Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
Opinion
06 Dec 2023
How organizations can learn from cloud security breaches
Research shed light on cloud security breaches. It's time to learn from the past and mitigate these attacks in the future with strong cloud security and posture management. Continue Reading
-
News
06 Dec 2023
Forescout uncovers 21 Sierra Wireless router vulnerabilities
Forescout is urging enterprises to patch software for affected OT/IoT routers as attackers increasingly target edge devices to gain network access to critical infrastructure. Continue Reading
-
Answer
11 Sep 2017
How is Pegasus malware different on Android than on iOS?
Pegasus malware used to only target iOS devices, but a variant called Chrysaor now goes after Android devices, too. Expert Michael Cobb explains what users need to know about it. Continue Reading
-
News
08 Sep 2017
Six new vulnerabilities in Android bootloaders uncovered
News roundup: Researchers used the new BootStomp tool to uncover six vulnerabilities in Android bootloaders. Plus, a new wave of AWS S3 bucket data leaks strikes and more. Continue Reading
-
News
07 Sep 2017
Dragonfly 2.0 hacker group seen targeting U.S. power grid
Security researchers claim to be tracking a threat group called Dragonfly 2.0 hacker group that has been attacking critical infrastructure and setting up persistent infections on ICS networks. Continue Reading
-
Feature
01 Sep 2017
Why WannaCry and other computer worms may inherit the earth
A vast majority of APT attacks and malware delivery happens via spear phishing. But worms have always had a place in the toolkit when the delivery method fit the mission. Continue Reading
-
E-Zine
01 Sep 2017
Interception threatens TLS security; now what?
As global cyberattacks have exploded in recent months, the speed of infection is causing damage, not only to targeted industries and nation states, but to corporate valuations. In June, FedEx warned that the Petya cyberattack, which disrupted operations at its TNT Express subsidiary, may have "material impact" on the company's 2017 financial performance. Merck & Co. Inc., another victim of the cyberattack, issued a similar warning. A Trojan that morphed into a worm, Petya -- sometimes called NotPetya -- brought increased attention to the lack of security fundamentals practiced at major companies.
The majority of these threats enter networks through malware delivered via the internet. However, as the growth of HTTPS deployment continues, some companies are increasingly using Transport Layer Security (TLS) interception by middleboxes to maintain visibility into TLS security and malicious software. Researchers from top universities and technology companies, including Google, Mozilla and Cloudflare, published an HTTPS interception study in April that offered startling statistics on TLS security.
In this issue of Information Security magazine, we look at how worms play a role in advanced persistent threats and the ongoing issues related to HTTPS inspection and TLS security.
Continue Reading -
News
31 Aug 2017
Spambot email leak compromises 711M records
An email leak containing 711 million records was found in a breach of a spambot list stored in the Netherlands and included both addresses and passwords used to access email accounts. Continue Reading
-
Tip
31 Aug 2017
How NotPetya ransomware used legitimate tools to move laterally
WannaCry and NotPetya ransomware woke enterprises up to an expanded threat landscape. Expert Michael Cobb explains these threats and what enterprises can do to stop them. Continue Reading
- 28 Aug 2017
-
Answer
24 Aug 2017
ATMitch malware: Can fileless ATM malware be stopped?
How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it spreads. Continue Reading
-
Answer
23 Aug 2017
DoubleAgent malware could turn antivirus tools into attack vector
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains how to contain the threat. Continue Reading
-
Podcast
23 Aug 2017
Risk & Repeat: Was the DNC hack an inside job?
In this week's Risk & Repeat podcast, SearchSecurity editors examine claims from intelligence veterans that the DNC hack was an inside job, and not the work of Russian hackers. Continue Reading
-
Tip
22 Aug 2017
Destruction of service: How ransomware attacks have changed
New ransomware variants have introduced another threat to enterprises. Rob Shapland explains what destruction of service attacks are and how organizations should prepare for them. Continue Reading
-
Answer
21 Aug 2017
How does the MajikPOS malware evade detection?
A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how to defend against it. Continue Reading
-
Answer
17 Aug 2017
How does CrashOverride malware threaten industrial control systems?
CrashOverride malware targets industrial control systems and can wreak havoc. Expert Judith Myerson explains the capabilities of the malware and what to do to stop it. Continue Reading
-
Podcast
16 Aug 2017
Risk & Repeat: MalwareTech indictment raises questions
In this week's Risk & Repeat podcast, SearchSecurity editors explore the FBI's case against security researcher Marcus Hutchins, better known as MalwareTech. Continue Reading
-
Answer
14 Aug 2017
How can VMware vulnerabilities in vSphere expose credentials?
Two VMware vulnerabilities in vSphere Data Protection were recently patched. Expert Judith Myerson explains how the flaws work and how to defend against them. Continue Reading
-
Answer
10 Aug 2017
Libpurple flaw: How does it affect connected IM clients?
The libpurple library contains a code execution vulnerability that affects the IM clients that were developed using it. Expert Michael Cobb explains how the flaw works. Continue Reading
-
News
04 Aug 2017
Ransomware recovery goes beyond data loss for enterprises
Enterprises may see paying up as a quick path to ransomware recovery, but experts said there are many issues to consider when making that choice. Continue Reading
-
Podcast
02 Aug 2017
Risk & Repeat: Black Hat 2017 highlights
In this week's Risk & Repeat podcast, SearchSecurity editors recap Black Hat 2017 and discuss some of the big news from the event, including the Broadpwn remote exploit. Continue Reading
-
News
28 Jul 2017
Who are the Shadow Brokers? Signs point to an intelligence insider
At Black Hat 2017, security researcher Matt Suiche analyzed the Shadow Brokers dumps, postings and behavior to get to the bottom of one of the infosec industry's biggest questions. Continue Reading
-
Answer
28 Jul 2017
Poison Ivy RAT: What new delivery techniques are attackers using?
A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that enterprises should look out for. Continue Reading
-
News
27 Jul 2017
Phishing research shows troubling trends for enterprise users
Karla Burnett of Stripe presented sobering results of phishing research from her company at Black Hat 2017, suggesting phishing training is ineffective against today's threats. Continue Reading
-
News
27 Jul 2017
Industroyer malware a turning point for ICS security
Security researchers at Black Hat 2017 analyzed the Industroyer malware, the attack on Ukraine's power grid and what it means for industrial control system security in the U.S. Continue Reading
-
Answer
27 Jul 2017
What tools were used to hide fileless malware in server memory?
Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the wider fileless malware trend. Continue Reading
-
News
26 Jul 2017
At Black Hat 2017, an industry hits a milestone and finds new directions
Long a conference that has thrived on technical sophistication and nuanced attacks, Black Hat USA 2017 in Las Vegas also found room for softer themes. Continue Reading
-
Feature
25 Jul 2017
Advanced Persistent Security
In this excerpt from chapter seven of Advanced Persistent Security, authors Araceli Treu Gomes and Ira Winkler discuss the different threats facing organizations. Continue Reading
-
Answer
21 Jul 2017
How do the malware implants RedLeaves and PlugX work?
Malware implants RedLeaves and PlugX infected networked systems in multiple industries and leveraged stolen administrator credentials. Expert Judith Myerson explains how it works. Continue Reading
-
Answer
20 Jul 2017
How can users protect themselves from the DocuSign phishing email?
A DocuSign phishing email with a link to a malicious Word document recently targeted the company's users. Expert Judith Myerson outlines six ways to avoid this type of attack. Continue Reading
-
News
13 Jul 2017
Petya malware behavior may change based on AV installed
Researchers found changes in malware behavior when Petya detected certain security products, but experts are unsure why these features might exist. Continue Reading
-
News
07 Jul 2017
Tax software backdoor allowed NotPetya ransomware attacks
Researchers analyze the software backdoor used to deliver NotPetya ransomware to Ukraine targets, while the threat actors behind the attacks ask for more money. Continue Reading
-
Tip
06 Jul 2017
How WannaCry malware affects enterprises' ICS networks
WannaCry malware has been plaguing organizations across the world. Expert Ernie Hayden explains how this ransomware threatens ICS networks and their security. Continue Reading
-
Podcast
05 Jul 2017
Risk & Repeat: NotPetya ransomware raises the stakes
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the NotPetya ransomware, its impact and the growing trend of sophisticated ransomware attacks. Continue Reading
-
Answer
03 Jul 2017
How does the Antbleed backdoor vulnerability work?
Antbleed, a backdoor vulnerability, was discovered in bitcoin mining equipment. Expert Matthew Pascucci explains how the Bitmain flaw works and how it can be prevented. Continue Reading
-
News
30 Jun 2017
The ELSA project enables hackers to track and store geolocation data
News roundup: The ELSA project -- one of the released CIA hacking tools -- can track device locations. Plus, Senators move to ban Kaspersky Lab products from the military, and more. Continue Reading
-
News
30 Jun 2017
NotPetya ransomware trend moving toward sophistication
NotPetya represented advanced malware compared to its cousin WannaCry, but also showed sophistication that experts worry may be a ransomware trend. Continue Reading
-
News
28 Jun 2017
Petya ransomware scam: Lost files can't be restored
Researchers discovered the rash of Petya-like attacks are nothing more than a ransomware scam, and list files are impossible to restore. Continue Reading
-
News
28 Jun 2017
Petya-like global ransomware attack can be mitigated
A new global ransomware attack has been spreading quickly using the same exploits as WannaCry, but researchers have already found ways to protect users from the damage. Continue Reading
-
Answer
23 Jun 2017
Fruitfly Mac malware: How does its decades-old code work?
The Fruitfly Mac malware has decades-old code, but has been conducting surveillance attacks for over two years without detection. Expert Nick Lewis explains how it works. Continue Reading
-
Answer
21 Jun 2017
What are HummingWhale malware's new ad fraud features?
A HummingBad malware variant, HummingWhale, was discovered being spread through 20 apps on the Google Play Store. Expert Nick Lewis explains the malware's new features. Continue Reading
-
News
20 Jun 2017
Valerie Plame warns of increased nation-state cyberattacks
At the 2017 Cloud Identity Summit, former covert CIA officer Valerie Plame discussed the increasing risks of nation-state cyberattacks focused on geopolitical influence. Continue Reading
-
Podcast
14 Jun 2017
Risk & Repeat: Comey warns of more election hacking
In this week's Risk & Repeat podcast, SearchSecurity editors discuss former FBI Director James Comey's testimony on election hacking and election interference from Russia. Continue Reading
-
Answer
13 Jun 2017
How can Bosch's diagnostic dongle be leveraged by hackers?
Hacks on a car's diagnostic dongle can completely take over the vehicle and even shut off the engine. Expert Judith Myerson explains how this works and how to prevent it from happening. Continue Reading
-
News
13 Jun 2017
CrashOverride ICS attack targets vulnerable electrical grid
Researchers discovered new details of a Kiev ICS attack from December using CrashOverride malware that could be used to disrupt an insecure electrical grid. Continue Reading
-
News
12 Jun 2017
Q&A: Cyber attribution matters, RSA GM Peter Tran says
RSA's GM Peter Tran sheds light on the value of cyber attribution, explains why the 'how' and 'why' of an attack may be more important than finding who did it. Continue Reading
-
Answer
12 Jun 2017
How do attackers use Microsoft Application Verifier for hijacking?
Attackers found a way to use Microsoft Application Verifier to hijack security products, like antivirus tools. Expert Judith Myerson explains how it's done and what to do to stop it. Continue Reading
-
Podcast
08 Jun 2017
Risk & Repeat: Shadow Brokers launch zero-day exploit service
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Shadow Brokers' monthly service for zero-day exploits and how it may affect enterprise security efforts. Continue Reading
-
Tip
08 Jun 2017
Embedded malware: How OLE objects can harbor threats
Nation-states have been carrying out attacks using RTF files with embedded malware. Expert Nick Lewis explains how OLE technology is used and how to protect your enterprise. Continue Reading
-
Answer
08 Jun 2017
The Apple Notify flaw: How does it allow malicious script injection?
Flaws in the Apple Notify function and iTunes can enable attackers to inject malicious script into the application side. Expert Michael Cobb explains how these vulnerabilities work. Continue Reading
-
News
07 Jun 2017
Election cyberattack proves people are still the biggest flaw
A new NSA leak allegedly shows Russian agents engaged in election cyberattacks against local U.S. governments and proves people are still the hardest cybersecurity risk to mitigate. Continue Reading
-
News
31 May 2017
Shadow Brokers dump crowdfunding raises ethical questions
The prospect of monthly NSA cyberweapons leaks in new Shadow Brokers dump raises questions about the ethics of paying criminals for stolen goods. Continue Reading
-
News
26 May 2017
Voting machine hacking to be taken on at DEFCON 2017
Possible voting machine hacking has been a topic of conversation since before the 2016 election and at DEFCON 2017; professional pentesters will find out what damage can be done. Continue Reading
-
Answer
26 May 2017
How can customer service staff spot social engineering email attacks?
Social engineering emails targeted at customer service staff have led to the spread of the August malware. Expert Nick Lewis explains how to identify and mitigate these attacks. Continue Reading
-
Answer
25 May 2017
How does Gooligan malware compromise Google accounts?
Android apps infected with Gooligan malware enable attackers to compromise the security of Google accounts. Expert Nick Lewis explains how users can protect themselves. Continue Reading
-
News
24 May 2017
Seven NSA cyberweapons used in EternalRocks exploit
Following the worldwide impact of WannaCry, EternalRocks arrived abusing seven NSA cyberweapons but holding back on its malicious intent. Continue Reading
-
News
24 May 2017
WannaCry ransomware decryptor brings hope to victims
Security researchers uncovered more info on how WannaCry spread, and a ransomware decryptor emerged to save files for those affected. Continue Reading
-
Answer
22 May 2017
Switcher Android Trojan: How does it attack wireless routers?
The Switcher Trojan spreads to Android devices through the wireless router to which they are connected. Expert Nick Lewis explains how this attack is carried out. Continue Reading
-
Answer
18 May 2017
What is the SS7 protocol and what are its security implications?
The SS7 protocol has been a source of controversy lately because of its security vulnerabilities. Expert Judith Myerson explains what the protocol is and what its issues are. Continue Reading
-
News
16 May 2017
Microsoft slams NSA over cyberweapon in WannaCry ransomware
Microsoft blames the U.S. government for cyberweapon stockpiling as WannaCry ransomware infections continue to spread, though some experts say Microsoft shares responsibility. Continue Reading
-
News
15 May 2017
WannaCry ransomware prompts legacy MS17-010 patch
Microsoft responds to WannaCry ransomware with an MS17-010 patch for legacy systems as new ransomware variants spread to more countries around the globe. Continue Reading
-
News
11 May 2017
Android clickjacking attacks possible from Google Play apps
Google implemented clickjacking attack mitigations in Android but left a potential avenue for malicious actors that won't be fixed until Android O is released. Continue Reading
-
News
05 May 2017
New types of ransomware innovate to find opportunity
There is no shortage of new types of ransomware, many with unique features, and experts say it's an exercise in innovation and finding revenue opportunity. Continue Reading
-
Answer
04 May 2017
Why did the PHPMailer library vulnerability have to be patched twice?
After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the critical vulnerability works. Continue Reading
-
News
04 May 2017
Google Docs phishing attack grants attacker full Gmail access
A Google Docs phishing attack abused OAuth to give malicious actors full access to a victim's Gmail account and contacts, but Google claims to have blocked the attacks. Continue Reading
-
Answer
01 May 2017
Panasonic Avionics IFE systems: How serious are the vulnerabilities?
Panasonic Avionics' in-flight entertainment system vulnerabilities allow attackers to tamper with passenger seat displays. Expert Michael Cobb explains the impact of these flaws. Continue Reading
-
Podcast
28 Apr 2017
Risk & Repeat: More Equation Group cyberweapons leaked
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the latest round of Equation Group cyberweapons and how Microsoft patched them. Continue Reading
-
Feature
27 Apr 2017
Handbook of System Safety and Security
In this excerpt from chapter 10 of Handbook of System Safety and Security, editor Edward Griffor discusses cloud and mobile cloud architecture and security. Continue Reading
-
Answer
26 Apr 2017
How does the boot mode vulnerability in Android work?
A boot mode vulnerability allowed attackers to eavesdrop on calls made on certain Android devices. Expert Judith Myerson explains how the complex exploit works. Continue Reading
-
News
25 Apr 2017
NSA spyware found infecting tens of thousands worldwide
A new security tool will let users scan their systems for the presence of NSA spyware found in the latest Equation Group leak, and tens of thousands are already infected. Continue Reading
-
News
21 Apr 2017
Hajime worm fights the forces of evil IoT malware, maybe
News roundup: The Hajime worm is the nicer, sneakier brother of Mirai malware. Plus, the FBI and CIA hunt for the Vault 7 whistleblower, Symantec adds to Zscaler lawsuit, and more. Continue Reading
-
Answer
20 Apr 2017
How does Exaspy spyware disguise itself on Android devices?
Exaspy spyware, which can access messages, video chats and more, was found on Android devices owned by executives. Expert Nick Lewis explains how Exaspy is able to avoid detection. Continue Reading
-
News
18 Apr 2017
Shadow Brokers' Windows exploits target unsupported systems
A new release of NSA cyberweapons falls flat, as Windows exploits from the Shadow Brokers have mostly been patched. But unsupported systems are still at risk. Continue Reading
-
News
14 Apr 2017
Shadow Brokers release SWIFT banking and Windows exploits
The Shadow Brokers released another cache of cyberweapons linked to the Equation Group, including Windows exploits and attack details for the SWIFT banking system. Continue Reading
-
News
13 Apr 2017
U.S. election hacking not an act of cyberwarfare, experts say
The government needs a better definition for an act of cyberwarfare, says ex-CIA Director Michael Hayden, because he doesn't think the U.S. election hacking applies. Continue Reading
-
News
11 Apr 2017
CIA Vault 7 tools attributed to hacking group for years
Security researchers said the CIA Vault 7 tools and techniques are linked to cyberattacks over the past six years targeting various foreign entities. Continue Reading
-
News
05 Apr 2017
Pegasus malware expands from iOS to Android
One of the more malicious iOS threats -- Pegasus malware -- has made its way to Android devices and it has some dangerous new tricks in its arsenal. Continue Reading
-
Feature
04 Apr 2017
Five criteria for purchasing from threat intelligence providers
Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs. Continue Reading
-
Feature
03 Apr 2017
Politics of cyber attribution pose risk for private industry
Why nation-state attribution plays a major role in the U.S. government's willingness to share cyberthreat intelligence with private-sector companies. Continue Reading
-
Answer
03 Apr 2017
How did firmware create an Android backdoor in budget devices?
An Android backdoor was discovered in the Ragentek firmware used in almost three million low-cost devices. Expert Michael Cobb explains how to prevent attacks on affected devices. Continue Reading
-
Answer
30 Mar 2017
How did vulnerabilities in AirWatch Agent and Inbox work?
Flaws in AirWatch Agent and AirWatch Inbox allowed rooted devices to bypass the software's security measures. Expert Matthew Pascucci explains how these vulnerabilities worked. Continue Reading
- 30 Mar 2017
-
News
24 Mar 2017
Cisco issues fix for Vault 7 vulnerability without help from WikiLeaks
News roundup: Cisco fixes a Vault 7 flaw unaided, despite WikiLeaks' pledge to work with vendors. Plus, LastPass flaws leak user data; Apple held hostage by hackers; and more. Continue Reading
-
Answer
24 Mar 2017
How does the Locky ransomware file type affect enterprise protection?
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust protections for this shift. Continue Reading
-
Answer
23 Mar 2017
Hajime malware: How does it differ from the Mirai worm?
Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime differs from Mirai. Continue Reading
-
Answer
22 Mar 2017
How does the Drammer attack exploit ARM-based mobile devices?
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ARM processors. Continue Reading
-
Answer
21 Mar 2017
How can attackers turn Instagram into C&C infrastructure?
An Instagram application can be turned into C&C infrastructure with the help of image steganography malware attacks. Expert Nick Lewis explains how this works. Continue Reading
-
News
17 Mar 2017
Patched Apache Struts vulnerability exploited in the wild
News roundup: An Apache Struts vulnerability is still being exploited, despite being patched. Plus, WhatsApp and Telegram release patches; Assange contacts Microsoft; and more. Continue Reading
-
News
14 Mar 2017
Is the antivirus industry dead? Experts weigh in
RSAC 2017: With malware-detecting software increasingly coming under fire for vulnerabilities, find out what the experts had to say about the future of the antivirus industry. Continue Reading
-
Answer
07 Mar 2017
How can the Dirty COW vulnerability be used to attack Android devices?
A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack. Continue Reading
-
Answer
03 Mar 2017
What's the best corporate email security policy for erroneous emails?
If an employee receives invalidated emails, should the corporate email security policy handle it? Expert Matthew Pascucci discusses the rights of the enterprise. Continue Reading
-
Tip
02 Mar 2017
What to consider about signatureless malware detection
Endpoint security is changing into signatureless malware detection and protection. Expert Matthew Pascucci discusses the transition away from signatures. Continue Reading
-
Report
01 Mar 2017
Ransomware costs not limited to ransoms, research shows
The financial fallout from ransomware involves more than bitcoins, one study found. Targeted companies invest in security technology and fear loss of reputation and customers. Continue Reading
- 24 Feb 2017
- 24 Feb 2017
-
Answer
23 Feb 2017
IoT malware: How can internet-connected devices be secured?
IoT botnet DDoS attacks have been growing in volume and impact. Expert Nick Lewis explains how you can ensure your internet-connected devices are secure from IoT malware. Continue Reading
-
Answer
22 Feb 2017
How can obfuscated macro malware be located and removed?
A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to find and remove this malware. Continue Reading
-
Answer
20 Feb 2017
How can open FTP servers be protected from Miner-C malware?
Enterprises with open FTP servers are being targeted by Miner-C malware for crypto coin mining activities. Expert Nick Lewis explains how enterprises can protect their servers. Continue Reading
-
News
16 Feb 2017
Connected medical devices spark debate at RSA Conference session
An RSA Conference session on a new attack on connected medical devices led to a spirited debate on vulnerability disclosure and manufacturer responsibility. Continue Reading
-
Blog Post
15 Feb 2017
Christopher Young: Don't sleep on the Mirai botnet
RSA Conference 2017 was full of talk about future IoT attacks, but Intel Security's Christopher Young said the Mirai botnet is still an enormous threat and demonstrated why that is. Continue Reading
-
News
14 Feb 2017
Microsoft: Nation-state cyberattacks have changed the security game
Microsoft's Brad Smith spoke at RSA Conference 2017 about the effects of nation-state cyberattacks and what businesses and governments can do about them. Continue Reading
-
News
13 Feb 2017
Ransomware threat continues to evolve, defense needs to catch up
With the rapid expansion of the ransomware threat landscape, defenders are scrambling to find ways to fight back. RSAC 2017 dedicated a full day for a ransomware seminar. Continue Reading