Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
Feature
14 Mar 2024
JetBrains, Rapid7 clash over vulnerability disclosure policies
In a blog post this week, JetBrains argued that attacks on TeamCity customers were the result of Rapid7 publishing the full technical details of two critical vulnerabilities. Continue Reading
-
Tip
14 Mar 2024
How to craft a generative AI security policy that works
The advent of generative AI threatens to poke additional holes in your cybersecurity strategy. Compiling a GenAI-based security policy to guide your responses can help. Continue Reading
-
News
19 May 2021
SentinelOne: More supply chain attacks are coming
At RSA Conference 2021, SentinelOne threat researcher Marco Figueroa discussed the implications of the SolarWinds attacks, which he called one of the biggest hacks ever. Continue Reading
-
News
19 May 2021
SolarWinds CEO: Supply chain attack began in January 2019
SolarWinds CEO Sudhakar Ramakrishna clarified earlier remarks from the company and said the massive supply chain attack was not the result of an intern's mistake. Continue Reading
-
News
17 May 2021
Hackers turn Comcast voice remotes into eavesdropping tool
Guardicore researchers at RSA Conference 2021 manipulated the Xfinity XR11 voice controller to covertly record household conversations, raising concerns about IoT devices. Continue Reading
-
News
12 May 2021
Hacker makes short work of Apple AirTag jailbreak
A security researcher discovered a jailbreaking method for Apple's new mobile locating tracking devices, which were introduced just last month. Continue Reading
-
News
12 May 2021
Senate hearing raises questions about SolarWinds backdoors
U.S. Department of Commerce CISO Ryan Higgins said in a Senate committee hearing Tuesday that his department was one of first agencies to detect the systemic compromise. Continue Reading
-
News
12 May 2021
DarkSide: The ransomware gang that took down a pipeline
DarkSide may be best known for the Colonial Pipeline ransomware attack, but the gang has hit dozens of organizations since last summer, presenting itself as a Robin Hood-type group. Continue Reading
-
Definition
12 May 2021
hacker
A hacker is an individual who uses computer, networking or other skills to overcome a technical problem. Continue Reading
-
News
10 May 2021
Colonial Pipeline runs dry following ransomware attack
A vital U.S. oil supply was shut down to prevent a ransomware infection from spreading from corporate IT systems to more crucial operational technology systems. Continue Reading
-
News
06 May 2021
US defense contractor BlueForce apparently hit by ransomware
The Conti ransomware operators demanded nearly $1 million in bitcoin during ransomware negotiations and threatened to publish the defense contractor's data on its leak site. Continue Reading
-
News
06 May 2021
Dell patches high-severity flaws in firmware update driver
SentinelOne discovered the flaws in Dell's firmware update driver in December. There's no evidence that hackers have exploited the 12-year-old vulnerabilities. Continue Reading
-
News
05 May 2021
Twilio discloses breach caused by Codecov supply chain hack
Twilio utilizes Codecov tools including the previously compromised Bash Uploader script. It said that a "small number" of customer emails were potentially exposed. Continue Reading
-
News
05 May 2021
Researchers use PyInstaller to create stealth malware
Academic researchers say the application builder could be used to create undetectable attack bundles that bypass many widely used antimalware programs. Continue Reading
-
News
04 May 2021
Qualys finds 21 vulnerabilities in Exim mail software
Qualys, which discovered the '21Nails' vulnerabilities, said that it did not see evidence of exploitation, but many vulnerabilities are 17 years old and at risk of being exploited. Continue Reading
-
News
03 May 2021
Apple hurries out fixes for WebKit zero-days
Mac and iOS users are urged to patch their devices immediately for Apple WebKit flaws following reports of active exploits in the wild. Continue Reading
-
Definition
30 Apr 2021
pass the hash attack
A pass the hash attack is an exploit in which an attacker steals a hashed user credential and -- without cracking it -- reuses it to trick an authentication system into creating a new authenticated session on the same network. Continue Reading
-
Feature
29 Apr 2021
SolarWinds puts national cybersecurity strategy on display
Biden imposed economic sanctions on Russia for its role in the SolarWinds cyber attack. Experts see the response as just one part of a larger national cybersecurity strategy. Continue Reading
-
Definition
28 Apr 2021
watering hole attack
A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. Continue Reading
-
News
26 Apr 2021
Remaining Emotet infections uninstalled by German police
A German federal police action led to all infections of Emotet malware being uninstalled Sunday, following an international police takeover of Emotet infrastructure in January. Continue Reading
-
Definition
23 Apr 2021
computer cracker
A computer cracker is an outdated term used to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or in other ways intentionally breached computer security. Continue Reading
-
Definition
23 Apr 2021
pharming
Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent. Continue Reading
-
News
22 Apr 2021
DOJ creates ransomware task force to combat digital extortion
An internal memo from the DOJ said the task force will 'bring the full authorities and resources of the Department' in order to confront the growing threat of ransomware. Continue Reading
-
News
20 Apr 2021
The wide web of nation-state hackers attacking the U.S.
Cybersecurity experts weigh in on what it means to be a nation-state hacker, as well as the activities and motivations of the 'big four' countries attacking the U.S. Continue Reading
-
Feature
15 Apr 2021
Nation-state hacker indictments: Do they help or hinder?
While there are some benefits to filing criminal charges against nation-state actors, infosec experts say thus far, indictments haven't reduced cyber attacks. Continue Reading
-
Definition
13 Apr 2021
attack vector
An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome. Continue Reading
-
Tip
09 Apr 2021
12 Microsoft Exchange Server security best practices
Exchange security has come under increased scrutiny since the recent exploitation of critical vulnerabilities. Review this list of activities to best protect your enterprise. Continue Reading
-
News
07 Apr 2021
Cisco: Threat actors abusing Slack, Discord to hide malware
The threat intelligence vendor released a new report on how threat actors are increasingly abusing popular collaboration applications like Slack and Discord during the pandemic. Continue Reading
-
Podcast
06 Apr 2021
Risk & Repeat: Recapping the Exchange Server attacks
This week's Risk & Repeat episode looks back at the Microsoft Exchange Server attacks, plus the questions and mysteries surrounding the ongoing threat. Continue Reading
-
Definition
06 Apr 2021
side-channel attack
A side-channel attack is a security exploit that aims to gather information from or influence the program execution of a system by measuring or exploiting indirect effects of the system or its hardware -- rather than targeting the program or its code directly. Continue Reading
- Definition 06 Apr 2021
-
News
05 Apr 2021
CISA: APTs exploiting Fortinet FortiOS vulnerabilities
Three Fortinet FortiOS vulnerabilities that have been fully patched since last summer are being exploited by advanced persistent threat actors, according to the FBI and CISA. Continue Reading
-
Definition
05 Apr 2021
cyber hijacking
Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications. Continue Reading
-
Definition
31 Mar 2021
antimalware (anti-malware)
Antimalware is a type of software program created to protect IT systems and individual computers from malicious software, or malware. Continue Reading
-
News
30 Mar 2021
Mysterious Hades ransomware striking 'big game' enterprises
CrowdStrike reported Hades is tied to Evil Corp, but Awake Labs discovered a possible connection to Hafnium, a Chinese nation-state group behind initial Exchange Server attacks. Continue Reading
-
Definition
30 Mar 2021
botnet
A botnet is a collection of internet-connected devices, which may include personal computers (PCs), servers, mobile devices and internet of things (IoT) devices, that are infected and controlled by a common type of malware, often unbeknownst to their owner. Continue Reading
-
News
24 Mar 2021
Nearly 100,000 web shells detected on Exchange servers
Although Microsoft reported a decrease in the number of vulnerable Exchange servers, new research shows a large amount of malicious web shells hiding inside networks. Continue Reading
-
Definition
23 Mar 2021
email spoofing
Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source. Continue Reading
-
News
19 Mar 2021
Acer hit by apparent attack from REvil ransomware group
Acer told SearchSecurity in a statement that it has 'reported recent abnormal situations observed to the relevant law enforcement.' However, it did not confirm a ransomware attack. Continue Reading
-
News
17 Mar 2021
SolarWinds hackers stole Mimecast source code
The investigation into a stolen Mimecast-issued digital certificate is now complete, and the vendor said the initial intrusion was Sunburst malware in the SolarWinds Orion platform. Continue Reading
-
Quiz
15 Mar 2021
Information security quizzes to test your cybersecurity smarts
Test your knowledge of everything cybersecurity, from network security to regulatory compliance, with our collection of information security quizzes. Continue Reading
-
News
12 Mar 2021
DearCry ransomware impacting Microsoft Exchange servers
While only a small number of DearCry ransomware victims have been reported at this time, the infections have hit organizations in the U.S., Canada, Australia and beyond. Continue Reading
-
Feature
11 Mar 2021
After Oldsmar: How vulnerable is US critical infrastructure?
Following the highly publicized breach of a water treatment plant in Oldsmar, Fla., industrial security experts discuss the state of critical infrastructure risk in 2021. Continue Reading
-
News
09 Mar 2021
Microsoft Exchange Server attacks: What we know so far
More details continue to emerge since last week's disclosure of zero-day vulnerabilities and attacks on Microsoft Exchange Server, including the broad range of potential victims. Continue Reading
-
Feature
09 Mar 2021
Explore 5 business email compromise examples to learn from
Gift cards are for gifts, never for payment. Explore real-world examples of business email compromise to learn common attack patterns and red flags. Continue Reading
-
News
03 Mar 2021
Accellion FTA attacks claim more victims
More details have emerged about the Accellion FTA attacks since the December disclosure, including possible threat groups behind the breach and a growing list of victims. Continue Reading
-
Tip
03 Mar 2021
Technical controls to prevent business email compromise attacks
Technical controls are at the heart of preventing successful business email compromise attacks. Learn about those and extra considerations to keep your business secure. Continue Reading
-
Feature
01 Mar 2021
3 ransomware distribution methods popular with attackers
To prevent cyber attacks, understanding how they work is half the battle. Explore the most common ransomware distribution methods in this excerpt of 'Preventing Ransomware.' Continue Reading
-
Feature
01 Mar 2021
Malware researcher speculates on the future of ransomware
Abhijit Mohanta, author of 'Preventing Ransomware,' opines on the future of ransomware and discusses why this attack is favored among cybercriminals. Continue Reading
-
Definition
24 Feb 2021
spam trap
A spam trap is an email address that is used to identify and monitor spam email. Continue Reading
-
News
24 Feb 2021
Dragos: ICS security threats grew threefold in 2020
A new report highlights the challenges facing ICS vendors today, including practices that are geared toward traditional IT and not designed for ICS security. Continue Reading
-
News
22 Feb 2021
Chinese APT used stolen NSA exploit for years
Check Point's report details how a zero-day exploit credited to a Chinese nation-state threat group "is in fact a replica of an Equation Group exploit code-named 'EpMe.'" Continue Reading
-
Feature
18 Feb 2021
SolarWinds fallout has enterprise CISOs on edge
As investigators uncover more about the massive SolarWinds hack, enterprise CISOs' concerns about digital supply chain security grow. Continue Reading
-
News
17 Feb 2021
Wide net cast on potential Accellion breach victims
While Accellion fixed the zero-day vulnerability within 72 hours and said the breach affected 'less than 50 customers,' the attack's impact has expanded two weeks after the disclosure. Continue Reading
-
Podcast
17 Feb 2021
Risk & Repeat: SolarWinds and the hacking back debate
This week's Risk & Repeat podcast looks at a recent '60 Minutes' episode that discussed the possibility of the U.S. government hacking back in response to the SolarWinds attacks. Continue Reading
-
Quiz
17 Feb 2021
Malware quiz: Test your knowledge of types and terms
Malware trends are constantly evolving, but older techniques are still often used in cyber attacks today. Test your knowledge of existing and emerging threats in this malware quiz. Continue Reading
-
Tip
11 Feb 2021
Use business email compromise training to mitigate risk
Effective BEC training can prevent scams designed to exploit the brain's automatic responses. It starts by teaching employees to slow down and make the unconscious conscious. Continue Reading
-
Tip
09 Feb 2021
Using content disarm and reconstruction for malware protection
Content disarm and reconstruction is a modern approach to removing malicious code from files, key to detecting and thwarting successful phishing and malware attacks. Continue Reading
-
News
09 Feb 2021
Florida city's water nearly poisoned in TeamViewer attack
The intruder increased the quantity of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million briefly before a water plant operator fixed it. Continue Reading
-
News
09 Feb 2021
Ninety percent of dark web hacking forum posts come from buyers
Positive Technologies built a picture of dark web hacking forums via data from the 10 active forums and over 8 million users, though the veracity of such posts remains unclear. Continue Reading
-
News
08 Feb 2021
Microsoft, SolarWinds in dispute over nation-state attacks
The latest investigation updates from SolarWinds and Microsoft offer differing views on how nation-state threat actors compromised SolarWinds' environment. Continue Reading
-
News
04 Feb 2021
SolarWinds Office 365 environment compromised
SolarWinds CEO Sudhakar Ramakrishna said nation-state threat actors first compromised a single email account and later gained access to the company's Orion platform environment. Continue Reading
-
News
02 Feb 2021
SonicWall confirms zero-day vulnerability on SMA 100 series
After testing NCC Group's findings, SonicWall 'confirmed their submission as a critical zero-day in the SMA 100 series 10.x code, and are tracking it as SNWLID-2021-0001.' Continue Reading
-
Definition
26 Jan 2021
whaling attack (whaling phishing)
A whaling attack, also known as whaling phishing or a whaling phishing attack, is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company. Continue Reading
-
News
25 Jan 2021
SonicWall breached through 'probable' zero-day vulnerabilities
SonicWall's internal systems were breached, and the company is investigating its Secure Mobile Access (SMA) 100 series, a remote access product for SMBs, as a possible vector. Continue Reading
-
News
19 Jan 2021
FBI warns against vishing attacks targeting enterprises
Though the FBI vishing warning references attacks that began in December 2019, the alert is reminiscent of the Twitter social engineering attacks that took place last July. Continue Reading
-
News
12 Jan 2021
SolarWinds confirms supply chain attack began in 2019
SolarWinds and CrowdStrike published updates Monday that added new information for the timeline of the supply chain attack and how threat actors first gained access. Continue Reading
-
Podcast
08 Jan 2021
Risk & Repeat: SolarWinds attacks come into focus
This week's Risk & Repeat podcast discusses the fallout from the SolarWinds backdoor attacks as new victims and additional information have come to light. Continue Reading
-
News
06 Jan 2021
The SolarWinds attacks: What we know so far
The SolarWinds attacks have left a massive impact on security, tech and the world at large, and events are still unfolding nearly a month after the initial disclosure. Continue Reading
-
News
05 Jan 2021
10 of the biggest cyber attacks of 2020
Here is a list of 10 of the largest cyber attacks of a pandemic-dominated 2020, including several devastating ransomware incidents and a massive supply chain attack. Continue Reading
-
Feature
04 Jan 2021
Ransomware 'businesses': Does acting legitimate pay off?
Ransomware gangs such as Maze have portrayed themselves almost like penetration testing firms and referred to victims as 'clients.' What's behind this approach? Continue Reading
-
Tip
29 Dec 2020
What is bloatware? How to identify and remove it
Unwanted pre-installed software -- also known as bloatware -- has long posed security threats for computers and other devices. Here are strategies for how to detect bloatware and uninstall the potential threat. Continue Reading
-
News
23 Dec 2020
Security measures critical for COVID-19 vaccine distribution
The COVID-19 vaccine supply chain is already under attack, which comes as no surprise to experts. The biggest potential threats, however, are still to come. Continue Reading
-
News
21 Dec 2020
SolarWinds backdoor infected tech giants, impact unclear
Reports that technology giants were also affected by the SolarWinds backdoor malware have been confirmed by several major vendors, though there's no evidence they were breached. Continue Reading
-
Podcast
18 Dec 2020
Risk & Repeat: SolarWinds backdoor shakes infosec industry
This week's Risk & Repeat podcast discusses the latest developments around the devastating SolarWinds backdoor attacks, which impacted several U.S. government agencies. Continue Reading
-
News
17 Dec 2020
Microsoft, FireEye create kill switch for SolarWinds backdoor
The kill switch follows several other moves Microsoft made against the malware, including the removal of digital certificates and quarantining the malware in Windows Defender. Continue Reading
-
News
16 Dec 2020
SolarWinds struggles with response to supply chain attack
Security researchers discovered the Orion DLL component containing the backdoor used was still present in updates on SolarWinds' website as recently as Monday night. Continue Reading
-
News
16 Dec 2020
SolarWinds breach highlights dangers of supply chain attacks
While the scope of the breach is still unknown, the cyber attack on SolarWinds shows what can happen when sophisticated attackers target just one link of a software supply chain. Continue Reading
-
News
14 Dec 2020
SolarWinds backdoor used in nation-state cyber attacks
Nation-state hackers conducted a supply chain attack on SolarWinds and planted a backdoor in software updates issued to customers such as FireEye and various government agencies. Continue Reading
-
Feature
14 Dec 2020
Technology a double-edged sword for U.S. election security
Technologies were weaponized to undermine the 2020 U.S. presidential election, but IT systems have also helped to identify fraud and verify results in a hotly contested election. Continue Reading
-
News
09 Dec 2020
FireEye red team tools stolen in cyber attack
While no zero-day exploits were included in the red team tools, FireEye released detection rules and known vulnerabilities to help organizations defend themselves. Continue Reading
-
News
08 Dec 2020
New Microsoft Teams RCE vulnerability also wormable
In his GitHub post, researcher Oskars Vegeris discussed Microsoft classifying the vulnerability as 'Important' rather than 'Critical,' despite it being exploitable via RCE. Continue Reading
-
News
04 Dec 2020
New IBM encryption tools head off quantum computing threats
IBM rolled out a series of cloud-based services that improve hybrid cloud users' cryptographic key protection, in part to future-proof incursions by quantum computers. Continue Reading
-
Guest Post
03 Dec 2020
The challenge of addressing the IT and security skills gap
In the first of a two-part series, Jonathan Meyers examines the issues surrounding the security skills gap that companies must contend with due to limited budgets, training and more. Continue Reading
-
News
03 Dec 2020
Updated Trickbot malware threatens firmware security
Despite recent takedown efforts, the operators behind the malicious botnet are back with a new module called 'TrickBoot' that detects UEFI/BIOS firmware vulnerabilities. Continue Reading
-
News
01 Dec 2020
Online education vendor K12 hit with ransomware, pays ransom
A spokesperson for K12 told SearchSecurity that based on the current status of the investigation, the attack did not affect student devices or school networks. Continue Reading
-
News
18 Nov 2020
Sophos: Ransomware 'heavyweights' demand sky-high payments
Sophos principal research scientist Chet Wisniewski explains the presence of 'weight classes' in ransomware and offers his thoughts on its future. Continue Reading
-
News
17 Nov 2020
CrowdStrike: Ransomware hit 56% of organizations in last year
A new survey from CrowdStrike revealed more than half of 2,200 respondents' organizations were hit with a ransomware attack at least once in the past 12 months. Continue Reading
-
Podcast
13 Nov 2020
Risk & Repeat: 2020 election security in review
This week's Risk & Repeat podcast looks back at the 2020 election, which was free of major cyber attacks or hacks but has seen a rise in disinformation campaigns online. Continue Reading
-
News
12 Nov 2020
25,000 criminal reports: Vastaamo breach sets new precedent
The recent data breach at the Vastaamo Psychotherapy Centre in Finland shows threat actors are willing to threaten and extort patients directly, setting a dangerous new precedent. Continue Reading
-
News
12 Nov 2020
Life after Maze: Is Egregor ransomware next?
Cybersecurity experts have noted similarities between newly discovered Egregor ransomware and the now-defunct Maze, but it's unclear whether the same threat actors are involved. Continue Reading
-
Feature
02 Nov 2020
5 steps to get IoT cybersecurity and third parties in sync
Third parties often prove to be the weak links when it comes to IoT cybersecurity. Learn what you can do to minimize the risk while reaping the benefits that outside vendors bring. Continue Reading
-
Infographic
02 Nov 2020
COVID-19 cybersecurity data shows rising risk during remote pivot
When enterprises quickly pivoted to remote work during the pandemic, it prompted a wave of new threats while also widening existing gaps in cybersecurity postures. Continue Reading
-
News
02 Nov 2020
Maze gang shuts down its ransomware operation
Maze ransomware has shut down, according to an announcement it posted Sunday, although some evidence suggests that Maze operators have resumed attacks under a different name. Continue Reading
-
News
29 Oct 2020
FBI, CISA warn of impending ransomware attacks on hospitals
Trickbot and Ryuk ransomware actors are targeting hospitals and other healthcare providers, according to a joint cybersecurity advisory from the CISA and the FBI. Continue Reading
-
News
28 Oct 2020
'Lives at stake': How ransomware impacts hospitals
Some ransomware gangs pledged to not target medical facilities during the COVID-19 pandemic, but hospitals are still getting hit. And the attacks affect more than just IT systems. Continue Reading
-
News
22 Oct 2020
Iranian hackers pose as far-right group to threaten U.S. voters
The FBI said Russia and Iran have obtained voter information, and Iranian hackers have also been sending threatening emails to voters that appeared to be from a far-right group. Continue Reading
-
News
22 Oct 2020
McAfee launches IPO, raises $620 million
McAfee has returned to Wall Street, which comes months after the endpoint security vendor's previous CEO, Christopher Young, was replaced by Peter Leav in January. Continue Reading
-
News
21 Oct 2020
Microsoft: 94% of Trickbot's infrastructure disabled
In a new blog post, Microsoft said its legal takedown last week, which sought to decrease Trickbot activity, disabled the vast majority of the botnet's servers. Continue Reading
-
News
20 Oct 2020
NSS Labs ceases operations amid financial turmoil
Product testing firm NSS Labs shut down last week, citing negative effects of COVID-19, but former employees say the company's troubles started well before the pandemic. Continue Reading
-
Guest Post
19 Oct 2020
Combating disinformation campaigns ahead of 2020 election
As the 2020 election approaches, more focus needs to be on overcoming disinformation campaigns that manipulate voters as they vote early or head to the polls on Election Day. Continue Reading
-
News
08 Oct 2020
Should ransomware payments be banned? Experts weigh in
Two events -- a new advisory and what might be the first ransomware-related death -- have reignited the debate of whether ransomware payments should be banned. Continue Reading