IM Security Issues, Risks and Tools
-
Tip
21 Jan 2022
How to start implementing passwordless authentication today
Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication. Continue Reading
-
Guest Post
21 Jan 2022
5 infosec predictions for 2022
If the predictions are correct, 2022 will be another groundbreaking year for information security. Have a look at the security forecast for the next 12 months. Continue Reading
-
Tip
21 Jan 2022
Top cloud security standards and frameworks to consider
Cloud security standards and frameworks are key to securing systems and maintaining privacy. Read up on available options and advice for selecting the best for your organization. Continue Reading
-
News
20 Jan 2022
Crypto.com confirms $35M lost in cyber attack
The cryptocurrency exchange had claimed no customer funds were lost in the recent cyber attack, but now admits 4,836.26 ETH and 443.93 bitcoin was stolen. Continue Reading
-
Tip
20 Jan 2022
Introduction to automated penetration testing
Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation? Continue Reading
-
News
20 Jan 2022
Cisco: Patching bugs is about more than CVSS numbers
Cisco's Kenna Security advised enterprises to consider more than just CVSS scores and update advisories when deciding when and how to address security vulnerabilities. Continue Reading
-
News
19 Jan 2022
FireEye, McAfee Enterprise relaunch as XDR-focused Trellix
Though the new company is a combination of two high-profile security vendors, private equity firm STG relaunched the merger under an entirely different name. Continue Reading
-
News
18 Jan 2022
Cryptocurrency exchange Crypto.com hit by cyber attack
The cryptocurrency exchange said it detected unauthorized activity on some user accounts over the weekend, but questions remain on the severity of the attacks. Continue Reading
-
News
18 Jan 2022
Ukraine hit with destructive malware attacks amidst turmoil
A new type of destructive malware was discovered by Microsoft after public and private organizations in Ukraine endured a series of cyber attacks as tensions with Russia grow. Continue Reading
-
Tip
18 Jan 2022
4 software supply chain security best practices
The increasing complexity of software supply chains makes it difficult for companies to understand all its components. Learn how to find vulnerabilities before attackers. Continue Reading
-
News
18 Jan 2022
Ransomware actors increasingly demand payment in Monero
Though Bitcoin is still the cryptocurrency standard in ransomware payment demands, Monero has gained prominence due to its more private, less traceable technology. Continue Reading
-
News
18 Jan 2022
Police seize VPN host allegedly facilitating ransomware
VPNLab is accused of facilitating cybercrime including ransomware and malware distribution, and its services were allegedly advertised on the dark web. Continue Reading
-
Tip
18 Jan 2022
Cloud-native security architecture principles and controls
Building a sound cloud security framework is challenging, and it's even more so when implementing a cloud-native architecture. Here are steps you can take to make the job easier. Continue Reading
-
News
13 Jan 2022
Ukrainian police bust unnamed ransomware gang
A law enforcement raid in Ukraine resulted in the arrest of five suspects accused of deploying ransomware through phishing emails and making more than $1 million. Continue Reading
-
Guest Post
13 Jan 2022
Is ransomware as a service going out of style?
Increased government pressure has backed many ransomware gangs into a corner, in turn forcing attackers to replace the ransomware-as-a-service model with a smash-and-grab approach. Continue Reading
-
News
12 Jan 2022
New RAT campaign abusing AWS, Azure cloud services
Cisco Talos discovered threat actors taking advantage of public cloud services to spread remote administration tools such as NanoCore, NetWire and AsyncRAT. Continue Reading
-
News
11 Jan 2022
Microsoft: China-based ransomware actor exploiting Log4Shell
According to Microsoft, a threat actor tracked as DEV-0401 is utilizing Night Sky ransomware in its Log4j attacks, a variant first reported Jan. 1 that targets large enterprises. Continue Reading
-
News
11 Jan 2022
SonicWall SMA 100 appliances beset by multiple vulnerabilities
SonicWall's security appliances can be compromised by several attacks on five vulnerabilities, including one remote code execution bug, according to Rapid7. Continue Reading
-
News
11 Jan 2022
NetUSB flaw could impact millions of routers
SentinelOne researcher Max Van Amerongen said the only way to fix the high-severity vulnerability is to update the router firmware, which can be a difficult process. Continue Reading
-
Guest Post
11 Jan 2022
Endpoint security is nothing without human operators
The growing threat landscape has made endpoint security more important than ever. Deploying an endpoint security platform without the proper staff, however, is simply not enough. Continue Reading
-
News
10 Jan 2022
Chainalysis: Cryptocurrency crime reaches all-time high
While illicit activity peaked at $14 billion in 2021, Chainalysis said it's a drop in the bucket compared with overall transactions amid 'roaring adoption' of cryptocurrency. Continue Reading
-
News
10 Jan 2022
VMware ESXi 7 users vulnerable to hypervisor takeover bug
A recent security update addressed a hypervisor takeover vulnerability in several VMware products, but the patch omitted one key server platform in ESXi 7. Continue Reading
-
Tip
10 Jan 2022
Allowlisting vs. blocklisting: Benefits and challenges
Allowlisting and blocklisting are key components of access control. Learn the benefits and challenges of each approach and why a combination of the two is often the best strategy. Continue Reading
-
Tip
10 Jan 2022
3 areas privacy and cybersecurity teams should collaborate
Organizations can get a lot of value by having their privacy and cybersecurity teams work closely together. Collaborating on compliance objectives is just one benefit. Continue Reading
-
News
06 Jan 2022
New Zloader attacks thwarting Microsoft signature checks
Check Point Software Technologies found a long-known trick of injecting code into valid file signatures remains effective for spreading malware such as Zloader. Continue Reading
-
News
05 Jan 2022
NY AG's credential stuffing probe finds 1M exposed accounts
The threat of credential stuffing attacks prompted an investigation by the New York Attorney General, which found stolen passwords for customer accounts across 17 companies. Continue Reading
-
News
05 Jan 2022
FTC warns companies to mitigate Log4j vulnerability
In a blog post about the critical Log4Shell vulnerability, the FTC mentioned 2017's Equifax breach and the legal consequences that followed. Continue Reading
-
Feature
04 Jan 2022
Is quantum computing ready to disrupt cybersecurity?
Quantum computing isn't here yet, but now is the time for companies to start considering how it may affect their business -- both negatively and positively -- in the next decade. Continue Reading
-
Tip
04 Jan 2022
7 API security testing best practices, with checklist
APIs are an increasingly common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
-
News
30 Dec 2021
Threat actors target HPE iLO hardware with rootkit attack
Integrated Lights Out, HPE's remote server management platform, has been compromised by intruders who are using it to install a hard-to-detect rootkit in the wild. Continue Reading
-
Feature
29 Dec 2021
Editor's picks: Top cybersecurity articles of 2021
As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
-
News
28 Dec 2021
10 of the biggest ransomware attacks in the second half of 2021
Extortion, increasingly high ransom demands and sensitive data leaks continued in the second half of 2021, impacting organizations such as Kaseya and MediaMarkt. Continue Reading
-
Guest Post
28 Dec 2021
How to make security accessible to developers
Apps are too often released with flaws and vulnerabilities. Learn how to make security accessible to developers by integrating best practices into the development lifecycle. Continue Reading
-
Feature
28 Dec 2021
Types of cybersecurity controls and how to place them
A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset. Continue Reading
-
Feature
28 Dec 2021
Top infosec best practices, challenges and pain points
Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management. Continue Reading
-
News
23 Dec 2021
ManageEngine attacks draw warning from FBI
The FBI said a vulnerability in the ManageEngine Desktop Central IT management tool is being used by APT actors in targeted network attacks dating back to October. Continue Reading
-
Tip
22 Dec 2021
Cybersecurity asset management takes ITAM to the next level
Security pros need to focus on cybersecurity asset management for devices, services and the vendors that can help. Use our checklist to find out how and where to start. Continue Reading
-
Tip
22 Dec 2021
10 common types of malware attacks and how to prevent them
The umbrella term malware is one of the greatest cybersecurity threats enterprises face. Learn about 10 common types of malware and how to prevent them. Continue Reading
-
Tip
21 Dec 2021
5 ways to automate security testing in DevSecOps
Read up on five areas of DevSecOps that benefit from security testing automation, such as code quality checking, web application scanning and vulnerability scanning. Continue Reading
-
Tip
21 Dec 2021
How to mitigate Log4Shell, the Log4j vulnerability
The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat. Continue Reading
-
Tip
21 Dec 2021
Top 10 IT security frameworks and standards explained
Several IT security frameworks and cybersecurity standards are available to help protect company data. Here's advice for choosing the right one for your organization. Continue Reading
-
News
20 Dec 2021
5 Russians charged in hacking, illegal trading scheme
A group of hackers based in Russia and tied to the GRU stand accused of breaking into companies and using confidential data to profit from illegal stock trades. Continue Reading
-
News
20 Dec 2021
Log4j 2.17.0 fixes newly discovered exploit
The Log4j 2.17.0 update is the third of its kind since Log4Shell was disclosed and the mass exploitation began. Versions 2.15.0 and 2.16.0 patched remote code execution bugs. Continue Reading
-
News
20 Dec 2021
Apple v. NSO Group: How will it affect security researchers?
While the full extent of impact won't be revealed until the lawsuit concludes, negative impacts on security researchers are possible. Continue Reading
-
News
20 Dec 2021
Critical bugs could go unpatched amid Log4j concern
Many organizations are focused on finding and patching Log4Shell, but there are other vulnerabilities, including Patch Tuesday bugs, already under active exploitation. Continue Reading
-
Podcast
17 Dec 2021
Risk & Repeat: Log4Shell shakes infosec industry
This Risk & Repeat podcast episode looks at the latest developments with Log4Shell and the efforts to mitigate the critical remote code executive vulnerability. Continue Reading
-
Tip
16 Dec 2021
Top 4 cloud misconfigurations and best practices to avoid them
Cloud security means keeping a close eye on how cloud resources and assets are configured. Some simple steps can keep you safe from hackers and other malicious activities. Continue Reading
-
News
15 Dec 2021
Log4j gets a second update as security woes pile up
Administrators who were already scrambling to patch up the Log4Shell flaw are now being advised to update to Log4j version 2.16.0 following the discovery of issues in 2.15.0. Continue Reading
-
News
15 Dec 2021
Nation-state threat groups are exploiting Log4Shell
Multiple nation-state actors are taking advantage of the critical log4j 2 vulnerability, making mitigation even more urgent for some enterprises and government agencies. Continue Reading
-
Guest Post
15 Dec 2021
The importance of automated certificate management
Managing the plethora of digital certificates can no longer be done in a spreadsheet by hand. Discover the importance of automated certificate management here. Continue Reading
-
News
15 Dec 2021
'Insane' spread of Log4j exploits won't abate anytime soon
Experts say that the explosion in exploits for CVE-2021-44228 is only the early phase of what will be a long and tedious road to remediation for the critical vulnerability. Continue Reading
-
News
14 Dec 2021
Hive ransomware claims hundreds of victims in 6-month span
Group-IB research has revealed that Hive ransomware-as-a-service operations are back and busier than ever, with a rapidly growing victim list over a short amount of time. Continue Reading
-
News
14 Dec 2021
Log4Shell: Experts warn of bug's severity, reach
Check Point Research said in a blog post 'anyone can make a Log4Shell exploit,' as it only requires a single string of malicious code. Continue Reading
-
Tip
14 Dec 2021
Use these 6 user authentication types to secure networks
One layer of security that all networks and applications need is authentication. Read up on six authentication types, from 2FA to biometrics to certificates. Continue Reading
-
Tip
14 Dec 2021
4 API authentication methods to better protect data in transit
The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
-
News
13 Dec 2021
Fixes for Log4j flaw arise as attacks soar
Exploits against the Log4j security vulnerability are already commonplace just days after its disclosure, but some vendors are already offering mitigations and detection tools. Continue Reading
-
News
13 Dec 2021
Critical Log4j flaw exploited a week before disclosure
The Apache Software Foundation first found out about the Log4j 2 vulnerability in late November, but Cisco and Cloudflare detected exploitation in the wild shortly after. Continue Reading
-
Tip
13 Dec 2021
Why you need an email security policy and how to build one
Companies must have an effective security policy in place to keep email protected from cybercriminals and employee misuse. Learn the best route to build one for your company. Continue Reading
-
News
10 Dec 2021
Dark web posts shed light on Panasonic breach
A network breach at Japanese electronics giant Panasonic was possibly set up as far back as January, according to researchers who were monitoring dark web forums. Continue Reading
-
News
10 Dec 2021
Critical Apache Log4j 2 bug under attack; mitigate now
The Log4j 2 flaw has a base CVSS score of 10 and enables remote code execution against applications, cloud services and PC games with vulnerable configurations. Continue Reading
-
Tip
10 Dec 2021
Cybersecurity employee training: How to build a solid plan
Cybersecurity training often misses the mark, while threats continue to grow. Succeed where others have failed by keeping training fresh, current and real. Here's how. Continue Reading
-
Guest Post
10 Dec 2021
The business benefits of data compliance
Beyond appeasing auditors and avoiding fines, data compliance offers several business benefits. Discover how data compliance can build trust and improve publicity. Continue Reading
-
Opinion
09 Dec 2021
Cloud application developers need built-in security
Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs. Continue Reading
-
News
09 Dec 2021
17 Discord malware packages found in NPM repository
These latest reports of Discord malware follow a trend of threat actors using open source software repositories to host malware, two JFrog researchers said. Continue Reading
-
Feature
09 Dec 2021
GDPR as we enter 2022: Challenges, enforcement and fines
Take a look at where GDPR stands as it reaches its fourth birthday, including enforcement and fine changes, current challenges, how COVID-19 affected it and more. Continue Reading
-
News
09 Dec 2021
Threat actors targeting MikroTik routers, devices
Eclypsium researchers found vulnerable MikroTik devices have become a popular target for threat actors, who are exploiting known flaws that remain unpatched. Continue Reading
-
Feature
08 Dec 2021
Is a passwordless future getting closer to reality?
Industry analysts offer predictions on the future of passwordless authentication and whether we'll ever truly get rid of one of security's weakest links. Continue Reading
-
Feature
08 Dec 2021
Browse 9 email security gateway options for your enterprise
Finding the best email security gateway is vital to protect companies from cyber attacks. Here's a look at the current market leaders and their standout features. Continue Reading
-
News
07 Dec 2021
USB-over-Ethernet bugs put cloud services at risk
SentinelOne says vulnerabilities in the Eltima SDK, which connects USB devices on virtual workstations, can put enterprises at risk of privilege escalation attacks. Continue Reading
-
News
07 Dec 2021
BadgerDAO users' cryptocurrency stolen in cyber attack
Following last week's attack, BadgerDAO sent the threat actor a message, offering to 'compensate' the individual for finding a vulnerability in the company's systems. Continue Reading
-
News
07 Dec 2021
Google takes action against blockchain-based Glupteba botnet
In a legal complaint made public Tuesday, Google said that it "has been and continues to be directly injured" by the actions of the Glupteba botnet. Continue Reading
-
Guest Post
07 Dec 2021
Why image-based phishing emails are difficult to detect
Image-based phishing emails are becoming increasingly popular with attackers. Learn how these hard-to-detect scams bypass email filters to infiltrate victims' systems. Continue Reading
-
News
06 Dec 2021
BitMart the latest crypto exchange to suffer cyber attack
BitMart, which describes itself as the 'most trusted crypto trading platform,' confirmed it was the victim of an attack where $150 million in assets were stolen. Continue Reading
-
News
06 Dec 2021
One year later, SolarWinds hackers targeting cloud providers
The hacking crew accused of breaking into SolarWinds a year ago is back at it and is trying to get to their targets through attacks on the networks of cloud computing providers. Continue Reading
-
Feature
06 Dec 2021
Passwordless authentication issues to address before adoption
The technology for passwordless authentication exists, but challenges remain. Companies must grapple with differing use cases, legacy software, adoption costs and more. Continue Reading
-
Tip
06 Dec 2021
How to get started with attack surface reduction
Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
-
Tip
06 Dec 2021
Security log management and logging best practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
-
Tip
06 Dec 2021
Top blockchain security attacks, hacks and issues
These five factors have created issues for the blockchain security landscape. Learn more about blockchain hacks and attacks and how they will affect the future of Web3. Continue Reading
-
News
03 Dec 2021
Hundreds of new vulnerabilities found in SOHO routers
Researchers credited vendors for their swift response to reports of widespread security vulnerabilities but warned users to make sure firmware is updated to avoid attacks. Continue Reading
-
News
02 Dec 2021
Former Ubiquiti engineer arrested for inside threat attack
Nickolas Sharp is accused of attacking his former employer, stealing confidential data and attempting to extort the company into paying him approximately $2 million. Continue Reading
-
News
01 Dec 2021
New Yanluowang ransomware mounting targeted attacks in US
Symantec threat analysts observed the new ransomware operation abusing legitimate tools such as ConnectWise's remote access product to move laterally inside networks. Continue Reading
-
News
01 Dec 2021
CISA taps CrowdStrike for endpoint security
The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul. Continue Reading
-
News
01 Dec 2021
BlackByte ransomware attacks exploiting ProxyShell flaws
Red Canary said BlackByte's campaign is using wormable ransomware against organizations vulnerable to ProxyShell flaws in Microsoft Exchange. Continue Reading
-
Guest Post
30 Nov 2021
Enterprise password security guidelines in a nutshell
In this concise guide to passwords, experts at Cyber Tec outline the security problems that put enterprises at risk and offer answers on how to solve them. Continue Reading
-
Tip
30 Nov 2021
How to create a company password policy, with template
Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading
-
News
30 Nov 2021
Windows Installer zero-day under active exploitation
McAfee said the Windows Installer vulnerability is being exploited in 23 countries around the world, including the United States, China, India and others. Continue Reading
-
News
29 Nov 2021
Hack 'Sabbath': Elusive new ransomware detected
A newly uncovered ransomware operation, dubbed UNC2190 or "Sabbath," has roots in a previous ransomware group but has so far been able to operate mostly undetected. Continue Reading
-
Tip
29 Nov 2021
How SBOMs for cybersecurity reduce software vulnerabilities
With SBOMs, companies will know what components constitute the software they purchase, making it easier for security teams to understand and manage vulnerabilities and risks. Continue Reading
-
Feature
29 Nov 2021
Elastic Stack Security tutorial: How to create detection rules
This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data. Continue Reading
-
Feature
29 Nov 2021
Elastic Security app enables affordable threat hunting
New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers. Continue Reading
-
Feature
29 Nov 2021
The components and objectives of privacy engineering
Privacy engineering helps organizations balance business and privacy needs, while mitigating the impact of data breaches. Learn about its components and objectives. Continue Reading
-
Feature
29 Nov 2021
The intersection of privacy by design and privacy engineering
Data privacy concerns are widespread. Privacy by design and privacy engineering help organizations balance privacy with utility and usability. Learn how. Continue Reading
-
Feature
24 Nov 2021
Ultimate guide to secure remote access
This comprehensive secure remote access guide outlines the strategies, tools and best practices to provide anywhere access while protecting data, systems and users. Continue Reading
-
News
23 Nov 2021
Apple files lawsuit against spyware vendor NSO Group
Apple sued the Israeli technology vendor, whose Pegasus spyware has been implicated in several malicious attacks on journalists, activists and government officials. Continue Reading
-
News
23 Nov 2021
Researcher drops instant admin Windows zero-day bug
A newly-disclosed zero-day vulnerability in Windows could potentially allow local users to elevate their permissions to administrator status, and Microsoft has yet to post a fix. Continue Reading
-
Guest Post
23 Nov 2021
How to talk about cybersecurity risks, colloquially
The cybersecurity field is riddled with confusion and complexity. Knowing how to talk about risk and how to manage it is key to building resilience. Continue Reading
-
News
22 Nov 2021
GoDaddy discloses breach of 1.2M customer account details
Web hosting provider GoDaddy said an attacker broke into its Managed WordPress service and accessed the account details and SSL keys of 1.2 million customers. Continue Reading
-
News
22 Nov 2021
Cryptocurrency exchange BTC-Alpha confirms ransomware attack
While it is common for threat actors to use cryptocurrency platforms to move and obfuscate ransom payments, this time an exchange platform was the victim of such an attack. Continue Reading
-
Tip
22 Nov 2021
Top 5 password hygiene tips and best practices
Passwords enable users to access important accounts and data -- making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
-
Answer
22 Nov 2021
What are the most important email security protocols?
Email was designed without security considerations, but these top email security protocols add mechanisms to keep messaging safe from threats. Continue Reading