfone Cybersecurity

Proofpoint Enterprise Protection: Product overview

Expert Karen Scarfone examines the Proofpoint Enterprise Protection email security gateway product, which scans inbound and outbound email messages for malware, phishing and spam threats. Continue Reading

By

• Karen Scarfone, Scarfone Cybersecurity

McAfee Email Protection, Security for Email Servers: Product overview

Expert Karen Scarfone reviews the McAfee Email Protection and McAfee Security for Email Servers products that are used for monitoring, blocking and quarantining email messages. Continue Reading

By

• Karen Scarfone, Scarfone Cybersecurity

Clearswift SECURE Email Gateway: Product overview

Expert Karen Scarfone reviews the Clearswift SECURE Email Gateway product, which monitors incoming and outgoing emails. Continue Reading

By

• Karen Scarfone, Scarfone Cybersecurity

Fortinet FortiMail: Product overview

Expert Karen Scarfone reviews the Fortinet FortiMail email security gateway product that is used for monitoring email messages on behalf of an organization. Continue Reading

By

• Karen Scarfone, Scarfone Cybersecurity

Cisco Email Security Appliance: Product overview

Expert Karen Scarfone reviews Cisco's Email Security Appliance product that is designed for detecting and blocking email-borne threats. Continue Reading

By

• Karen Scarfone, Scarfone Cybersecurity

Amex credit card hack predicts replacement card number

Samy Kamkar found a weakness in the algorithm American Express uses to generate replacement card information and created a credit card hack as a proof-of-concept. Continue Reading

By

• Michael Heller, TechTarget

WMI tools make the perfect crime 'malware-free'

Security researchers claim that attackers are abusing a longstanding administrative tool in the Windows operating system. With no telltale signs of malware, how can you stop it? Continue Reading

By

• Robert Richardson

The malware lifecycle: Knowing when to analyze threats

Not responding to low-level threats can be perilous, yet enterprises can't always examine each issue. Expert Nick Lewis explains when an investigation is imperative. Continue Reading

By

• Nick Lewis

Emerging security threats you're up against now

Learn about the 'hacking as a service' and other emerging security threats. Continue Reading

By

• David Strom

Cyber Reconnaissance, Surveillance and Defense

In this excerpt of Cyber Reconnaissance, Surveillance and Defense, author Robert Shimonski describes commonly used mobile technology and how phone tracking works. Continue Reading

By

• SearchSecurity and Syngress

How can power consumption-tracking malware be avoided?

Malware authors are using power consumption tracking-malware to eavesdrop on and attack mobile devices. Expert Nick Lewis explains the threat and how to defend against it. Continue Reading

By

• Nick Lewis

Network anomaly detection: The essential antimalware tool

Traditional perimeter defenses are no longer enough; network anomaly detection tools are now essential in the battle against advanced malware. Continue Reading

By

• Peter Sullivan

Duqu malware makes a comeback and infiltrates Kaspersky systems

The first strain of Duqu malware was found in late 2011. Now three and a half years later, Duqu 2.0 has emerged and is exploiting as many as three zero-day vulnerabilities in a new attack campaign. Continue Reading

By

• Michael Heller, TechTarget

New cyberthreats: Defending against the digital invasion

The confluence of the Internet of Things and bring your own device may turn into a beachhead for attackers. Continue Reading

By

• Johannes Ullrich, SANS Technology Institute

Amid Apple Pay fraud, banks scramble to fix Yellow Path process

Banks are rushing to fix sloppy authentication processes at the heart of rising Apple Pay fraud. Experts also worry about potential fraud with other mobile payment systems. Continue Reading

By

• Michael Heller, TechTarget

Targeted Cyber Attacks

In this excerpt of Targeted Cyber Attacks, authors Aditya Sood and Richard Enbody outline the cyberattack model and different vectors used to attack targets. Continue Reading

By

• SearchSecurity and Syngress

How vulnerable is Silverlight security?

Microsoft Silverlight has been in the spotlight due to an increase in the number of exploit kits it is included in. Expert Nick Lewis explains the threat's severity and how to mitigate it. Continue Reading

By

• Nick Lewis

Command-and-control servers: The puppet masters that govern malware

Are there shadow networks within your enterprise? Stop malware by shutting down command-and-control communication channels. Continue Reading

By

• Adam Rice
• James Ringold, Westinghouse Electric Company

NSA TAO: What Tailored Access Operations unit means for enterprises

The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses. Continue Reading

By

• Nick Lewis

Femtocell security: Defending against a femtocell hack

The risk of a femtocell hack is a real enterprise concern. Nick Lewis explains why and explores how to defend against an attack. Continue Reading

By

• Nick Lewis

Locking the backdoor: Reducing the risk of unauthorized system access

Rampant backdoors in enterprise IT products too often provide unauthorized access to attackers and governments. Learn how to defend against the risks. Continue Reading

By

• Nick Lewis

Heap spray attacks: Details and mitigations for new techniques

Expert Nick Lewis details a new heap spray attack technique and provides mitigations for both new and old heap spray attacks. Continue Reading

By

• Nick Lewis

Inside the BREACH attack: How to avoid HTTPS traffic exploits

Enterprise threats expert Nick Lewis examines how the BREACH attack exploits HTTPS traffic and what enterprises can do to mitigate the attack risk. Continue Reading

By

• Nick Lewis

Can an unqualified domain name cause man-in-the-middle attacks?

An unqualified domain name can make reaching internal resources easier, but expert Michael Cobb warns that man-in-the-middle attacks could result. Continue Reading

By

• Michael Cobb

Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz. Continue Reading

By

• Michael Cobb

Antivirus evasion techniques show ease in avoiding antivirus detection

In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed. Continue Reading

By

• Joe Granneman, Contributor

Locate IP address location: How to confirm the origin of a cyberattack

What's the best way to determine the origin of a cyberattack? Expert Nick Lewis weighs in. Continue Reading

By

• Nick Lewis

Tips on how to remove malware manually

In this expert response, Nick Lewis explains how to remove malware manually, step by step. Continue Reading

By

• Nick Lewis