Threats and vulnerabilities

How does the boot mode vulnerability in Android work?

A boot mode vulnerability allowed attackers to eavesdrop on calls made on certain Android devices. Expert Judith Myerson explains how the complex exploit works. Continue Reading

NSA spyware found infecting tens of thousands worldwide

A new security tool will let users scan their systems for the presence of NSA spyware found in the latest Equation Group leak, and tens of thousands are already infected. Continue Reading

Hajime worm fights the forces of evil IoT malware, maybe

News roundup: The Hajime worm is the nicer, sneakier brother of Mirai malware. Plus, the FBI and CIA hunt for the Vault 7 whistleblower, Symantec adds to Zscaler lawsuit, and more. Continue Reading

How does Exaspy spyware disguise itself on Android devices?

Exaspy spyware, which can access messages, video chats and more, was found on Android devices owned by executives. Expert Nick Lewis explains how Exaspy is able to avoid detection. Continue Reading

Shadow Brokers' Windows exploits target unsupported systems

A new release of NSA cyberweapons falls flat, as Windows exploits from the Shadow Brokers have mostly been patched. But unsupported systems are still at risk. Continue Reading

Shadow Brokers release SWIFT banking and Windows exploits

The Shadow Brokers released another cache of cyberweapons linked to the Equation Group, including Windows exploits and attack details for the SWIFT banking system. Continue Reading

U.S. election hacking not an act of cyberwarfare, experts say

The government needs a better definition for an act of cyberwarfare, says ex-CIA Director Michael Hayden, because he doesn't think the U.S. election hacking applies. Continue Reading

CIA Vault 7 tools attributed to hacking group for years

Security researchers said the CIA Vault 7 tools and techniques are linked to cyberattacks over the past six years targeting various foreign entities. Continue Reading

Pegasus malware expands from iOS to Android

One of the more malicious iOS threats -- Pegasus malware -- has made its way to Android devices and it has some dangerous new tricks in its arsenal. Continue Reading

Five criteria for purchasing from threat intelligence providers

Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs. Continue Reading

Politics of cyber attribution pose risk for private industry

Why nation-state attribution plays a major role in the U.S. government's willingness to share cyberthreat intelligence with private-sector companies. Continue Reading

How did firmware create an Android backdoor in budget devices?

An Android backdoor was discovered in the Ragentek firmware used in almost three million low-cost devices. Expert Michael Cobb explains how to prevent attacks on affected devices. Continue Reading

How did vulnerabilities in AirWatch Agent and Inbox work?

Flaws in AirWatch Agent and AirWatch Inbox allowed rooted devices to bypass the software's security measures. Expert Matthew Pascucci explains how these vulnerabilities worked. Continue Reading

Politics of cyber attribution pose risk for private industry

 Continue Reading

Cisco issues fix for Vault 7 vulnerability without help from WikiLeaks

News roundup: Cisco fixes a Vault 7 flaw unaided, despite WikiLeaks' pledge to work with vendors. Plus, LastPass flaws leak user data; Apple held hostage by hackers; and more. Continue Reading

How does the Locky ransomware file type affect enterprise protection?

Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust protections for this shift. Continue Reading

Hajime malware: How does it differ from the Mirai worm?

Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime differs from Mirai. Continue Reading

How does the Drammer attack exploit ARM-based mobile devices?

Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ARM processors. Continue Reading

How can attackers turn Instagram into C&C infrastructure?

An Instagram application can be turned into C&C infrastructure with the help of image steganography malware attacks. Expert Nick Lewis explains how this works. Continue Reading

Patched Apache Struts vulnerability exploited in the wild

News roundup: An Apache Struts vulnerability is still being exploited, despite being patched. Plus, WhatsApp and Telegram release patches; Assange contacts Microsoft; and more. Continue Reading

Is the antivirus industry dead? Experts weigh in

RSAC 2017: With malware-detecting software increasingly coming under fire for vulnerabilities, find out what the experts had to say about the future of the antivirus industry. Continue Reading

How can the Dirty COW vulnerability be used to attack Android devices?

A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack. Continue Reading

What's the best corporate email security policy for erroneous emails?

If an employee receives invalidated emails, should the corporate email security policy handle it? Expert Matthew Pascucci discusses the rights of the enterprise. Continue Reading

What to consider about signatureless malware detection

Endpoint security is changing into signatureless malware detection and protection. Expert Matthew Pascucci discusses the transition away from signatures. Continue Reading

Ransomware costs not limited to ransoms, research shows

The financial fallout from ransomware involves more than bitcoins, one study found. Targeted companies invest in security technology and fear loss of reputation and customers. Continue Reading

Doxware: New ransomware threat, or just extortionware rebranded?

 Continue Reading

Ransomware costs not limited to ransoms, research shows

 Continue Reading

IoT malware: How can internet-connected devices be secured?

IoT botnet DDoS attacks have been growing in volume and impact. Expert Nick Lewis explains how you can ensure your internet-connected devices are secure from IoT malware. Continue Reading

How can obfuscated macro malware be located and removed?

A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to find and remove this malware. Continue Reading

How can open FTP servers be protected from Miner-C malware?

Enterprises with open FTP servers are being targeted by Miner-C malware for crypto coin mining activities. Expert Nick Lewis explains how enterprises can protect their servers. Continue Reading

Connected medical devices spark debate at RSA Conference session

An RSA Conference session on a new attack on connected medical devices led to a spirited debate on vulnerability disclosure and manufacturer responsibility. Continue Reading

Christopher Young: Don't sleep on the Mirai botnet

RSA Conference 2017 was full of talk about future IoT attacks, but Intel Security's Christopher Young said the Mirai botnet is still an enormous threat and demonstrated why that is. Continue Reading

Microsoft: Nation-state cyberattacks have changed the security game

Microsoft's Brad Smith spoke at RSA Conference 2017 about the effects of nation-state cyberattacks and what businesses and governments can do about them. Continue Reading

Ransomware threat continues to evolve, defense needs to catch up

With the rapid expansion of the ransomware threat landscape, defenders are scrambling to find ways to fight back. RSAC 2017 dedicated a full day for a ransomware seminar. Continue Reading

Five things to watch at RSA Conference 2017

With no single trend or theme dominating at RSA Conference 2017, this year's show will still have plenty of material on machine learning, IoT security and much more. Continue Reading

How did a Signal app bug let attackers alter encrypted attachments?

The Signal app, used for end-to-end encrypted mobile messaging, contained a bug that allowed data to be added to attachments. Expert Michael Cobb explains the flaw. Continue Reading

How does Overseer spyware work on infected Android apps?

Spyware was found on infected Android apps, which were meant to convey embassy information and news, in the Google Play Store. Expert Michael Cobb explains how the spyware works. Continue Reading

Recent ransomware attacks: Data shows 50% growth in 2016

With high sums paid, ransomware gets all the attention. But malware is not the only way that criminals gained control of enterprise systems, a new report shows. Continue Reading

Looming cloud security threats: How attacks will follow your data

You can move your data to cloud-based systems and web services, but you can't hide it there. Hackers and predators have more ways to find it. Continue Reading

In 2017, cybersecurity attacks will follow your data

Thanks to a polarizing election, the potential ramifications of cybersecurity attacks are front and center. Your friends and relatives probably have some concept of what it is that you actually do and its importance. But the daily challenges of protecting most enterprise environments is less like The Americans than they might think. Still, it's exciting. In this issue of Information Security magazine, we look at the incoming threats in 2017 and some countermeasures that can help your organization bolster its defenses.

Last year, we saw the internet of things used as a beachhead in larger cybersecurity attacks. Many devices now use cloud-based systems to communicate. They regularly send status updates to the cloud server and retrieve new commands to execute. Weak and incorrectly implemented authentication between device and cloud is often the point of failure that can be exploited to either attack the cloud infrastructure or the device. So far, destructive attacks are not common and are mostly limited to distributed denial-of-service attacks, which do not cause permanent damage. But future attacks, if they are combined with ransom demands, may destroy devices intentionally.

Breaches of cloud storage that modify data instead of just "stealing" it and vulnerabilities in microservices environments are other areas in which attackers may get more leverage. With the emergence of cloud-based microservices, this problem will only become worse. Instead of including a library in software shipped to clients, the software now relies on cloud-based web services to perform certain functions. We look at what is coming next and ways to mitigate these cybersecurity attacks. Continue Reading

Hacked CCTV cameras in DC before inauguration leave unanswered questions

The Washington, D.C., Police Department spotted hacked CCTV cameras before the inauguration and has remediated the ransomware, but questions still surround the attack. Continue Reading

Recent ransomware attacks: Data shows 50% growth in 2016

 Continue Reading

Looming cloud security threats: How attacks will follow your data

 Continue Reading

How does Stampado ransomware spread to external drives?

The Stampado ransomware is a low-cost threat to networks and external drives. Expert Matthew Pascucci explains how Stampado works and how enterprises should handle it. Continue Reading

Carbanak gang using Google services for command and control

Researchers find the Carbanak gang has evolved its attacks on financial institutions to use Google services for command and control infrastructure in malware. Continue Reading

How does RIPPER ATM malware use malicious EMV chips?

RIPPER malware has been found responsible for the theft of $378,000 from ATMs in Thailand. Expert Nick Lewis explains how this ATM malware works. Continue Reading

Risk & Repeat: Doxware emerges as a new threat to data privacy

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the emergence of doxware and extortionware and what that means for enterprises and their employees. Continue Reading

Insecure MongoDB configuration leads to boom in ransom attacks

Poor authentication in MongoDB configurations has led to a sharp increase in ransom attacks, and experts say tens of thousands of databases could be at risk. Continue Reading

Insider Edition: Attaining security for IoT, through discovery, identity and testing

Ever since the internet of things became a "thing," the potential for abuse has been well documented; how best to achieve security for IoT is not yet clear. This Insider Edition of Information Security magazine tackles that second issue head on.

In three feature stories, our experts examine the key aspects closely related to IoT security: device discovery, IoT identity and IoT security testing. It's basic to security that, to devise a proper security strategy, a security team must possess an accurate record of what exactly needs to be secured. The challenge when it comes to security for IoT is in cataloging, assessing and classifying devices that can number into the thousands and are often located outside an enterprise's physical boundaries. Certain industries, such as healthcare, are well into tackling this challenge. But increasingly more companies of all sizes will have to give the issue careful attention. Discovery involves identity issues, another focus of this edition, and once a security team has refined their IoT security policy, the next logical step is to implement a process of IoT security testing.

Readers of this Insider Edition will come away with a deeper understanding of how to approach security for IoT, from how to create a compilation of what needs to be secured to how to set up a successful security testing process. When it comes to internet of things security, the threat of breaches may never be fully eliminated, but the odds that enterprises will thwart attacks can be improved through proper policy and security systems.

 Continue Reading

How are hackers using Twitter as C&C servers for malware?

C&C servers have been replaced with Twitter accounts, which spread the Android Trojan Twitoor to user devices. Expert Michael Cobb explains how to stop this attack. Continue Reading

Doxware: New ransomware threat, or just extortionware rebranded?

The threat of ransomware continues to evolve, with a new spin on extortionware, called doxware, that's designed to target and potentially expose sensitive data of ransomware victims. Continue Reading

What should happen after an employee clicks on a malicious link?

The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack. Continue Reading

SF Municipal Railway restores systems after ransomware attack

The San Francisco Municipal Transportation Authority restored systems without paying following a ransomware attack that allowed free rides for travelers over the weekend. Continue Reading

Chinese company caught preinstalling Android spyware on budget devices

A Chinese company was found to be preinstalling Android spyware on budget smartphones and collecting phone call and messaging data without consent. Continue Reading

How can users protect mobile devices from SandJacking attacks?

Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this attack. Continue Reading

Pegasus iOS exploit uses three zero days to attack high-value targets

A new remote iOS exploit called Pegasus leverages three zero days in what appear to be state-sponsored targeted attack campaigns against political dissidents. Continue Reading

What new Asacub Trojan features should enterprises watch out for?

The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching out for. Continue Reading

Ransomware worm raises concerns for enterprise security

In this Risk & Repeat podcast, SearchSecurity editors break down the discovery of the ZCryptor ransomware worm and what it means for future ransomware threats. Continue Reading

Detecting and Combating Malicious Email

In this excerpt of Detecting and Combating Malicious Email, authors Julie JCH Ryan and Cade Kamachi discuss the elements of an email structure and touch on how attackers can use these elements to trick unwitting victims. Continue Reading

How does the new voicemail phishing scam work?

A new phishing scam uses voicemail notification emails to spread malware. Expert Nick Lewis explains how this attack works and how enterprises can prevent it. Continue Reading

Introduction to vulnerability management tools

Expert Ed Tittel explores how vulnerability management tools can help organizations of all sizes uncover defense weaknesses and close security gaps before they are exploited by attackers. Continue Reading

Symantec Messaging Gateway and Symantec Email Security.cloud: Product overview

Expert Karen Scarfone examines the Symantec Messaging Gateway and Symantec Email Security.cloud email security gateway products that detects and blocks messages that contain suspicious content and threats. Continue Reading

Proofpoint Enterprise Protection: Product overview

Expert Karen Scarfone examines the Proofpoint Enterprise Protection email security gateway product, which scans inbound and outbound email messages for malware, phishing and spam threats. Continue Reading

McAfee Email Protection, Security for Email Servers: Product overview

Expert Karen Scarfone reviews the McAfee Email Protection and McAfee Security for Email Servers products that are used for monitoring, blocking and quarantining email messages. Continue Reading

Clearswift SECURE Email Gateway: Product overview

Expert Karen Scarfone reviews the Clearswift SECURE Email Gateway product, which monitors incoming and outgoing emails. Continue Reading

Fortinet FortiMail: Product overview

Expert Karen Scarfone reviews the Fortinet FortiMail email security gateway product that is used for monitoring email messages on behalf of an organization. Continue Reading

Cisco Email Security Appliance: Product overview

Expert Karen Scarfone reviews Cisco's Email Security Appliance product that is designed for detecting and blocking email-borne threats. Continue Reading

Amex credit card hack predicts replacement card number

Samy Kamkar found a weakness in the algorithm American Express uses to generate replacement card information and created a credit card hack as a proof-of-concept. Continue Reading

WMI tools make the perfect crime 'malware-free'

Security researchers claim that attackers are abusing a longstanding administrative tool in the Windows operating system. With no telltale signs of malware, how can you stop it? Continue Reading

The malware lifecycle: Knowing when to analyze threats

Not responding to low-level threats can be perilous, yet enterprises can't always examine each issue. Expert Nick Lewis explains when an investigation is imperative. Continue Reading

Emerging security threats you're up against now

Learn about the 'hacking as a service' and other emerging security threats. Continue Reading

Cyber Reconnaissance, Surveillance and Defense

In this excerpt of Cyber Reconnaissance, Surveillance and Defense, author Robert Shimonski describes commonly used mobile technology and how phone tracking works. Continue Reading

How can power consumption-tracking malware be avoided?

Malware authors are using power consumption tracking-malware to eavesdrop on and attack mobile devices. Expert Nick Lewis explains the threat and how to defend against it. Continue Reading

Network anomaly detection: The essential antimalware tool

Traditional perimeter defenses are no longer enough; network anomaly detection tools are now essential in the battle against advanced malware. Continue Reading

Duqu malware makes a comeback and infiltrates Kaspersky systems

The first strain of Duqu malware was found in late 2011. Now three and a half years later, Duqu 2.0 has emerged and is exploiting as many as three zero-day vulnerabilities in a new attack campaign. Continue Reading

New cyberthreats: Defending against the digital invasion

The confluence of the Internet of Things and bring your own device may turn into a beachhead for attackers. Continue Reading

Amid Apple Pay fraud, banks scramble to fix Yellow Path process

Banks are rushing to fix sloppy authentication processes at the heart of rising Apple Pay fraud. Experts also worry about potential fraud with other mobile payment systems. Continue Reading

Understanding and responding to POS malware

Organizations must confront threats like Backoff malware to their point-of-sale systems. This guide reviews the POS malware dangers out there and offers remediation tactics. Continue Reading

Targeted Cyber Attacks

In this excerpt of Targeted Cyber Attacks, authors Aditya Sood and Richard Enbody outline the cyberattack model and different vectors used to attack targets. Continue Reading

How vulnerable is Silverlight security?

Microsoft Silverlight has been in the spotlight due to an increase in the number of exploit kits it is included in. Expert Nick Lewis explains the threat's severity and how to mitigate it. Continue Reading

Command-and-control servers: The puppet masters that govern malware

Are there shadow networks within your enterprise? Stop malware by shutting down command-and-control communication channels. Continue Reading

NSA TAO: What Tailored Access Operations unit means for enterprises

The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses. Continue Reading

Femtocell security: Defending against a femtocell hack

The risk of a femtocell hack is a real enterprise concern. Nick Lewis explains why and explores how to defend against an attack. Continue Reading

Locking the backdoor: Reducing the risk of unauthorized system access

Rampant backdoors in enterprise IT products too often provide unauthorized access to attackers and governments. Learn how to defend against the risks. Continue Reading

Heap spray attacks: Details and mitigations for new techniques

Expert Nick Lewis details a new heap spray attack technique and provides mitigations for both new and old heap spray attacks. Continue Reading

Inside the BREACH attack: How to avoid HTTPS traffic exploits

Enterprise threats expert Nick Lewis examines how the BREACH attack exploits HTTPS traffic and what enterprises can do to mitigate the attack risk. Continue Reading

Can an unqualified domain name cause man-in-the-middle attacks?

An unqualified domain name can make reaching internal resources easier, but expert Michael Cobb warns that man-in-the-middle attacks could result. Continue Reading

Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz. Continue Reading

Antivirus evasion techniques show ease in avoiding antivirus detection

In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed. Continue Reading

Locate IP address location: How to confirm the origin of a cyberattack

What's the best way to determine the origin of a cyberattack? Expert Nick Lewis weighs in. Continue Reading

Tips on how to remove malware manually

In this expert response, Nick Lewis explains how to remove malware manually, step by step. Continue Reading

Operation Aurora: Tips for thwarting zero-day attacks, unknown malware

In December 2009, Google, Adobe and other companies were the victims of a damaging cyberattack called Operation Aurora. In this tip, expert Nick Lewis outlines the lessons learned from this attack, and how companies can avoid falling victim to similar attacks. Continue Reading

How to defend against rogue DHCP server malware

Rogue DHCP server malware is a new twist on an old concept. The good news is that effective threat mitigation strategies exist; the bad news is that many organizations haven't bothered to deploy them. Continue Reading

What are the security risks of opening port 110 and port 25?

If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions. Continue Reading

Is it impossible to successfully remove a rootkit?

In this expert Q&A, Michael Cobb takes a closer a look at the nature of rootkits to see why they can be so difficult to remove. Continue Reading

Built-in Windows commands to determine if a system has been hacked

In this tip, contributor Ed Skoudis identifies five of the most useful Windows command-line tools for machine analysis and discusses how they can assist administrators in determining if a machine has been hacked. Continue Reading

Ten hacker tricks to exploit SQL Server systems

SQL Server hackers have a medley of tricks and tools to gain access to your database systems. Learn their techniques and test SQL Server security before they do. Continue Reading

Cleansing an infected mail server

Learn five measures you can take to when cleaning up a massive email virus infection Continue Reading

How to avoid dangling pointers: Tiny programming errors leave serious security vulnerabilities

For years, many have said that there is no practical way to exploit a dangling pointer, a common application programming error. But these software bugs should no longer be thought of as simple quality-assurance problems. Michael Cobb explains how the threat has grown and reveals the techniques that can keep pointers from dangling helplessly in the wind. Continue Reading

How secure are document scanners and other 'scan to email' appliances?

Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse) of these devices. Continue Reading