Threats and vulnerabilities

Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.

Top Stories

Feature 24 Mar 2023
SMS pumping attacks and how to mitigate them

Online forms that use SMS can be costly to organizations if they are vulnerable to SMS pumping attacks. Use the following methods to mitigate or prevent this fraud-based attack. Continue Reading
News 23 Mar 2023
More victims emerge from Fortra GoAnywhere zero-day attacks

Threat actors began exploiting a zero-day vulnerability in Fortra's GoAnywhere file sharing software in late January, victimizing several large enterprises. Continue Reading

News 02 Nov 2018

SamSam ransomware campaigns continue to target U.S. in 2018

News roundup: SamSam ransomware targeted 67 organizations in 2018, according to research. Plus, Equifax is sending its breach victims to Experian for credit monitoring, and more. Continue Reading
News 02 Nov 2018

Kraken ransomware gets packaged into Fallout EK

Researchers found Kraken ransomware has become more popular after being packaged in the Fallout exploit kit and becoming part of an affiliate program. Continue Reading
News 31 Oct 2018

The first sandboxed antivirus is Windows Defender

Microsoft created the first sandboxed antivirus solution in its latest Insider version of Windows Defender for Windows 10, moving proactively to harden the product against attacks. Continue Reading
News 25 Oct 2018

Malwarebytes cybercrime report shows increase in attacks on businesses

Malwarebytes' report, 'Cybercrime Tactics and Techniques Q3 2018,' highlights how businesses became the focus of cyberattacks versus consumers over the past three months. Continue Reading
News 25 Oct 2018

FireEye ties Russia to Triton malware attack in Saudi Arabia

FireEye security researchers claimed the Russian government was 'most likely' behind the Triton malware attack on an industrial control system in Saudi Arabia last year. Continue Reading
News 19 Oct 2018

GreyEnergy threat group detected attacking high-value targets

Researchers claim a new threat group called GreyEnergy is the successor to BlackEnergy, but experts are unsure if the evidence supports the claims or warnings of future attacks. Continue Reading
News 18 Oct 2018

New libSSH vulnerability gives root access to servers

A 4-year-old libSSH vulnerability can allow attackers to easily log in to servers with full administrative control, but it is still unclear exactly how many devices are at risk. Continue Reading
Tip 18 Oct 2018

The implications of the NetSpectre vulnerability

The NetSpectre vulnerability could enable a slow leak of data remotely via side channels. Expert Michael Cobb explains why data on secure microprocessors is not actually safe. Continue Reading
Answer 17 Oct 2018

How did the IcedID and TrickBot banking Trojans join forces?

The TrickBot banking Trojan joined forces with IcedID to form a dual threat that targets victims for money. Discover how this union occurred and how it has changed their behaviors. Continue Reading
News 16 Oct 2018

Pentagon data breach exposed travel data for 30,000 individuals

The Department of Defense said a Pentagon data breach exposed travel records for approximately 30,000 military and civilian personnel, but the investigation is still in progress. Continue Reading
Answer 15 Oct 2018

How does the MnuBot banking Trojan use unusual C&C servers?

IBM X-Force found MnuBot -- a new banking Trojan -- manipulating C&C servers in an unusual way. Learn how this is possible and how this malware differs from those in the past. Continue Reading
News 12 Oct 2018

Industroyer, NotPetya linked to TeleBots group by ESET researchers

News roundup: An APT group called TeleBots group was linked to Industroyer malware and NotPetya ransomware, according to researchers. Plus, Imperva is acquired by Thoma Bravo and more. Continue Reading
Answer 10 Oct 2018

How do hackers use legitimate admin tools to compromise networks?

Hackers use legitimate admin tools to exfiltrate data in living off the land attacks that are hard to detect. Learn about this cyberattack tactic from expert Michael Cobb. Continue Reading
News 05 Oct 2018

GRU indictment accuses 7 Russians in global cyberattacks

The U.S., U.K. and other allies accused seven Russian military officers in cybercrimes around the world, and the GRU indictment from the U.S. formally pressed charges. Continue Reading
News 04 Oct 2018

North Korean cybertheft of $100-plus million attributed to APT38

Security researchers tracked an aggressive cybertheft campaign -- attributed to North Korean APT38 -- in which threat actors attempted to steal more than $1 billion and destroy all evidence along the way. Continue Reading
Tip 04 Oct 2018

How is Android Accessibility Service affected by a banking Trojan?

ThreatFabric researchers uncovered MysteryBot, Android malware that uses overlay attacks to avoid detection. Learn how this malware affects Google's Android Accessibility Service. Continue Reading
Answer 04 Oct 2018

How does stegware malware exploit steganography techniques?

Researchers at the 2018 RSA Conference discussed the increasing availability of malware that uses steganography, dubbed stegware. Discover how this works with expert Nick Lewis. Continue Reading
Answer 02 Oct 2018

How does MassMiner malware infect systems across the web?

Researchers from AlienVault found a new cryptocurrency mining malware -- dubbed MassMiner -- that infects systems across the web. Learn how this malware operates with Nick Lewis. Continue Reading
Answer 02 Oct 2018

How can GravityRAT check for antimalware sandboxes?

A remote access Trojan -- dubbed GravityRAT -- was discovered checking for antimalware sandboxes by Cisco Talos. Learn how this technique works and how it can be mitigated. Continue Reading
News 28 Sep 2018

Facebook breach affected nearly 50 million accounts

Nearly 50 million accounts were affected in a Facebook breach, but it is still unclear what data attackers may have obtained and who might have been behind the breach. Continue Reading
Podcast 28 Sep 2018

Risk & Repeat: NSS Labs lawsuit shakes infosec industry

This week's Risk & Repeat podcast discusses NSS Labs' antitrust suit against several security vendors, including CrowdStrike and the Anti-Malware Testing Standards Organization. Continue Reading
Answer 27 Sep 2018

BlackTDS: How can enterprise security teams avoid an attack?

Proofpoint researchers found a bulletproof hosting evolution, BlackTDS, this is believed to be advertised on the dark web. Learn what security teams should know with Nick Lewis. Continue Reading
News 25 Sep 2018

Cybersecurity Tech Accord expands with new members, partners

Microsoft announced that, six months after its introduction, the Cybersecurity Tech Accord has nearly doubled its membership and partnered with the Global Forum on Cyber Expertise. Continue Reading
Answer 25 Sep 2018

Can monitoring help defend against Sanny malware update?

Changes to the Sanny malware were recently discovered by FireEye researchers. Learn who is at risk and how elevated privileges can help protect you with Nick Lewis. Continue Reading
News 21 Sep 2018

CrowdStrike responds to NSS Labs lawsuit over product testing

CrowdStrike and the Anti-Malware Testing Standards Organization responds the allegations made by NSS Labs in a bombshell antitrust suit over product testing practices. Continue Reading
News 19 Sep 2018

NSS Labs lawsuit takes aim at CrowdStrike, Symantec and ESET

In an antitrust lawsuit, NSS Labs accused some of the top antimalware vendors in the industry, including CrowdStrike and Symantec, of conspiring to undermine its testing efforts. Continue Reading
News 14 Sep 2018

Researchers bring back cold boot attacks on modern computers

The idea of cold boot attacks began 10 years ago, but researchers at F-Secure found the attack can be used on modern computers to steal encryption keys and other data. Continue Reading
Answer 14 Sep 2018

How does the SynAck ransomware use Process Doppelgänging?

A technique called Process Doppelgänging was used by the SynAck ransomware to bypass security software. Expert Michael Cobb explains how this technique works and why it's unique. Continue Reading
Answer 12 Sep 2018

How does Android Protected Confirmation provide security for users?

Android P integrates Android Protected Confirmation, which provides sufficient trust in the authentication process. Learn more about this new feature with expert Michael Cobb. Continue Reading
News 11 Sep 2018

Robot social engineering works because people personify robots

Brittany 'Straithe' Postnikoff studied robot social engineering and found personification of robots can lead to effective attacks, regardless of whether or not AI is involved. Continue Reading
News 07 Sep 2018

Another mSpy leak exposed millions of sensitive user records

News roundup: An mSpy leak has again exposed millions of customer records on the internet. Plus, the FIDO Alliance launched a biometrics certification, and more. Continue Reading
News 07 Sep 2018

Lazarus Group hacker charged in WannaCry, Sony attacks

The Department of Justice charged one Lazarus Group hacker, Park Jin Hyok, for his role in the WannaCry attack, Sony hack, SWIFT banking theft and more. Continue Reading
Tip 06 Sep 2018

How the STARTTLS Everywhere initiative will affect surveillance

The EFF's STARTTLS Everywhere initiative encrypts email during delivery and aims to prevent mass email surveillance. Expert Michael Cobb explains how STARTTLS works. Continue Reading
Answer 29 Aug 2018

ATM jackpotting: How does the Ploutus.D malware work?

Ploutus.D malware recently started popping up in the U.S. after several ATM jackpotting attacks. Discover how this is possible and what banks can do to prevent this with Nick Lewis. Continue Reading
Answer 28 Aug 2018

SamSam ransomware: How can enterprises prevent an attack?

SamSam ransomware infected the Colorado DOT after hitting hospitals, city councils and companies. Learn how this version differs from those we've seen in the past. Continue Reading
News 24 Aug 2018

Hundreds of Facebook accounts deleted for spreading misinformation

News roundup: Social media platforms shut down accounts spreading misinformation. The Facebook accounts deleted were tied to Iran, Russia. Plus, Ryuk ransomware spreads, and more. Continue Reading
News 23 Aug 2018

Laura Noren advocates data science ethics for employee info

Expert Laura Norén believes companies should be held to standards of data science ethics both when it comes to customer data and also for the data collected about employees. Continue Reading
News 17 Aug 2018

ICS security fails the Black Hat test

Industrial control systems hit the mainstream at Black Hat this year, with over two dozen program sessions tackling different angles of the subject. The takeaway: Vendors still aren't really trying. Continue Reading
Answer 17 Aug 2018

How is Oracle Micros POS affected by CVE 2018-2636?

A security researcher found a security flaw dubbed CVE-2018-2636 that enables the installation of malware on Oracle Micros POS systems. Learn more about the vulnerability. Continue Reading
Tip 16 Aug 2018

How to mitigate the Efail flaws in OpenPGP and S/MIME

Efail exploits vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext in encrypted emails. Learn more about the Efail vulnerabilities from expert Michael Cobb. Continue Reading
Answer 15 Aug 2018

Skygofree Trojan: What makes this spyware unique?

Android malware was discovered by Kaspersky Labs and named Skygofree. This Trojan targets smartphones and tablets using spyware and gathers user information and app data. Continue Reading
News 14 Aug 2018

Google location tracking continues even when turned off

New research has discovered mobile apps may still store where users have been even after Google location-tracking services have been turned off. Continue Reading
Answer 14 Aug 2018

Ransomware recovery: How can enterprises operate post-attack?

A report detailed how Maersk recovered its infrastructure from a NotPetya ransomware attack along with its chosen recovery option. Expert Nick Lewis explains how it worked. Continue Reading
Answer 13 Aug 2018

Okiru malware: How does this Mirai malware variant work?

A Mirai variant has the ability to put billions of devices at risk of becoming part of a botnet. Discover how this works and what devices are at risk with expert Nick Lewis. Continue Reading
News 10 Aug 2018

2018 Pwnie Awards cast light and shade on infosec winners

The Meltdown and Spectre research teams won big at the Pwnie Awards this year at Black Hat, while the late-entry Bitfi Wallet team overwhelmingly won for Lamest Vendor Response. Continue Reading
News 08 Aug 2018

Parisa Tabriz's Black Hat 2018 keynote challenges infosec's status quo

In her Black Hat 2018 keynote, Google's Parisa Tabriz celebrated the unrecognized, long-term work that can cause real change in security and challenge the status quo. Continue Reading
Answer 08 Aug 2018

How do SDKs for ad networks cause data leaks?

SDKs made user data susceptible to security vulnerabilities in mobile apps. Expert Michael Cobb explains how this security vulnerability put user data at risk. Continue Reading
Tip 07 Aug 2018

Four new Mac malware strains exposed by Malwarebytes

Mac platforms are at risk after Malwarebytes discovered four new Mac malware strains. Learn how to protect your enterprise and how to mitigate these attacks with expert Nick Lewis. Continue Reading
News 06 Aug 2018

Coinhive malware infects tens of thousands of MikroTik routers

The cryptominer Coinhive malware has infected tens of thousands of MikroTik routers around the world, as malicious actors take advantage of poor patching habits by users. Continue Reading
Blog Post 03 Aug 2018

Five things to watch for at Black Hat USA this year

As Black Hat USA 2018 approaches, we take a quick look at trends in the conference agenda and sessions not to miss. Continue Reading
Podcast 02 Aug 2018

Risk & Repeat: A deep dive on SamSam ransomware

In this week's Risk & Repeat podcast, SearchSecurity editors talk about the SamSam ransomware campaign, which may be the work of a single hacker who's made nearly $6 million. Continue Reading
News 02 Aug 2018

FIN7 members arrested after stealing 15 million credit card records

The FBI arrested three members of the FIN7 cybercrime gang -- also known as the Carbanak Group -- for targeting more than 100 businesses and stealing 15 million credit card records. Continue Reading
Conference Coverage 02 Aug 2018

Black Hat 2018 conference coverage

The SearchSecurity team covers the latest threats and vulnerabilities featured at this year's Black Hat USA with news, interviews and more from Las Vegas. Continue Reading
Feature 01 Aug 2018

Overwhelmed by security data? Science to the rescue

Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives. Continue Reading
News 31 Jul 2018

Malvertising campaign tied to legitimate online ad companies

A new report from Check Point Research uncovers an extensive malvertising campaign known as Master134 and implicates several online advertising companies in the scheme. Continue Reading
News 31 Jul 2018

SamSam ransomware payments reach nearly $6 million

New research reveals SamSam ransomware campaign has generated almost $6 million for attacker and appears to be the work of a single hacker who shows no sign of slowing down. Continue Reading
News 31 Jul 2018

NetSpectre is a remote side-channel attack, but a slow one

A new PoC attack using Spectre variant 1 called NetSpectre marks the first time Spectre v1 has been exploited remotely, although questions remain on the practicality of the attack. Continue Reading
27 Jul 2018

Overwhelmed by security data? Science to the rescue

Continue Reading
Answer 27 Jul 2018

Powerhammering: Can a power cable be used in air-gapped attacks?

Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power cables. Continue Reading
Podcast 26 Jul 2018

Risk & Repeat: DHS warns of power grid cyberattacks

In this week's Risk & Repeat podcast, SearchSecurity editors discuss a new warning from the Department of Homeland Security regarding Russian hackers targeting the U.S. power grid. Continue Reading
News 26 Jul 2018

DHS details electrical grid attacks by Russian agents

For the first time, DHS has offered more detailed and unclassified information about electrical grid attacks carried out by Russian hackers and the dangers to U.S. infrastructure. Continue Reading
News 19 Jul 2018

Vendor admits election systems included remote software

A vendor admitted to compromising its election system security by installing remote access software on systems over the span of six years, but claims to have stopped the practice. Continue Reading
Answer 19 Jul 2018

Zealot campaign: How is the Apache Struts vulnerability used?

The Zealot campaign discovered by F5 Networks uses the same Apache Struts vulnerability exploited in the Equifax breach. Learn how else it performs cryptomining with Nick Lewis. Continue Reading
Tip 19 Jul 2018

Domain fronting: Why cloud providers are concerned about it

Domain fronting is a popular way to bypass censorship controls, but cloud providers like AWS and Google have outlawed its use. Expert Michael Cobb explains why. Continue Reading
News 17 Jul 2018

X-Agent malware lurked on DNC systems for months after hack

The indictment of Russian intelligence officers accused of hacking the DNC revealed a troubling timeline, including the X-Agent malware lurking on DNC systems for months. Continue Reading
News 13 Jul 2018

Russian intelligence officers indicted for DNC hack

A grand jury for special counsel Robert Mueller's election-interference investigation indicted 12 Russian intelligence officers for crimes related to the DNC and DCCC hacks. Continue Reading
News 13 Jul 2018

New Spectre variants earn $100,000 bounty from Intel

Researchers discovered two new Spectre variants that can be used to bypass protections and attack systems and earned $100,000 in bug bounties from Intel. Continue Reading
News 13 Jul 2018

Ticketmaster breach part of worldwide card-skimming campaign

News roundup: The Ticketmaster breach was part of a massive digital credit card-skimming campaign. Plus, the U.K. fined Facebook over the Cambridge Analytica scandal, and more. Continue Reading
Answer 13 Jul 2018

Drupalgeddon 2.0: Why is this vulnerability highly critical?

A recently discovered Drupal vulnerability in its open source CMS allowed attackers to control websites. Learn how almost one million sites were affected with Michael Cobb. Continue Reading
News 11 Jul 2018

GandCrab ransomware adds NSA tools for faster spreading

NSA exploit tools have already been used in high-profile malware. And now, GandCrab ransomware v4 has added the NSA's SMB exploit in order to spread faster. Continue Reading
Podcast 11 Jul 2018

Risk & Repeat: New concerns about smartphone spying

In this week's Risk & Repeat podcast, SearchSecurity editors discuss research that shows some Android apps record video of users' screens without permission or notifications. Continue Reading
News 10 Jul 2018

Stolen digital certificates used in Plead malware spread

Researchers found the spread of Plead malware was aided by the use of stolen digital certificates, making the software appear legitimate and hiding the true nature of the attacks. Continue Reading
News 06 Jul 2018

Researchers discover Android apps spying on users' screens

News roundup: Academic researchers discover Android apps secretly recording and sharing video of users' screens. Plus, an NSO Group employee lands in hot water, and more. Continue Reading
News 03 Jul 2018

RAMpage attack unlikely to pose real-world risk, expert says

The RAMpage attack against the Rowhammer vulnerability in Android devices is theoretically possible, but it may be more academic than it is a practical concern, one expert said. Continue Reading
Blog Post 29 Jun 2018

Cyber attribution: Why it won't be easy to stop the blame game

Infosec experts have argued that too much focus is put on cyber attribution, but moving away from publicly identifying threat groups and nation-states may be easier said than done. Continue Reading
News 29 Jun 2018

McAfee details rise in blockchain threats, cryptocurrency attacks

McAfee's new 'Blockchain Threat Report' charts a dramatic rise in cryptomining malware and details four major attack vectors for cryptocurrency-related threats. Continue Reading
News 28 Jun 2018

EFF's STARTTLS Everywhere aims to protect email in transit

The EFF's new STARTTLS Everywhere initiative aims to secure email as it transits the internet between mail servers to prevent mass surveillance, as well as email spoofing. Continue Reading
Answer 28 Jun 2018

How can a text editor plug-in enable privilege escalation?

Developers use text editors to enhance efficiency in the workplace even though they require vulnerable third-party plug-ins. Discover these vulnerabilities with Judith Myerson. Continue Reading
News 27 Jun 2018

TLBleed attack can extract signing keys, but exploit is difficult

A new side-channel attack on Intel chips, named TLBleed, can extract signing keys. But the researcher who discovered it said users shouldn't worry, because it's not the next Spectre. Continue Reading
Tip 26 Jun 2018

How studying the black hat community can help enterprises

White hat hackers often assimilate themselves into the black hat community to track the latest threats. Discover how this behavior actually benefits the enterprise with David Geer. Continue Reading
Answer 26 Jun 2018

How can a hardcoded password vulnerability affect Cisco PCP?

Cisco patched a hardcoded password vulnerability found in their PCP software. Learn how the software works and how attackers can exploit this vulnerability with Judith Myerson. Continue Reading
News 22 Jun 2018

China-based Thrip hacking group targets U.S. telecoms

News roundup: China-based Thrip hacking group used legitimate tools to attack companies in the U.S. and Southeast Asia. Plus, election officials didn't know about hacks, and more. Continue Reading
Tip 19 Jun 2018

How white hat hackers can tell you more than threat intelligence

White hat hackers can play a key role in assessing threats lurking on the dark web. Discover what traditional threat intelligence isn't telling you and how white hats can help. Continue Reading
News 18 Jun 2018

PyRoMineIoT cryptojacker uses NSA exploit to spread

The latest malware threat based on the EternalRomance NSA exploit is PyRoMineIoT, a cryptojacker infecting IoT devices. But experts said the NSA shouldn't be held responsible for the damages. Continue Reading
News 15 Jun 2018

FBI fights business email compromise with global crackdown

U.S. federal agencies worked with international law enforcement in Operation Wire Wire to find and prosecute alleged cybercriminals conducting business-email-compromise scams. Continue Reading
Answer 15 Jun 2018

How does UBoatRAT use Google services and GitHub to spread?

A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can protect enterprises with Nick Lewis. Continue Reading
News 13 Jun 2018

North Korea hacking threat still looms despite summit

Despite a summit between President Trump and North Korean leader Kim Jong Un, the threat of North Korean hacking and cyberespionage still looms large, according to experts. Continue Reading
Answer 13 Jun 2018

Scarab ransomware: How do botnets alter ransomware threats?

The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect data with Nick Lewis. Continue Reading
Answer 11 Jun 2018

AVGater vulnerability: How are antivirus products impacted?

A security researcher recently discovered a new vulnerability -- the AVGater vulnerability -- that puts antivirus products at risk. Discover how this vulnerability works with Nick Lewis. Continue Reading
Answer 06 Jun 2018

How did cryptomining malware exploit a Telegram vulnerability?

Hackers were able to exploit a Telegram vulnerability to launch cryptomining malware. Expert Michael Cobb explains how they were able to do so and how to prevent similar attacks. Continue Reading
Answer 04 Jun 2018

How bad is the iBoot source code leak for Apple security?

The iBoot source code on Apple devices was leaked to the public on GitHub. Expert Michael Cobb explains how it happened and what the implications are for iOS security. Continue Reading
Feature 01 Jun 2018

Business email compromise moves closer to advanced threats

The sophisticated techniques used in BEC scams differ from other email fraud in the steps taken to construct the criminal campaign. Here's how to stop these APT-style attacks. Continue Reading
Opinion 01 Jun 2018

Cybercrime study: Growing economic ecosystem spells trouble

New research shows that cybercriminals are gaining momentum with connected infrastructure and collectively earning billions annually from a cybercrime economy. Now what? Continue Reading
Podcast 31 May 2018

Risk & Repeat: Are ICS threats being overblown or ignored?

In this week's Risk & Repeat podcast, SearchSecurity editors discuss dangers to critical infrastructure in the wake of a new report on the threat actors behind the Trisis malware. Continue Reading
News 31 May 2018

Yahoo hacker sentenced to five years in prison for massive breach

One of four Yahoo hackers was sentenced to five years in prison for his role in the massive 2014 breach, which included accessing millions of sensitive email accounts. Continue Reading
News 31 May 2018

Dragos' Robert Lee discusses latest ICS threats, hacking back

In part two of this interview from RSA Conference 2018, Dragos CEO Robert Lee discusses the latest threats to industrial control systems and how those threats can be exaggerated. Continue Reading
News 30 May 2018

Feds issue new alert on North Korean hacking campaigns

The U.S. government claims two notable malware campaigns are the work of North Korean nation-state hacking group Hidden Cobra, also known as the Lazarus Group. Continue Reading
29 May 2018

Business email compromise moves closer to advanced threats

Continue Reading
29 May 2018

Cybercrime study: Growing economic ecosystem spells trouble

Continue Reading
News 25 May 2018

Creators of Trisis malware have expanded their ICS attacks

News roundup: Dragos researchers say the group behind the Trisis malware has expanded its ICS attacks. Plus, Roaming Mantis malware now targets iOS devices, and more. Continue Reading