Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
Podcast
12 Sep 2024
CTO challenges software security status quo
A former U.S. Department of Homeland Security researcher argues that software is fundamentally broken from a security perspective. So, where does the industry go from here? Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
11 Sep 2024
Microsoft: Zero-day vulnerability rolled back previous patches
On Patch Tuesday, Microsoft addresses a critical zero-day vulnerability that reversed previous fixes for older vulnerabilities and put Windows 10 systems at risk. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
10 Jan 2022
trusted computing base (TCB)
A trusted computing base (TCB) is everything in a computing system that provides a secure environment for operations. Continue Reading
By -
News
05 Jan 2022
NY AG's credential stuffing probe finds 1M exposed accounts
The threat of credential stuffing attacks prompted an investigation by the New York Attorney General, which found stolen passwords for customer accounts across 17 companies. Continue Reading
-
News
05 Jan 2022
MicroStrategy enhances security, embedded analytics features
The vendor recently upgraded its products to the latest version of Log4j's software while also adding a new viewing experience and embedded BI capabilities to its platform. Continue Reading
By- Eric Avidon, Senior News Writer
-
Feature
04 Jan 2022
Is quantum computing ready to disrupt cybersecurity?
Quantum computing isn't here yet, but now is the time for companies to start considering how it may affect their business -- both negatively and positively -- in the next decade. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
30 Dec 2021
Threat actors target HPE iLO hardware with rootkit attack
Integrated Lights Out, HPE's remote server management platform, has been compromised by intruders who are using it to install a hard-to-detect rootkit in the wild. Continue Reading
-
Feature
29 Dec 2021
Editor's picks: Top cybersecurity articles of 2021
As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
By- Isabella Harford, TechTarget
-
Feature
29 Dec 2021
Everything you need to know about ProxyShell vulnerabilities
Organizations need to patch their Exchange Servers to protect against the ProxyShell exploit. Learn how to do that and more here. Continue Reading
By -
Feature
28 Dec 2021
Types of cybersecurity controls and how to place them
A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset. Continue Reading
By- Isabella Harford, TechTarget
- Packt Publishing
-
Feature
28 Dec 2021
Top infosec best practices, challenges and pain points
Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management. Continue Reading
By- Isabella Harford, TechTarget
-
News
23 Dec 2021
ManageEngine attacks draw warning from FBI
The FBI said a vulnerability in the ManageEngine Desktop Central IT management tool is being used by APT actors in targeted network attacks dating back to October. Continue Reading
-
Tip
21 Dec 2021
How to mitigate Log4Shell, the Log4j vulnerability
The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat. Continue Reading
By -
News
20 Dec 2021
Log4j 2.17.0 fixes newly discovered exploit
The Log4j 2.17.0 update is the third of its kind since Log4Shell was disclosed and the mass exploitation began. Versions 2.15.0 and 2.16.0 patched remote code execution bugs. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
20 Dec 2021
Critical bugs could go unpatched amid Log4j concern
Many organizations are focused on finding and patching Log4Shell, but there are other vulnerabilities, including Patch Tuesday bugs, already under active exploitation. Continue Reading
-
Podcast
17 Dec 2021
Risk & Repeat: Log4Shell shakes infosec industry
This Risk & Repeat podcast episode looks at the latest developments with Log4Shell and the efforts to mitigate the critical remote code executive vulnerability. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
16 Dec 2021
Shield endpoints with IoT device security best practices
IT administrators must implement best practices, including segmenting the network, encrypting data and shutting down unused devices to ensure the security of IoT devices. Continue Reading
By -
Definition
16 Dec 2021
stealth virus
A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. Continue Reading
By -
Tip
16 Dec 2021
5 tips for primary storage ransomware protection
Explore the steps storage administrators can take to safeguard against ransomware. Dive deep into tips on access control, vulnerabilities and storage monitoring. Continue Reading
-
News
15 Dec 2021
Log4j gets a second update as security woes pile up
Administrators who were already scrambling to patch up the Log4Shell flaw are now being advised to update to Log4j version 2.16.0 following the discovery of issues in 2.15.0. Continue Reading
-
News
15 Dec 2021
Nation-state threat groups are exploiting Log4Shell
Multiple nation-state actors are taking advantage of the critical log4j 2 vulnerability, making mitigation even more urgent for some enterprises and government agencies. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
15 Dec 2021
6 IoT security layers to shape the ultimate defense strategy
IT administrators can divide and conquer their defense strategy with IoT security layers that ensure data protection from its generation in devices to its storage in the cloud. Continue Reading
-
News
15 Dec 2021
'Insane' spread of Log4j exploits won't abate anytime soon
Experts say that the explosion in exploits for CVE-2021-44228 is only the early phase of what will be a long and tedious road to remediation for the critical vulnerability. Continue Reading
-
Definition
15 Dec 2021
spam filter
A spam filter is a program used to detect unsolicited, unwanted and virus-infected emails and prevent those messages from getting to a user's inbox. Continue Reading
By -
News
14 Dec 2021
Hive ransomware claims hundreds of victims in 6-month span
Group-IB research has revealed that Hive ransomware-as-a-service operations are back and busier than ever, with a rapidly growing victim list over a short amount of time. Continue Reading
By- Arielle Waldman, News Writer
-
News
14 Dec 2021
Log4Shell: Experts warn of bug's severity, reach
Check Point Research said in a blog post 'anyone can make a Log4Shell exploit,' as it only requires a single string of malicious code. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
14 Dec 2021
Cyberattack on Kronos payroll triggers backup plans
Some users of Kronos payroll say they have backup and contingency plans ready to deal with the ransomware attack on the HR system's firm. Continue Reading
By- Patrick Thibodeau, Editor at Large
-
Tip
14 Dec 2021
4 API authentication methods to better protect data in transit
The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Definition
14 Dec 2021
Chernobyl virus
The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed. Continue Reading
-
News
13 Dec 2021
Fixes for Log4j flaw arise as attacks soar
Exploits against the Log4j security vulnerability are already commonplace just days after its disclosure, but some vendors are already offering mitigations and detection tools. Continue Reading
-
News
13 Dec 2021
Critical Log4j flaw exploited a week before disclosure
The Apache Software Foundation first found out about the Log4j 2 vulnerability in late November, but Cisco and Cloudflare detected exploitation in the wild shortly after. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
13 Dec 2021
Bolster physical defenses with IoT hardware security
IT admins must take IoT hardware security just as seriously as other protective measures in their network because attackers can also easily physically access remote devices. Continue Reading
-
News
10 Dec 2021
Dark web posts shed light on Panasonic breach
A network breach at Japanese electronics giant Panasonic was possibly set up as far back as January, according to researchers who were monitoring dark web forums. Continue Reading
-
News
10 Dec 2021
Critical Apache Log4j 2 bug under attack; mitigate now
The Log4j 2 flaw has a base CVSS score of 10 and enables remote code execution against applications, cloud services and PC games with vulnerable configurations. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
10 Dec 2021
evil twin attack
An evil twin attack is a rogue Wi-Fi access point (AP) that masquerades as a legitimate one, enabling an attacker to gain access to sensitive information without the end user's knowledge. Continue Reading
-
News
09 Dec 2021
17 Discord malware packages found in NPM repository
These latest reports of Discord malware follow a trend of threat actors using open source software repositories to host malware, two JFrog researchers said. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
09 Dec 2021
Threat actors targeting MikroTik routers, devices
Eclypsium researchers found vulnerable MikroTik devices have become a popular target for threat actors, who are exploiting known flaws that remain unpatched. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
08 Dec 2021
Elk Cloner
Elk Cloner is the first personal computer virus or self-replicating program known to have spread in the wild on a large scale. Continue Reading
By -
News
07 Dec 2021
USB-over-Ethernet bugs put cloud services at risk
SentinelOne says vulnerabilities in the Eltima SDK, which connects USB devices on virtual workstations, can put enterprises at risk of privilege escalation attacks. Continue Reading
-
News
07 Dec 2021
BadgerDAO users' cryptocurrency stolen in cyber attack
Following last week's attack, BadgerDAO sent the threat actor a message, offering to 'compensate' the individual for finding a vulnerability in the company's systems. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 Dec 2021
Google takes action against blockchain-based Glupteba botnet
In a legal complaint made public Tuesday, Google said that it "has been and continues to be directly injured" by the actions of the Glupteba botnet. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Guest Post
07 Dec 2021
Why image-based phishing emails are difficult to detect
Image-based phishing emails are becoming increasingly popular with attackers. Learn how these hard-to-detect scams bypass email filters to infiltrate victims' systems. Continue Reading
By- SĂ©bastien Goutal
-
Definition
07 Dec 2021
Melissa virus
Melissa was a type of email virus that initially become an issue in early 1999. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
News
06 Dec 2021
BitMart the latest crypto exchange to suffer cyber attack
BitMart, which describes itself as the 'most trusted crypto trading platform,' confirmed it was the victim of an attack where $150 million in assets were stolen. Continue Reading
By- Arielle Waldman, News Writer
-
News
06 Dec 2021
One year later, SolarWinds hackers targeting cloud providers
The hacking crew accused of breaking into SolarWinds a year ago is back at it and is trying to get to their targets through attacks on the networks of cloud computing providers. Continue Reading
-
Tip
06 Dec 2021
How to get started with attack surface reduction
Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
By- Diana Kelley, SecurityCurve
-
News
03 Dec 2021
Hundreds of new vulnerabilities found in SOHO routers
Researchers credited vendors for their swift response to reports of widespread security vulnerabilities but warned users to make sure firmware is updated to avoid attacks. Continue Reading
-
Guest Post
03 Dec 2021
IoT security needs zero trust to face new botnet trends
The growing threat of botnets that target IoT devices means that organizations must extend their perimeter access controls, including the use of zero trust. Continue Reading
By- Jonathan Nguyen-Duy
-
News
01 Dec 2021
New Yanluowang ransomware mounting targeted attacks in US
Symantec threat analysts observed the new ransomware operation abusing legitimate tools such as ConnectWise's remote access product to move laterally inside networks. Continue Reading
By- Arielle Waldman, News Writer
-
News
01 Dec 2021
BlackByte ransomware attacks exploiting ProxyShell flaws
Red Canary said BlackByte's campaign is using wormable ransomware against organizations vulnerable to ProxyShell flaws in Microsoft Exchange. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Guest Post
30 Nov 2021
Enterprise password security guidelines in a nutshell
In this concise guide to passwords, experts at Cyber Tec outline the security problems that put enterprises at risk and offer answers on how to solve them. Continue Reading
By- Cyber Tec Security
-
News
30 Nov 2021
Windows Installer zero-day under active exploitation
McAfee said the Windows Installer vulnerability is being exploited in 23 countries around the world, including the United States, China, India and others. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
30 Nov 2021
walled garden
On the internet, a walled garden is an environment that controls the user's access to network-based content and services. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
29 Nov 2021
Hack 'Sabbath': Elusive new ransomware detected
A newly uncovered ransomware operation, dubbed UNC2190 or "Sabbath," has roots in a previous ransomware group but has so far been able to operate mostly undetected. Continue Reading
-
Tip
29 Nov 2021
Tackle IoT application security threats and vulnerabilities
By taking action to secure IoT applications and including them in a security strategy, IT admins can close off a tempting entry point to criminals. Continue Reading
By- Julia Borgini, Spacebarpress Media
-
Tip
29 Nov 2021
How SBOMs for cybersecurity reduce software vulnerabilities
With SBOMs, companies will know what components constitute the software they purchase, making it easier for security teams to understand and manage vulnerabilities and risks. Continue Reading
By- Ed Moyle, Drake Software
-
Feature
29 Nov 2021
Elastic Stack Security tutorial: How to create detection rules
This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
Feature
29 Nov 2021
Elastic Security app enables affordable threat hunting
New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers. Continue Reading
By- Kyle Johnson, Technology Editor
-
Feature
29 Nov 2021
ProxyShell vs. ProxyLogon: What's the difference?
ProxyShell and ProxyLogon both affect Microsoft Exchange Servers, but they work in different ways. Continue Reading
By -
Definition
24 Nov 2021
black hat hacker
A black hat hacker has been historically used to describe one who has malicious intent -- such as theft of information, fraud or disrupting systems -- but increasingly, more specific terms are being used to describe those people. Continue Reading
-
News
23 Nov 2021
Apple files lawsuit against spyware vendor NSO Group
Apple sued the Israeli technology vendor, whose Pegasus spyware has been implicated in several malicious attacks on journalists, activists and government officials. Continue Reading
By- Arielle Waldman, News Writer
-
News
23 Nov 2021
Researcher drops instant admin Windows zero-day bug
A newly-disclosed zero-day vulnerability in Windows could potentially allow local users to elevate their permissions to administrator status, and Microsoft has yet to post a fix. Continue Reading
-
Definition
23 Nov 2021
footprinting
Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them. Continue Reading
By -
News
22 Nov 2021
Cryptocurrency exchange BTC-Alpha confirms ransomware attack
While it is common for threat actors to use cryptocurrency platforms to move and obfuscate ransom payments, this time an exchange platform was the victim of such an attack. Continue Reading
By- Arielle Waldman, News Writer
-
News
19 Nov 2021
Cybercriminals discuss new business model for zero-day exploits
Digital Shadows observed increased chatter on dark web forums about the possible emergence of a new business model that would rent out zero-day exploits as a service. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
19 Nov 2021
Nimda
First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the internet. Continue Reading
-
News
18 Nov 2021
CISA, Microsoft warn of rise in cyber attacks from Iran
CISA and Microsoft this week issued alerts about increased threat activity Iranian nation-state hacking groups, including ransomware attacks on enterprises. Continue Reading
-
News
18 Nov 2021
New side channel attack resurrects DNS poisoning threat
A new side channel attack would potentially allow attackers to poison DNS servers and reroute traffic to malicious sites. Continue Reading
-
News
17 Nov 2021
Malwarebytes slams Apple for inconsistent patching
At the center of the Apple criticism is an exploit chain that utilized two vulnerabilities -- one of which was only patched in macOS Big Sur for several months. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
17 Nov 2021
Risk & Repeat: Are ransomware busts having an effect?
International law enforcement agencies this year have stepped up efforts to address the ransomware threat with arrests, indictments and multimillion-dollar rewards. Continue Reading
By- Rob Wright, Senior News Director
-
News
15 Nov 2021
Microsoft releases out-of-band update for Windows Server
Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability. Continue Reading
-
News
15 Nov 2021
ProxyShell leads to domain-wide ransomware attack
The domain-wide ransomware attack utilized "almost no malware," and the threat actor accomplished the attack with the months-old ProxyShell vulnerabilities. Continue Reading
By- Alexander Culafi, Senior News Writer
- Definition 15 Nov 2021
-
Feature
11 Nov 2021
Tools to conduct security chaos engineering tests
Security teams are becoming curious about how chaos engineering can benefit them. Read about the security chaos engineering tools available for early adopters. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
11 Nov 2021
Trend Micro reveals 'Void Balaur' cybermercenary group
New Trend Micro research revealed a cybermercenary group that has been actively targeting high-profile organizations and individuals across the globe since 2015. Continue Reading
By- Arielle Waldman, News Writer
-
News
11 Nov 2021
Citrix DDOS bug leaves networks vulnerable
Citrix patched a critical bug in its Application Delivery Controller and Gateway software that left networks open to DDOS attacks. It also fixed a less-severe SD-WAN WANOP bug. Continue Reading
By- Madelaine Millar, TechTarget
-
News
11 Nov 2021
'King of Fraud' sentenced for Methbot botnet operation
Aleksandr Zhukov was sentenced to 10 years in prison for the theft of $7 million in a massive digital advertising fraud operation using his 'Methbot' botnet. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 Nov 2021
US targets REvil, DarkSide ransomware with $10M rewards
Infosec experts weigh in on the U.S. government's latest tactic to thwart ransomware operations -- the offering of rewards of up to $10 million for information on operators. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 Nov 2021
Medical devices at risk from Siemens Nucleus vulnerabilities
Thirteen bugs, including a critical security flaw, have been patched in the Siemens Nucleus TCP/IP stack, a vital component for millions of connected medical devices. Continue Reading
-
News
08 Nov 2021
REvil ransomware affiliates arrested in international takedown
Europol said the two suspected REvil affiliates were allegedly responsible for 5,000 ransomware infections and received approximately half a million euros in ransom payments. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
03 Nov 2021
BlackMatter claims to shut down ransomware operations
Operators behind the ransomware, known to target critical infrastructure, attributed the shutdown to pressure from authorities and the disappearance of team members. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
29 Oct 2021
shoulder surfing
Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Continue Reading
-
Definition
29 Oct 2021
adware
Adware is any software application in which an advertising banner or other advertising material displays or downloads while a program is running. Continue Reading
By- Ben Lutkevich, Site Editor
- Taina Teravainen
-
News
28 Oct 2021
Avast releases decryptors for multiple ransomware strains
Victims of three separate ransomware families can now recover data using tools developed by the antivirus vendor with help from a malware analyst and an alleged Babuk developer. Continue Reading
By- Arielle Waldman, News Writer
-
News
25 Oct 2021
Emsisoft cracked BlackMatter ransomware, recovered victims' data
Emsisoft developed a decryptor for BlackMatter and also found vulnerabilities in about a dozen other ransomware families that can be used to recover victims' data. Continue Reading
By- Arielle Waldman, News Writer
-
News
19 Oct 2021
Federal agencies issue warning on BlackMatter ransomware
U.S. government agencies say a new family of malware could create problems for critical infrastructure by shutting down critical networks and disrupting commerce. Continue Reading
-
News
13 Oct 2021
How hackers exploited RCE vulnerabilities in Atlassian, Azure
Barracuda researchers examined exploitation activity and attack patterns for two remote code execution vulnerabilities affecting Atlassian's Confluence and Microsoft's Azure. Continue Reading
-
News
12 Oct 2021
Apple patches iOS vulnerability actively exploited in the wild
Apple said in a security advisory that it had received a report that the iOS flaw, which impacts kernel extension IOMobileFrameBuffer, 'may have been actively exploited.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
11 Oct 2021
Iranian password spraying campaign hits Office 365 accounts
The Iran-backed DEV-0343 threat group has launched a password spraying offensive against Office 365 accounts in the defense, maritime and oil industries. Continue Reading
-
Definition
07 Oct 2021
decompression bomb (zip bomb, zip of death attack)
A decompression bomb -- also known as a zip bomb or zip of death attack -- is a malicious archive file containing a large amount of compressed data. Continue Reading
-
News
06 Oct 2021
Apache HTTP Server vulnerability under active attack
Security experts are urging administrators to update their installations of Apache HTTP Server following the disclosure of a zero-day vulnerability that had been under attack. Continue Reading
-
News
06 Oct 2021
Iranian hackers abusing Dropbox in cyberespionage campaign
A group of hackers believed to be based in Iran is targeting organizations in the U.S. and elsewhere with a campaign that uses cloud storage service Dropbox. Continue Reading
-
News
04 Oct 2021
2 suspected ransomware operators arrested in Ukraine
A coordinated international law enforcement operation led to the arrest of two alleged ransomware operators, though the ransomware gang has not been identified. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
01 Oct 2021
rootkit
A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system. Continue Reading
By- Mary E. Shacklett, Transworld Data
- Linda Rosencrance
-
News
28 Sep 2021
SolarWinds hackers Nobelium spotted using a new backdoor
Microsoft researchers believe Nobelium, the Russian-backed group that breached SolarWinds, has been using a backdoor tool called FoggyWeb since at least April. Continue Reading
-
Definition
27 Sep 2021
brute-force attack
A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems. Continue Reading
-
News
24 Sep 2021
Spurned researcher posts trio of iOS zero days
An anonymous bug hunter critical of Apple's handling of reports to its bounty program has released details on three zero-day vulnerabilities in its iOS mobile platform. Continue Reading
-
News
22 Sep 2021
Turla deploying 'secondary' backdoor in state-sponsored attacks
Cisco Talos said hackers connected to the Russian APT Turla are using a new piece of malware to get persistent access on infected networks in the U.S., Germany and Afghanistan. Continue Reading
-
News
22 Sep 2021
Marcus & Millichap hit with possible BlackMatter ransomware
The real estate firm confirmed in a SEC filing this week that it had suffered a recent cyber attack but claimed there was no 'material disruption' to its business. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
21 Sep 2021
Treasury Department sanctions cryptocurrency exchange Suex
In the ongoing battle against ransomware attacks, the Treasury Department sanctioned Suex, a cryptocurrency exchange accused of laundering ransom payments. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
21 Sep 2021
email virus
An email virus consists of malicious code distributed in email messages to infect one or more devices. Continue Reading
-
News
20 Sep 2021
Italian Mafia implicated in massive cybercrime network
A recent spate of phishing attacks and SMS fraud scams in Spain is being blamed on cybercriminals who were operating from the Canary Islands with backing from the Italian mob. Continue Reading