Threats and vulnerabilities

Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.

Top Stories

News 10 Feb 2025
Trimble Cityworks zero-day flaw under attack, patch now

CVE-2025-0994 is a high-severity deserialization vulnerability that enables remote code execution in unpatched versions of Cityworks enterprise asset management software. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Feb 2025
Ransomware hits healthcare, critical services in January

Ransomware attacks against healthcare organizations in January reflect an increasing need for threat actors to adapt and get aggressive as defenders improve. Continue Reading
By
- Alexander Culafi, Senior News Writer

Tip 18 Jun 2015
Network anomaly detection: The essential antimalware tool

Traditional perimeter defenses are no longer enough; network anomaly detection tools are now essential in the battle against advanced malware. Continue Reading
By
- Peter Sullivan
News 11 Jun 2015
Duqu malware makes a comeback and infiltrates Kaspersky systems

The first strain of Duqu malware was found in late 2011. Now three and a half years later, Duqu 2.0 has emerged and is exploiting as many as three zero-day vulnerabilities in a new attack campaign. Continue Reading
By
- Michael Heller, TechTarget
Feature 01 Apr 2015
New cyberthreats: Defending against the digital invasion

The confluence of the Internet of Things and bring your own device may turn into a beachhead for attackers. Continue Reading
By
- Johannes Ullrich, SANS Technology Institute
News 03 Mar 2015
Amid Apple Pay fraud, banks scramble to fix Yellow Path process

Banks are rushing to fix sloppy authentication processes at the heart of rising Apple Pay fraud. Experts also worry about potential fraud with other mobile payment systems. Continue Reading
By
- Michael Heller, TechTarget
Feature 16 Dec 2014
Targeted Cyber Attacks

In this excerpt of Targeted Cyber Attacks, authors Aditya Sood and Richard Enbody outline the cyberattack model and different vectors used to attack targets. Continue Reading
By
- SearchSecurity and Syngress
Answer 18 Nov 2014
How vulnerable is Silverlight security?

Microsoft Silverlight has been in the spotlight due to an increase in the number of exploit kits it is included in. Expert Nick Lewis explains the threat's severity and how to mitigate it. Continue Reading
By
- Nick Lewis
Feature 02 Jun 2014
Command-and-control servers: The puppet masters that govern malware

Are there shadow networks within your enterprise? Stop malware by shutting down command-and-control communication channels. Continue Reading
By
- Adam Rice
- James Ringold, Westinghouse Electric Company
Tip 10 Apr 2014
NSA TAO: What Tailored Access Operations unit means for enterprises

The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses. Continue Reading
By
- Nick Lewis
Answer 23 Jan 2014
Femtocell security: Defending against a femtocell hack

The risk of a femtocell hack is a real enterprise concern. Nick Lewis explains why and explores how to defend against an attack. Continue Reading
By
- Nick Lewis
Tip 12 Dec 2013
Locking the backdoor: Reducing the risk of unauthorized system access

Rampant backdoors in enterprise IT products too often provide unauthorized access to attackers and governments. Learn how to defend against the risks. Continue Reading
By
- Nick Lewis
Answer 02 Dec 2013
Heap spray attacks: Details and mitigations for new techniques

Expert Nick Lewis details a new heap spray attack technique and provides mitigations for both new and old heap spray attacks. Continue Reading
By
- Nick Lewis
Tip 11 Nov 2013
Inside the BREACH attack: How to avoid HTTPS traffic exploits

Enterprise threats expert Nick Lewis examines how the BREACH attack exploits HTTPS traffic and what enterprises can do to mitigate the attack risk. Continue Reading
By
- Nick Lewis
Answer 10 Sep 2013
Can an unqualified domain name cause man-in-the-middle attacks?

An unqualified domain name can make reaching internal resources easier, but expert Michael Cobb warns that man-in-the-middle attacks could result. Continue Reading
By
- Michael Cobb
Quiz 07 Mar 2013
Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz. Continue Reading
By
- Michael Cobb
Feature 26 Feb 2013
Antivirus evasion techniques show ease in avoiding antivirus detection

In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed. Continue Reading
By
- Joe Granneman, Contributor
Answer 25 Aug 2011
Locate IP address location: How to confirm the origin of a cyberattack

What's the best way to determine the origin of a cyberattack? Expert Nick Lewis weighs in. Continue Reading
By
- Nick Lewis
Answer 25 May 2010
Tips on how to remove malware manually

In this expert response, Nick Lewis explains how to remove malware manually, step by step. Continue Reading
By
- Nick Lewis
Tip 06 Apr 2010
Operation Aurora: Tips for thwarting zero-day attacks, unknown malware

In December 2009, Google, Adobe and other companies were the victims of a damaging cyberattack called Operation Aurora. In this tip, expert Nick Lewis outlines the lessons learned from this attack, and how companies can avoid falling victim to similar attacks. Continue Reading
By
- Nick Lewis
Tip 02 Jul 2009
How to defend against rogue DHCP server malware

Rogue DHCP server malware is a new twist on an old concept. The good news is that effective threat mitigation strategies exist; the bad news is that many organizations haven't bothered to deploy them. Continue Reading
By
- Sherri Davidoff, LMG Security
Answer 26 Jan 2009
What are the security risks of opening port 110 and port 25?

If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions. Continue Reading
By
- Mike Chapple, University of Notre Dame
Answer 21 Oct 2008
Is it impossible to successfully remove a rootkit?

In this expert Q&A, Michael Cobb takes a closer a look at the nature of rootkits to see why they can be so difficult to remove. Continue Reading
By
- Michael Cobb
Tip 05 Mar 2008
Built-in Windows commands to determine if a system has been hacked

In this tip, contributor Ed Skoudis identifies five of the most useful Windows command-line tools for machine analysis and discusses how they can assist administrators in determining if a machine has been hacked. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
Tip 17 Jan 2008
Cleansing an infected mail server

Learn five measures you can take to when cleaning up a massive email virus infection Continue Reading
By
- Brien Posey
Tip 17 Jan 2008
Ten hacker tricks to exploit SQL Server systems

SQL Server hackers have a medley of tricks and tools to gain access to your database systems. Learn their techniques and test SQL Server security before they do. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Answer 30 May 2007
How secure are document scanners and other 'scan to email' appliances?

Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse) of these devices. Continue Reading
By
- Michael Cobb
Answer 02 May 2007
How can header information track down an email spoofer?

Spammers can use spoofed headers to hide the true origin of unwanted email. In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to trust where a message is coming from. Continue Reading
By
- Michael Cobb
Answer 09 Apr 2007
How can attackers exploit RSS software flaws?

RSS syndication feeds are a convenient way to get your news, blogs or other favorite content, but these popular tools are often left exposed. In this SearchSecurity.com Q&A, Ed Skoudis explains how malicious hackers can attack RSS software and distribute malicious code. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
Feature 26 Jan 2007

Balancing the cost and benefits of countermeasures

The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers. Continue Reading
Feature 26 Jan 2007

Network-based attacks

The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers. Continue Reading
Feature 12 May 2005

E-mail policies -- A defense against phishing attacks

In this excerpt of Chapter 6 from "Phishing: Cutting the Identity Theft Line," authors Rachael Lininger and Russell Dean Vines explain how e-mail policies help protect companies from phishing attacks. Continue Reading