Threats and vulnerabilities

How does RIPPER ATM malware use malicious EMV chips?

RIPPER malware has been found responsible for the theft of $378,000 from ATMs in Thailand. Expert Nick Lewis explains how this ATM malware works. Continue Reading

Risk & Repeat: Doxware emerges as a new threat to data privacy

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the emergence of doxware and extortionware and what that means for enterprises and their employees. Continue Reading

Insecure MongoDB configuration leads to boom in ransom attacks

Poor authentication in MongoDB configurations has led to a sharp increase in ransom attacks, and experts say tens of thousands of databases could be at risk. Continue Reading

Insider Edition: Attaining security for IoT, through discovery, identity and testing

Ever since the internet of things became a "thing," the potential for abuse has been well documented; how best to achieve security for IoT is not yet clear. This Insider Edition of Information Security magazine tackles that second issue head on.

In three feature stories, our experts examine the key aspects closely related to IoT security: device discovery, IoT identity and IoT security testing. It's basic to security that, to devise a proper security strategy, a security team must possess an accurate record of what exactly needs to be secured. The challenge when it comes to security for IoT is in cataloging, assessing and classifying devices that can number into the thousands and are often located outside an enterprise's physical boundaries. Certain industries, such as healthcare, are well into tackling this challenge. But increasingly more companies of all sizes will have to give the issue careful attention. Discovery involves identity issues, another focus of this edition, and once a security team has refined their IoT security policy, the next logical step is to implement a process of IoT security testing.

Readers of this Insider Edition will come away with a deeper understanding of how to approach security for IoT, from how to create a compilation of what needs to be secured to how to set up a successful security testing process. When it comes to internet of things security, the threat of breaches may never be fully eliminated, but the odds that enterprises will thwart attacks can be improved through proper policy and security systems.

 Continue Reading

How are hackers using Twitter as C&C servers for malware?

C&C servers have been replaced with Twitter accounts, which spread the Android Trojan Twitoor to user devices. Expert Michael Cobb explains how to stop this attack. Continue Reading

Doxware: New ransomware threat, or just extortionware rebranded?

The threat of ransomware continues to evolve, with a new spin on extortionware, called doxware, that's designed to target and potentially expose sensitive data of ransomware victims. Continue Reading

What should happen after an employee clicks on a malicious link?

The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack. Continue Reading

SF Municipal Railway restores systems after ransomware attack

The San Francisco Municipal Transportation Authority restored systems without paying following a ransomware attack that allowed free rides for travelers over the weekend. Continue Reading

Chinese company caught preinstalling Android spyware on budget devices

A Chinese company was found to be preinstalling Android spyware on budget smartphones and collecting phone call and messaging data without consent. Continue Reading

How can users protect mobile devices from SandJacking attacks?

Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this attack. Continue Reading

Pegasus iOS exploit uses three zero days to attack high-value targets

A new remote iOS exploit called Pegasus leverages three zero days in what appear to be state-sponsored targeted attack campaigns against political dissidents. Continue Reading

What new Asacub Trojan features should enterprises watch out for?

The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching out for. Continue Reading

Ransomware worm raises concerns for enterprise security

In this Risk & Repeat podcast, SearchSecurity editors break down the discovery of the ZCryptor ransomware worm and what it means for future ransomware threats. Continue Reading

Detecting and Combating Malicious Email

In this excerpt of Detecting and Combating Malicious Email, authors Julie JCH Ryan and Cade Kamachi discuss the elements of an email structure and touch on how attackers can use these elements to trick unwitting victims. Continue Reading

How does the new voicemail phishing scam work?

A new phishing scam uses voicemail notification emails to spread malware. Expert Nick Lewis explains how this attack works and how enterprises can prevent it. Continue Reading

Introduction to vulnerability management tools

Expert Ed Tittel explores how vulnerability management tools can help organizations of all sizes uncover defense weaknesses and close security gaps before they are exploited by attackers. Continue Reading

Symantec Messaging Gateway and Symantec Email Security.cloud: Product overview

Expert Karen Scarfone examines the Symantec Messaging Gateway and Symantec Email Security.cloud email security gateway products that detects and blocks messages that contain suspicious content and threats. Continue Reading

Proofpoint Enterprise Protection: Product overview

Expert Karen Scarfone examines the Proofpoint Enterprise Protection email security gateway product, which scans inbound and outbound email messages for malware, phishing and spam threats. Continue Reading

McAfee Email Protection, Security for Email Servers: Product overview

Expert Karen Scarfone reviews the McAfee Email Protection and McAfee Security for Email Servers products that are used for monitoring, blocking and quarantining email messages. Continue Reading

Clearswift SECURE Email Gateway: Product overview

Expert Karen Scarfone reviews the Clearswift SECURE Email Gateway product, which monitors incoming and outgoing emails. Continue Reading

Fortinet FortiMail: Product overview

Expert Karen Scarfone reviews the Fortinet FortiMail email security gateway product that is used for monitoring email messages on behalf of an organization. Continue Reading

Cisco Email Security Appliance: Product overview

Expert Karen Scarfone reviews Cisco's Email Security Appliance product that is designed for detecting and blocking email-borne threats. Continue Reading

Amex credit card hack predicts replacement card number

Samy Kamkar found a weakness in the algorithm American Express uses to generate replacement card information and created a credit card hack as a proof-of-concept. Continue Reading

WMI tools make the perfect crime 'malware-free'

Security researchers claim that attackers are abusing a longstanding administrative tool in the Windows operating system. With no telltale signs of malware, how can you stop it? Continue Reading

The malware lifecycle: Knowing when to analyze threats

Not responding to low-level threats can be perilous, yet enterprises can't always examine each issue. Expert Nick Lewis explains when an investigation is imperative. Continue Reading

Emerging security threats you're up against now

Learn about the 'hacking as a service' and other emerging security threats. Continue Reading

Cyber Reconnaissance, Surveillance and Defense

In this excerpt of Cyber Reconnaissance, Surveillance and Defense, author Robert Shimonski describes commonly used mobile technology and how phone tracking works. Continue Reading

How can power consumption-tracking malware be avoided?

Malware authors are using power consumption tracking-malware to eavesdrop on and attack mobile devices. Expert Nick Lewis explains the threat and how to defend against it. Continue Reading

Network anomaly detection: The essential antimalware tool

Traditional perimeter defenses are no longer enough; network anomaly detection tools are now essential in the battle against advanced malware. Continue Reading

Duqu malware makes a comeback and infiltrates Kaspersky systems

The first strain of Duqu malware was found in late 2011. Now three and a half years later, Duqu 2.0 has emerged and is exploiting as many as three zero-day vulnerabilities in a new attack campaign. Continue Reading

New cyberthreats: Defending against the digital invasion

The confluence of the Internet of Things and bring your own device may turn into a beachhead for attackers. Continue Reading

Amid Apple Pay fraud, banks scramble to fix Yellow Path process

Banks are rushing to fix sloppy authentication processes at the heart of rising Apple Pay fraud. Experts also worry about potential fraud with other mobile payment systems. Continue Reading

Understanding and responding to POS malware

Organizations must confront threats like Backoff malware to their point-of-sale systems. This guide reviews the POS malware dangers out there and offers remediation tactics. Continue Reading

Targeted Cyber Attacks

In this excerpt of Targeted Cyber Attacks, authors Aditya Sood and Richard Enbody outline the cyberattack model and different vectors used to attack targets. Continue Reading

How vulnerable is Silverlight security?

Microsoft Silverlight has been in the spotlight due to an increase in the number of exploit kits it is included in. Expert Nick Lewis explains the threat's severity and how to mitigate it. Continue Reading

Command-and-control servers: The puppet masters that govern malware

Are there shadow networks within your enterprise? Stop malware by shutting down command-and-control communication channels. Continue Reading

NSA TAO: What Tailored Access Operations unit means for enterprises

The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses. Continue Reading

Femtocell security: Defending against a femtocell hack

The risk of a femtocell hack is a real enterprise concern. Nick Lewis explains why and explores how to defend against an attack. Continue Reading

Locking the backdoor: Reducing the risk of unauthorized system access

Rampant backdoors in enterprise IT products too often provide unauthorized access to attackers and governments. Learn how to defend against the risks. Continue Reading

Heap spray attacks: Details and mitigations for new techniques

Expert Nick Lewis details a new heap spray attack technique and provides mitigations for both new and old heap spray attacks. Continue Reading

Inside the BREACH attack: How to avoid HTTPS traffic exploits

Enterprise threats expert Nick Lewis examines how the BREACH attack exploits HTTPS traffic and what enterprises can do to mitigate the attack risk. Continue Reading

Can an unqualified domain name cause man-in-the-middle attacks?

An unqualified domain name can make reaching internal resources easier, but expert Michael Cobb warns that man-in-the-middle attacks could result. Continue Reading

Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz. Continue Reading

Antivirus evasion techniques show ease in avoiding antivirus detection

In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed. Continue Reading

Locate IP address location: How to confirm the origin of a cyberattack

What's the best way to determine the origin of a cyberattack? Expert Nick Lewis weighs in. Continue Reading

Tips on how to remove malware manually

In this expert response, Nick Lewis explains how to remove malware manually, step by step. Continue Reading

Operation Aurora: Tips for thwarting zero-day attacks, unknown malware

In December 2009, Google, Adobe and other companies were the victims of a damaging cyberattack called Operation Aurora. In this tip, expert Nick Lewis outlines the lessons learned from this attack, and how companies can avoid falling victim to similar attacks. Continue Reading

How to defend against rogue DHCP server malware

Rogue DHCP server malware is a new twist on an old concept. The good news is that effective threat mitigation strategies exist; the bad news is that many organizations haven't bothered to deploy them. Continue Reading

What are the security risks of opening port 110 and port 25?

If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions. Continue Reading

Is it impossible to successfully remove a rootkit?

In this expert Q&A, Michael Cobb takes a closer a look at the nature of rootkits to see why they can be so difficult to remove. Continue Reading

Built-in Windows commands to determine if a system has been hacked

In this tip, contributor Ed Skoudis identifies five of the most useful Windows command-line tools for machine analysis and discusses how they can assist administrators in determining if a machine has been hacked. Continue Reading

Ten hacker tricks to exploit SQL Server systems

SQL Server hackers have a medley of tricks and tools to gain access to your database systems. Learn their techniques and test SQL Server security before they do. Continue Reading

Cleansing an infected mail server

Learn five measures you can take to when cleaning up a massive email virus infection Continue Reading

How to avoid dangling pointers: Tiny programming errors leave serious security vulnerabilities

For years, many have said that there is no practical way to exploit a dangling pointer, a common application programming error. But these software bugs should no longer be thought of as simple quality-assurance problems. Michael Cobb explains how the threat has grown and reveals the techniques that can keep pointers from dangling helplessly in the wind. Continue Reading

How secure are document scanners and other 'scan to email' appliances?

Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse) of these devices. Continue Reading

How can header information track down an email spoofer?

Spammers can use spoofed headers to hide the true origin of unwanted email. In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to trust where a message is coming from. Continue Reading

How can attackers exploit RSS software flaws?

RSS syndication feeds are a convenient way to get your news, blogs or other favorite content, but these popular tools are often left exposed. In this SearchSecurity.com Q&A, Ed Skoudis explains how malicious hackers can attack RSS software and distribute malicious code. Continue Reading

Balancing the cost and benefits of countermeasures

The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers. Continue Reading

Network-based attacks

The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers. Continue Reading

E-mail policies -- A defense against phishing attacks

In this excerpt of Chapter 6 from "Phishing: Cutting the Identity Theft Line," authors Rachael Lininger and Russell Dean Vines explain how e-mail policies help protect companies from phishing attacks. Continue Reading