Threat detection and response

Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.

Top Stories

Tip 09 Jul 2025
Security log management tips and best practices

Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
By
- Ed Moyle, SecurityCurve
- Michael Cobb
Tip 09 Jul 2025
Incident response tabletop exercises: Guide and template

Have an incident response plan but aren't running incident response tabletop exercises? These simulations are key to knowing if your plan will work during an actual security event. Continue Reading
By
- Paul Kirvan

Feature 08 Jul 2025
Phishing prevention: How to spot, stop and respond to scams

From email scams to BEC attacks, phishing is one of the biggest fish organizations must fry. Get advice on how to identify, prevent and respond to phishing schemes. Continue Reading
By
- Sharon Shea, Executive Editor
Tip 07 Jul 2025
How to detect and fix a jailbroken iPhone

Jailbroken devices can give rise to security threats for users and organizations alike. Learn how to prevent, detect and remove jailbreaking on enterprise iPhones. Continue Reading
By
- Sean Michael Kerner
Feature 07 Jul 2025
What is the future of cybersecurity?

As cyberthreats grow more sophisticated, enterprises face mounting challenges. What does the future of cybersecurity hold, and how can organizations stay ahead? Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 02 Jul 2025
What is a threat actor?

A threat actor, also called a malicious actor, is an entity that poses a security risk and seeks to cause harm to individuals, devices, networks or digital systems, often by exploiting vulnerabilities. Continue Reading
By
- Kinza Yasar, Technical Writer
- Rahul Awati
- Ivy Wigmore
Definition 02 Jul 2025
What is SIEM (security information and event management)?

SIEM (security information and event management) is software that helps organizations detect, analyze, and respond to security threats by collecting and correlating security event data from across the IT environment in real time. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
Definition 01 Jul 2025
What is risk analysis?

Risk analysis is the process of identifying and analyzing potential issues that could negatively affect key business initiatives or projects. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Kinza Yasar, Technical Writer
- Linda Rosencrance
Feature 30 Jun 2025
Enterprise cybersecurity: A strategic guide for CISOs

CISOs and others responsible for safeguarding an organization's systems, networks and data need to manage day-to-day threats while also planning strategically for what's ahead. Continue Reading
By
- Phil Sweeney, Industry Editor
- Craig Stedman, Industry Editor
Tip 27 Jun 2025
SBOM formats explained: Guide for enterprises

SBOMs inventory software components to help enhance security by tracking vulnerabilities. Teams have three standard SBOM formats to choose from: CycloneDX, SPDX and SWID tags. Continue Reading
By
- Ravi Das, ML Tech Inc.
Tip 27 Jun 2025
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 26 Jun 2025
12 smart contract vulnerabilities and how to mitigate them

Smart contracts execute tasks automatically when specific events occur, and they often handle large data and resource flows. This makes them particularly attractive to attackers. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
- Michael Cobb
Tip 25 Jun 2025
10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use, AI-driven attacks and vulnerable enterprise technologies are among the security risks faced in remote work environments. Continue Reading
By
- Mary K. Pratt
Tip 24 Jun 2025
Cybersecurity governance: A guide for businesses to follow

Cybersecurity governance is now critical, with NIST CSF 2.0 recently adding it as a dedicated function. Learn why governance is core to an effective cyber strategy. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 24 Jun 2025
What is crypto-agility?

Crypto-agility, or cryptographic agility, is the ability of an organization to efficiently and rapidly change cryptographic algorithms, protocols or primitives in response to emerging threats, vulnerabilities or regulatory requirements. Continue Reading
By
- Nick Barney, Technology Writer
- Alexander S. Gillis, Technical Writer and Editor
Tip 23 Jun 2025
SentinelOne vs. CrowdStrike: EPP tools for the enterprise

Compare SentinelOne and CrowdStrike endpoint protection platforms, which both offer strong endpoint security with GenAI, but differ in pricing tiers and specialized strengths. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 23 Jun 2025
What is a SYN flood DoS attack?

A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server. This exploit is also known as a 'half-open attack.' Continue Reading
By
- Scott Robinson, New Era Technology
- Ben Lutkevich, Site Editor
Tip 23 Jun 2025
What is a cyberattack? 16 common types and how to prevent them

To stop cybercrime, companies must understand how they're being attacked. Here are the most damaging types of cyberattacks, how to prevent them and their effect on daily business. Continue Reading
By
- Michael Cobb
Definition 20 Jun 2025
What is risk assessment?

Risk assessment is the process of identifying hazards that could negatively affect an organization's ability to conduct business. Continue Reading
By
- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
Definition 18 Jun 2025
What is an advanced persistent threat (APT)?

An advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Kinza Yasar, Technical Writer
- Linda Rosencrance
Tutorial 17 Jun 2025
Kali vs. ParrotOS: Security-focused Linux distros compared

Network security doesn't always require expensive software. Two Linux distributions -- Kali Linux and ParrotOS -- can help enterprises fill in their security gaps. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Feature 16 Jun 2025
How AI threat detection is transforming enterprise cybersecurity

AI-powered threat detection transforms cybersecurity by using machine learning to analyze network traffic, user behaviors and data access patterns. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
Tip 13 Jun 2025
What is cyber risk quantification (CRQ)? How to get it right

Cyber risk quantification translates security threats into financial terms, so executives can prioritize risks, justify investments and allocate resources to protect the business. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
Tip 11 Jun 2025
Should cybersecurity be part of your digital transformation strategy?

Digital transformation offers companies some tantalizing possibilities. But new technologies usher in new vulnerabilities. Cybersecurity needs to play a key role. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
Definition 11 Jun 2025
What is an asymmetric cyberattack?

An asymmetric cyberattack refers to cyberwarfare that inflicts a proportionally large amount of damage compared to the resources used by targeting the victim's most vulnerable security measure. Continue Reading
By
- Rahul Awati
Feature 10 Jun 2025
AI-powered attacks: What CISOs need to know now

AI-powered attacks are transforming cybersecurity, using AI to automate and personalize threats at an unprecedented scale since 2022. Continue Reading
By
- Sean Michael Kerner
Definition 06 Jun 2025
What is cyber extortion?

Cyber extortion is a crime involving an attack or threat of an attack, coupled with a demand for money or some other response, in return for stopping an attack or preventing one from happening. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Kinza Yasar, Technical Writer
Definition 05 Jun 2025
What is third-party risk management (TPRM)?

Third-party risk management (TPRM) is a comprehensive framework for identifying, assessing, and mitigating risks associated with using external vendors, suppliers, partners and service providers. Continue Reading
By
- Kinza Yasar, Technical Writer
Definition 05 Jun 2025
What is the WannaCry ransomware attack?

WannaCry ransomware is a cyberattack that spread by exploiting vulnerabilities in earlier and unpatched versions of the Windows operating system (OS). Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
Tip 02 Jun 2025
The DOGE effect on cybersecurity: Efficiency vs. risk

The DOGE effect on security is a complex issue. Pursuit of efficiency might be a legitimate goal, but experts caution it can conflict with cybersecurity defenses. Continue Reading
By
- Staff report
Video 02 Jun 2025
The DOGE effect on cyber: What's happened and what's next?

In this webinar, part of 'CISO Insights' series, cybersecurity experts debate the pros and cons of the Department of Government Efficiency's actions and the impact on their field. Continue Reading
By
- Staff report
Definition 30 May 2025
What is triple extortion ransomware?

Triple extortion ransomware is a type of ransomware attack in which a cybercriminal extorts their victim multiple times -- namely by encrypting data, exposing exfiltrated data and then threatening an additional third attack vector. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Sean Michael Kerner
Definition 30 May 2025
What is fourth-party risk management (FPRM)?

Fourth-party risk management (FPRM) is the process of identifying, assessing and mitigating risks that originate from the subcontractors and service providers that an organization's third-party vendors use. Continue Reading
By
- Kinza Yasar, Technical Writer
Definition 28 May 2025
What is double extortion ransomware? How to defend your organization

Double extortion ransomware is a type of cyberattack that encrypts a victim's data, like in a traditional ransomware attack, while also adding a second attack vector of stealing that data. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Sean Michael Kerner
Feature 21 May 2025
PowerSchool data breach: Explaining how it happened

Hackers are going to school (literally) as the education sector has become an increasingly attractive target for cybercriminals. Continue Reading
By
- Sean Michael Kerner
Conference Coverage 16 May 2025
RSAC Conference 2025

Follow SearchSecurity's RSAC 2025 guide for insightful pre-conference insights and reports on notable presentations and breaking news at the world's biggest infosec event. Continue Reading
By
- Sharon Shea, Executive Editor
News 13 May 2025

Vulnerability detection tops agentic AI at RSAC's startup competition

Agentic-native startups threaten to reduce the zero-day problem to just a zero-hour issue. Of course, AI agents will accelerate offensive attacks as well. Continue Reading
Definition 09 May 2025
What is a security operations center (SOC)?

A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks. Continue Reading
By
- Kinza Yasar, Technical Writer
- Paul Kirvan
- Sarah Lewis
Definition 08 May 2025
What are the top 10 spyware threats?

The top 10 spyware list describes the most common spyware threats behind famous spyware attacks and is frequently identified by leading antispyware tools from vendors like Webroot, Norton and Malwarebytes. Continue Reading
By
- Katie Terrell Hanna
- Andrew Zola
News 07 May 2025

RSAC 2025: Cyware operationalizes threat intelligence with AI, automation

Keeping up with threat intelligence, given its exponential growth, is tough. What businesses need is automatic triaging of alerts and guidance for any necessary follow-up, says Cyware's Sachin Jade. Continue Reading
Tutorial 07 May 2025
How to use arpwatch to monitor network changes

The arpwatch utility flags administrators in the event of any unexpected changes or unauthorized devices, which could signal ARP spoofing or credential-harvesting attacks. Continue Reading
By
- Damon Garn, Cogspinner Coaction
News 05 May 2025

RSAC 2025 highlights gap between threat intel, response

Staying ahead means cyber defenders can’t operate in silos. Continue Reading
News 02 May 2025

A cybersecurity paradox: Even resilient organizations are blind to AI threats

A LevelBlue report looks at what goes into the security postures of a cyber-resilient organization, and found that AI is still a blind spot. Continue Reading
Video 02 May 2025
An explanation of pen testing

Pen testing uses six steps to test systems for vulnerabilities so organizations can remediate any problems and strengthen their cybersecurity against potential attacks. Continue Reading
By
- Tommy Everson, Assistant Editor
- Sabrina Polin, Managing Editor
News 01 May 2025

RSAC Conference: New Huntress, Qualys offers, Malwarebytes channel initiatives

Salt Security, Diligent, Vodafone Business and Fortinet also made channel-relevant announcements during the conference. Continue Reading
News 01 May 2025

Debunking security 'myths' to address common gaps

Dan Gorecki and Scott Brammer's interactive session during RSAC Conference 2025 encourages security professionals to rethink their security postures and address evolving and emerging risks. Continue Reading
News 01 May 2025

Former CISA head slams Trump admin over 'loyalty mandate'

Jen Easterly, former director of CISA, discussed the first 100 days of the second Trump administration and criticized the president's 'mandate for loyalty' during a panel at RSAC 2025. Continue Reading
News 30 Apr 2025

Nvidia's new AI security offering protects against software landmines

Nvidia's DOCA Argus prevents attacks before they compromise AI architectures. Continue Reading
News 30 Apr 2025

DHS boss Noem vows to get CISA back 'on mission'

Secretary Noem asks the cybersecurity community to get in touch with CISA to help reshape the agency to focus on finding efficiencies. Continue Reading
News 30 Apr 2025

DARPA highlights critical infrastructure security challenges

Leaders at federal research organizations DARPA, ARPA-I and ARPA-H discussed the myriad obstacles in addressing critical infrastructure security at RSAC Conference 2025. Continue Reading
News 28 Apr 2025
Cisco, former Google, Meta experts train cybersecurity LLM

Cisco's new Foundation AI group, which includes engineers from multiple companies, has released a compact AI reasoning model based on Llama 3 for cybersecurity to open source. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 28 Apr 2025
7 stages of the ransomware lifecycle

It can be nearly impossible to predict if or how a ransomware group will target an organization, but there are knowable stages of a ransomware attack. Continue Reading
By
- Char Sample, ICF International
- Andrew Froehlich, West Gate Networks
Opinion 25 Apr 2025
RSAC 2025 to center on agentic AI, GenAI in security

If AI continues to become more accurate and secure, automation and self-healing systems that strengthen security programs could be the future. Continue Reading
By
- Melinda Marks, Practice Director
Opinion 24 Apr 2025
Change is in the wind for SecOps: Are you ready?

Attackers have historically had time on their side, outpacing defenders who have struggled to keep up. Agentic AI appears poised to change the game. Continue Reading
By
- Dave Gruber, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 23 Apr 2025
What is ransomware? Definition and complete guide

Ransomware is malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
By
- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
Definition 21 Apr 2025
What is a brute-force attack?

A brute-force attack is a trial-and-error hacking method cybercriminals use to decode login information and encryption keys to gain unauthorized access to systems. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Katie Terrell Hanna
Tip 15 Apr 2025
How to effectively respond to a ransomware attack

Does your organization know what to do if its systems are suddenly struck by a ransomware attack? To be ready, prepare your ransomware response well ahead of time. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 11 Apr 2025
Ransomware negotiation: Does it work, and should you try it?

Negotiating with the criminals who are holding your data for ransom is a daunting and stressful endeavor. Experts weigh in on the risks and the potential outcomes. Continue Reading
By
- Mary K. Pratt
Tip 09 Apr 2025
How to prevent and protect against ransomware

Organizations sometimes learn difficult lessons about gaps in their cybersecurity defenses. Here's what to know about ransomware preparation, detection, response and recovery. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 09 Apr 2025
How to create a data breach response plan, with free template

A data breach response plan outlines how a business reacts to a breach. Follow these six steps, and use our free template to develop your organization's plan. Continue Reading
By
- Rob Shapland
Feature 07 Apr 2025
Explaining AI's impact on ransomware attacks and security

Experts say AI and LLMs will make ransomware attacks more dangerous, but those same tools could be turned against criminals by bolstering ransomware protections. Continue Reading
By
- Michael Nadeau
Tip 03 Apr 2025
How to detect and remove malware from an Android device

Mobile malware can come in many forms, but users might not know how to identify it. Understand the signs to be wary of on Android devices, as well as what to do to remove malware. Continue Reading
By
- Sean Michael Kerner
- Michael Goad, CDW
Feature 03 Apr 2025
4 ransomware detection techniques to catch an attack

While prevention is key, it's not enough to protect a company's systems from ransomware. Learn how early detection with these four methods helps reduce damage from attacks. Continue Reading
By
- Kyle Johnson, Technology Editor
Opinion 01 Apr 2025
How ESET is using AI PCs to boost endpoint security

While AI PCs show legitimate promise, the rock-solid use cases haven't been as prominent. However, security vendor ESET is showing more concrete applications of this technology. Continue Reading
By
- Gabe Knuth, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 31 Mar 2025
How quantum cybersecurity changes the way you protect data

Here's a full guide to the threats quantum computers pose to today's encryption algorithms -- and how to prepare now to become "crypto-agile" enough to stay ahead of bad actors. Continue Reading
By
- Michael Nadeau
Feature 20 Mar 2025
3 types of deepfake detection technology and how they work

Think you're talking to your boss on Zoom? You might want to think again. Deepfake technology has already cost enterprises millions of dollars. Here's how to fight fire with fire. Continue Reading
By
- Alissa Irei, Senior Site Editor
News 20 Mar 2025
Cloudflare unveils tools for safeguarding AI deployment

The cybersecurity vendor's new suite helps businesses, developers and content creators deploy AI technology at scale safely and securely. Continue Reading
By
- Esther Shittu, News Writer
Definition 14 Mar 2025
What is pharming?

Pharming is a scamming practice in which malicious code is installed on a PC or server, misdirecting users to fraudulent websites without their knowledge or consent. Continue Reading
By
- Nick Barney, Technology Writer
Feature 11 Mar 2025
Incident response for web application attacks

Web app security is like learning to ride a bike -- expect to struggle before getting it right. But don't be disheartened; learn from prior incidents to improve controls. Continue Reading
By
- Kyle Johnson, Technology Editor
- Manning Publications Co.
Feature 06 Mar 2025
Treasury Department hacked: Explaining how it happened

Another major cyberattack hit the U.S. Treasury, allegedly by Chinese state-sponsored hackers. Exploiting BeyondTrust software, they accessed sensitive unclassified documents. Continue Reading
By
- Sean Michael Kerner
Definition 28 Feb 2025
What is the NSA and how does it work?

The National Security Agency (NSA) is a federal government surveillance and intelligence agency that's part of the U.S. Department of Defense and is managed under the authority of the director of national intelligence (DNI). Continue Reading
By
News 27 Feb 2025
CrowdStrike: China hacking has reached 'inflection point'

In its 2025 Global Threat Report, CrowdStrike observed an increase in China's cyber capabilities, with a focus on espionage and 'pre-positioning' itself in critical environments. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 26 Feb 2025
How to improve third-party API integration security

External API integrations are critical, but so is managing third-party API risks to maintain customer trust, remain compliant and ensure long-term operational resilience. Continue Reading
By
- Jerald Murphy, Nemertes Research
Tip 25 Feb 2025
How to enhance OSINT investigations using AI

As the amount of data publicly available online continues to grow, AI-driven tools are becoming indispensable companions for intelligence gathering and analysis. Continue Reading
By
- Nihad Hassan
Definition 24 Feb 2025
What is red teaming?

Red teaming is the practice of rigorously challenging plans, policies, systems and assumptions with an adversarial approach. Continue Reading
By
- Paul Kirvan
News 21 Feb 2025
Palo Alto Networks vulnerabilities exploited in chained attack

The cybersecurity vendor urges customers to take immediate action to mitigate recently disclosed vulnerabilities that are being actively exploited in the wild. Continue Reading
By
- Arielle Waldman, News Writer
Definition 21 Feb 2025
What is a network packet?

A network packet is a basic unit of data that is transferred over a computer network, typically a packet-switched network, such as the internet. Continue Reading
By
- Rahul Awati
- Kinza Yasar, Technical Writer
- Andrew Zola
Podcast 20 Feb 2025
Risk & Repeat: Salt Typhoon hasn't stopped hacking

Although the Salt Typhoon telecom breaches from last year appear to have been remediated, the Chinese state-sponsored threat group continues to target critical organizations. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 Feb 2025
CISA, FBI warn of Ghost/Cring ransomware attacks

Ghost is a China-based financially motivated ransomware group that has launched attacks against organizations in more than 70 countries -- including its own. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 20 Feb 2025
Penetration testing vs. vulnerability scanning: What's the difference?

Confused by the distinctions between penetration testing and vulnerability scanning? You're not alone. Learn the key differences between the two and when to use each. Continue Reading
By
- Kyle Johnson, Technology Editor
- Andrew Froehlich, West Gate Networks
Definition 18 Feb 2025
What are social engineering attacks?

Social engineering is an attack vector that relies heavily on human interaction and often involves psychological manipulation of people into breaking normal security procedures and best practices to gain unauthorized access. Continue Reading
By
- Paul Kirvan
- Madelyn Bacon, TechTarget
Definition 18 Feb 2025
What is a botnet?

A botnet is a collection of internet-connected devices -- including PCs, servers, mobile devices and internet of things (IoT) devices -- infected and controlled by a common type of malware, often unbeknownst to their owners. Continue Reading
By
- Scott Robinson, New Era Technology
- Katie Terrell Hanna
- Ben Lutkevich, Site Editor
News 13 Feb 2025
Salt Typhoon compromises telecom providers' Cisco devices

Salt Typhoon's latest campaign exploits older vulnerabilities in Cisco edge devices to gain access to the networks of several telecom companies, including two based in the U.S. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 13 Feb 2025
What is a denial-of-service attack?

A denial-of-service (DoS) attack is a security threat that occurs when an attacker makes it impossible for legitimate users to access computer systems, networks, services or other IT resources. Continue Reading
By
- Scott Robinson, New Era Technology
- Kevin Ferguson
- Peter Loshin, Former Senior Technology Editor
Definition 12 Feb 2025
What is cyber hijacking?

Cyber hijacking, or computer hijacking, is a type of network security attack in which the threat actor takes control of computer systems, software programs and network communications. Continue Reading
By
- Scott Robinson, New Era Technology
Definition 12 Feb 2025
What is antimalware?

Antimalware is a software program created to protect IT systems and individual computers from malicious software, or malware. Continue Reading
By
- Scott Robinson, New Era Technology
- Linda Rosencrance
Definition 11 Feb 2025
What is a honeypot? How it protects against cyberattacks

A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to help organizations detect, deflect and study hacking attempts to gain unauthorized access to IT. Continue Reading
By
- Scott Robinson, New Era Technology
- Ben Lutkevich, Site Editor
- Casey Clark, TechTarget
Tip 07 Feb 2025
Top 21 Kali Linux tools and how to use them

Kali Linux includes many tools tailored to beefing up network security. Getting familiar with them takes a lot of work, but the benefits they provide can be wide-ranging. Continue Reading
By
- Damon Garn, Cogspinner Coaction
News 06 Feb 2025
Unpatched.ai: Who runs the vulnerability discovery platform?

There is limited information on the AI-powered vulnerability discovery platform that emerged in December after it reported Microsoft vulnerabilities Continue Reading
By
- Arielle Waldman, News Writer
Definition 05 Feb 2025
What is a cyberthreat hunter (cybersecurity threat analyst)?

A cyberthreat hunter, also called a cybersecurity threat analyst, proactively identifies security incidents that might go undetected using automated security tools such as malware detectors and firewalls. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Katie Terrell Hanna
- John Moore, Industry Editor
Tip 05 Feb 2025
How to build an effective purple team playbook

Enterprises across a wide variety of vertical industries can benefit from purple team exercises that harness red and blue teams toward a common goal: reducing vulnerabilities. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
News 05 Feb 2025
Chainalysis records 35% decrease in ransom payments in 2024

While the first half of 2024 was on pace to surpass 2023's record-setting numbers, Chainalysis found that the volume of ransom payments dropped in the second half of the year. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Feb 2025
NSFocus: DeepSeek AI hit with 'well planned' DDoS attacks

Cybersecurity vendor NSFocus said AI startup DeepSeek endured multiple waves of DDoS attacks from attackers since its reasoning model was released Jan. 20. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 30 Jan 2025
German police disrupt Cracked, Nulled cybercrime forums

Cracked and Nulled had a combined community of approximately 10 million users who used the sites to discuss cybercrime and sell malware and hacking tools. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 Jan 2025
DOJ indicts 5 individuals in North Korea IT worker scam

An unsealed indictment revealed threat actors working for North Korea tricked at least 64 U.S. businesses into hiring fake IT workers for financial and propriety data gains. Continue Reading
By
- Arielle Waldman, News Writer
Definition 23 Jan 2025
What is threat modeling?

Threat modeling is the systematic process of identifying threats to and vulnerabilities in software applications, and then defining countermeasures to mitigate those threats and vulnerabilities to better protect business processes, networks, systems and data. Continue Reading
By
- Rahul Awati
- Michael Cobb
News 23 Jan 2025
Zero-day vulnerability in SonicWall SMA series under attack

SonicWall released a hotfix for a critical pre-authentication remote code execution vulnerability in Secure Mobile Access 1000 products amidst reports of zero-day exploitation. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 21 Jan 2025
Risk & Repeat: What is the future of CISA?

South Dakota Gov. Kristi Noem, who is President Donald Trump's nominee for DHS secretary, said during a recent confirmation hearing that CISA should be 'smaller.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 21 Jan 2025
Threat actors abusing Microsoft Teams in ransomware attacks

Sophos researchers observed two separate threat campaigns in which attackers used Microsoft Teams to pose as IT support personnel and gain access to victims' systems. Continue Reading
By
- Arielle Waldman, News Writer
Tip 21 Jan 2025
How to prevent living-off-the-land attacks

Living-off-the-land attacks have been around since the dawn of modern computing, but they're drawing new attention from threat actors eager to find ways to penetrate defenses. Continue Reading
By
- Amanda Scheldt
News 17 Jan 2025
Treasury Department sanctions company tied to Salt Typhoon

The sanctions were in response to significant cyberattacks by Chinese nation-state threat groups against the U.S. government and critical infrastructure in recent months. Continue Reading
By
- Arielle Waldman, News Writer
Feature 16 Jan 2025
The mystery of the $75M ransom payment to Dark Angels

The Dark Angels gang stole 100 TB of data from a Fortune 50 company last year for a record-setting ransom payment. But the victim organization still hasn't disclosed those details. Continue Reading
By
- Rob Wright, Senior News Director