Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
News
12 Jun 2026
What CISA's new remediation directive means for CISOs
CISA's updated directive for federal agencies compresses mandatory patching timelines to just three days for high-risk flaws, urging practitioners to 'patch smarter, not harder.' Continue Reading
-
Feature
11 Jun 2026
The prosecution gap: Why cybercrimes go unpunished
Are cybersecurity criminals simply acting with impunity? It sometimes feels like it. Learn what defenders need to know and what investigators are doing about it. Continue Reading
-
News
02 Jul 2019
Phishing-as-a-service threats abusing cloud services
According to new research, phishing kit providers are increasingly using popular cloud services to host their malicious links in an effort to conceal them from detection. Continue Reading
-
Tip
28 Jun 2019
How to beef up Office 365 email security features
Companies looking to fortify their Office 365 email security can assess options from a variety of third-party vendors. Find out which features are the most important. Continue Reading
-
News
28 Jun 2019
AI-enabled malware is coming, Malwarebytes warns
AI-driven threats may not be here yet, but a new report from Malwarebytes predicts they will be here soon and could potentially change the cybersecurity game for good. Continue Reading
-
News
26 Jun 2019
Stellar Cyber launches Starlight 3.1 for AI threat detection
Stellar Cyber, a security analytics vendor, launched Starlight 3.1 as its first unified security analytics platform, using AI and machine learning to detect and thwart attacks. Continue Reading
-
News
24 Jun 2019
DHS warns of increased Iranian cyberattacks on enterprises
The cyberthreat warning from Christopher Krebs, director of the DHS Cybersecurity and Infrastructure Security Agency, follows escalating tension between Iran and the U.S. Continue Reading
-
Tip
24 Jun 2019
4 steps to critical infrastructure protection readiness
Government and private industry share responsibility for critical infrastructure and key resources protection. Follow four steps to understand and know who you're gonna call to protect CIKR. Continue Reading
-
News
18 Jun 2019
GandCrab decryption tool helps victims recover data
The No More Ransom initiative released one last GandCrab decryption tool to help victims recover data after the ransomware was allegedly shut down by its authors. Continue Reading
-
News
14 Jun 2019
Dragos: Xenotime threat group targeting U.S. electric companies
Dragos says Xenotime, the threat group behind a devastating ICS attack in 2017, has been probing the networks of U.S. electric utilities and also attempted network intrusions. Continue Reading
-
News
13 Jun 2019
RAMBleed: New Rowhammer attack can steal data from memory
Security researchers developed a Rowhammer attack variant, called RAMBleed, that can steal data from memory and works even if systems are patched against Rowhammer. Continue Reading
-
Answer
13 Jun 2019
What is subdomain takeover and why does it matter?
Subdomain takeover exposure can happen when cloud-hosted web services are incompletely decommissioned, but configuration best practices can reduce the risks. Continue Reading
-
News
12 Jun 2019
Election security threats increasing pressure on state governments
As local and state governments continue to tackle the evolving threat landscape, experts share tips on how to improve security posture and highlight the resources available for help. Continue Reading
-
News
10 Jun 2019
Google: Triada backdoors were pre-installed on Android devices
Google detailed the discovery and process of removing Triada malware after a supply chain attack led to backdoors being preinstalled on budget phones in overseas markets. Continue Reading
-
Answer
10 Jun 2019
What is MTA-STS and how will it improve email security?
Discover how the MTA-STS specification will improve email security by encrypting messages and enabling secure, authenticated email transfers between SMTP servers. Continue Reading
-
News
06 Jun 2019
NSA issues BlueKeep warning as new PoC exploit demos
The NSA issued a rare warning for users to patch against the BlueKeep vulnerability on the same day a security researcher demoed an exploit leading to a full system takeover. Continue Reading
-
News
04 Jun 2019
Microsoft issues second BlueKeep warning urging users to patch
Microsoft again urged users to patch against the BlueKeep vulnerability as more potential exploits surface and one researcher discovered almost 1 million vulnerable systems. Continue Reading
-
News
31 May 2019
Ransomware attacks on local and state governments increasing
State and local governments are experiencing a rise in ransomware attacks. Experts sound off on what's triggering this trend and offer best practices for defense. Continue Reading
-
Tip
28 May 2019
How to find an MSP to protect you from outsourcing IT risks
Check out what questions to ask MSPs to make sure they have the right security systems in place to protect your organization against outsourcing IT risks. Continue Reading
-
News
23 May 2019
'BlueKeep' Windows Remote Desktop flaw gets PoC exploits
Multiple researchers created proof-of-concept exploits, including remote code execution attacks, targeting the recently patched Windows Remote Desktop flaw called BlueKeep. Continue Reading
-
News
16 May 2019
ZombieLoad: More side channel attacks put Intel chips at risk
Another set of side channel vulnerabilities were discovered in Intel chips. Security researchers explain the risks posed by the flaws and offer advice on mitigation steps. Continue Reading
-
Feature
16 May 2019
Words to go: GPS tracking security
GPS and location-based services may be some of the most significant recent technological advancements, but they can also put personal privacy in jeopardy. Continue Reading
-
News
14 May 2019
Verizon DBIR: Ransomware still a major threat, despite reports
The 2019 Verizon Data Breach Investigations Report challenges the wisdom that cryptomining attacks replaced ransomware as the dominant malware threat last year. Continue Reading
-
News
14 May 2019
Zero-day WhatsApp vulnerability could lead to spyware infection
A zero-day vulnerability in WhatsApp was used in targeted attacks that involved installing spyware on mobile devices, which may be the work of an advanced threat actor. Continue Reading
-
News
08 May 2019
2019 Verizon DBIR highlights cyberespionage, nation-state attacks
The 2019 Verizon Data Breach Investigations Report showed significant increases in cyberespionage and nation-state activity. It also painted a gloomy picture for email threats. Continue Reading
-
News
06 May 2019
Enterprise security threats rising, consumer attacks falling
Cybercriminals are increasingly taking aim at businesses, according to a recent Malwarebytes report. Security experts weigh in on best practices for defending against malware attacks. Continue Reading
-
Feature
01 May 2019
Huawei ban highlights 5G security issues CISOs must tackle
Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network. Continue Reading
- 01 May 2019
-
Feature
30 Apr 2019
Inside 'Master134': Propeller Ads connected to malvertising campaign
A SearchSecurity investigation determined ad network Propeller Ads played a significant role in the early stages of the Master134 malvertising campaign. Continue Reading
-
Feature
30 Apr 2019
Inside 'Master134': Ad networks' 'blind eye' threatens enterprises
Online ad networks linked to the Master134 malvertising campaign and other malicious activity often evade serious fallout and continue to operate unabated. Continue Reading
-
Feature
30 Apr 2019
'Master134' malvertising campaign raises questions for online ad firms
Malvertising and adware schemes are a growing concern for enterprises. Our deep investigation into one campaign reveals just how complicated threats can be to stop. Continue Reading
-
Feature
30 Apr 2019
Inside 'Master134': ExoClick tied to previous malvertising campaigns
Online ad network ExoClick denied any involvement in the Master134 campaign, but the company has ties to similar malvertising threats. Continue Reading
-
Feature
30 Apr 2019
Inside 'Master134': More ad networks tied to malvertising campaign
Check Point's report on the Master134 malvertising campaign implicated five ad networks, but a SearchSecurity investigation revealed more companies were involved. Continue Reading
-
Feature
30 Apr 2019
Inside 'Master134': Adsterra's history shows red flags, abuses
Adsterra denied it was involved in the Master134 malvertising campaign, but a review of the company's history reveals many red flags, including activity in a similar campaign. Continue Reading
-
Guide
29 Apr 2019
How to manage email security risks and threats
When faced with email security risks -- and who isn't? -- do you have the right tools, features, training and best practices in place to face down phishing attacks and manage other threats proactively? Start with this guide. Continue Reading
-
News
26 Apr 2019
FBI report says BEC attacks are increasing, evolving
According to the FBI's 2018 Internet Crime Report, business email compromise attacks are on the rise. Security experts highlight how BEC scams are evolving. Continue Reading
-
News
26 Apr 2019
Carbanak malware was recording video of victims' desktops
Researchers from FireEye spent hundreds of hours analyzing the Carbanak backdoor malware and its source code and were surprised by some of the features it contained. Continue Reading
-
Tip
25 Apr 2019
The top 3 email security threats and how to defuse them
Understanding the nature of the top 3 email security threats -- malware, phishing and spoofed domains -- can help reduce their impact. Continue Reading
-
News
24 Apr 2019
Flashpoint responds to evolving dark web threats
Cybersecurity firm Flashpoint updated its threat intelligence platform to better address evolving techniques and practices on the dark web, such as encrypted chat usage. Continue Reading
-
News
24 Apr 2019
Carbanak source code found on VirusTotal 2 years ago
The source code for the Carbanak backdoor was found in a VirusTotal archive two years ago, and security researchers are now sharing the analysis of the source code publicly. Continue Reading
-
News
19 Apr 2019
DNS hijacking campaign targets national security organizations
A DNS hijacking campaign targeting national security organizations and critical infrastructure may be part of a new trend, according to the researchers behind recent attacks. Continue Reading
-
News
11 Apr 2019
New Baldr information stealer could target businesses
Malwarebytes explains why the rapidly evolving info-stealer Baldr could spell trouble for businesses and consumers, and offers pointers on how to defend against such malware. Continue Reading
-
News
05 Apr 2019
Cybercrime groups continue to flourish on Facebook
Security researchers found cybercrime groups using Facebook out in the open for illegal activity and the findings are very similar to an issue Facebook had last year. Continue Reading
-
News
03 Apr 2019
'Triple threat' malware campaign combines Emotet, TrickBot and Ryuk
Cybereason sounds off on the recently discovered 'triple threat' campaign and highlights interesting features of the attack technique used by cybercriminals. Continue Reading
-
News
26 Mar 2019
CrowdStrike: Cybercrime groups joining forces to pack more punch
CrowdStrike sounds off on the enhanced partnership between the cybercrime groups behind the TrickBot and BokBot malware and explains what such collaborations signify. Continue Reading
-
News
26 Mar 2019
Asus backdoor hits targets with officially signed update
Attackers infected the official Asus Live Updater to install a malicious backdoor on hundreds of thousands of systems, with the intent of targeting a small subset of those users. Continue Reading
-
Answer
26 Mar 2019
Can PDF digital signatures be trusted?
Digital signatures on PDF documents don't necessarily guarantee their contents are valid, as new research shows viewer implementations don't always detect incomplete signatures. Continue Reading
-
News
20 Mar 2019
New Mirai malware variant targets enterprise devices
Researchers from Palo Alto Networks have spotted a new variant of the Mirai botnet that is targeting enterprise presentation systems and digital signage with 11 new exploits. Continue Reading
-
News
20 Mar 2019
Experts praise Norsk Hydro cyberattack response
Aluminum manufacturer Norsk Hydro was hit with ransomware that forced a switch to manual operations. The company's incident response has experts impressed. Continue Reading
-
Tip
20 Mar 2019
Find out whether secure email really protects user data in transit
Outside of user perceptions, how safe is secure email in terms of protecting users' data in transit? Our expert explains how much the SSL and TLS protocols can protect email. Continue Reading
-
Tip
19 Mar 2019
An introduction to building management system vulnerabilities
Understanding what a building management system is and does is important for organizations to have stronger security postures. Expert Ernie Hayden examines the BMS and its flaws. Continue Reading
-
Tip
14 Mar 2019
Nine email security features to help prevent phishing attacks
Check out nine email security features that can help protect you from phishing attacks. First, make sure they're enabled on your email system configuration, and if not, start your wish list. Continue Reading
-
News
13 Mar 2019
Election security threats loom as presidential campaigns begin
Fragile electronic voting systems and the weaponization of social media continue to menace U.S. election systems as presidential candidates ramp up their 2020 campaigns. Continue Reading
-
News
13 Mar 2019
SANS Institute: DNS attacks gaining steam in 2019
At RSA Conference 2019, experts from the SANS Institute discuss the most dangerous attack techniques they've seen, including DNS manipulation and domain fronting. Continue Reading
-
News
11 Mar 2019
Zscaler charts sharp increase in SSL threats like phishing, botnets
Threat actors are exploiting encryption protocols to deliver malicious content, according to Zscaler, which found a 400% increase in SSL-based phishing threats last year. Continue Reading
-
News
07 Mar 2019
Nation-state threats grow more sophisticated, converge on targets
Incident response experts say nation-state cyberattacks are so common that they find threat actors from multiple nations operating in the same victim environment. Continue Reading
-
Conference Coverage
07 Mar 2019
RSAC 2019: Coverage of the premiere security gathering
Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team. Continue Reading
-
News
06 Mar 2019
FBI director calls for public-private cybersecurity partnerships
At the recent RSA Conference, FBI Director Christopher Wray called for public-private partnerships to fend off cyberadversaries and threats. Continue Reading
-
Tip
01 Mar 2019
Understanding the new breed of command-and-control servers
Command-and-control servers are now using public cloud services, social media and other resources to evade detection. What should enterprises do to combat these threats? Continue Reading
-
News
01 Mar 2019
Research sparks debate over password manager vulnerabilities
Researchers found several popular password managers expose master passwords in system memory, but experts recommend consumers and enterprises should still use the products. Continue Reading
-
Tip
01 Mar 2019
Top 5 email security issues to address in 2019
The top five email security issues come from a variety of places, from email phishing to account takeovers. Our security expert recommends being vigilant and poised to take action. Continue Reading
-
Answer
25 Feb 2019
How does a WordPress SEO malware injection work and how can enterprises prevent it?
Security expert Nick Lewis explains how to prevent WordPress SEO malware injection attacks that rank the attacker's search engine results higher than legitimate webpages. Continue Reading
-
News
20 Feb 2019
ConnectWise plugin flaw exploited in ransomware attacks on MSPs
GandCrab ransomware infected several managed service providers, thanks to an old a ConnectWise manage plugin vulnerability, but a new decryptor tool is offering relief to victims. Continue Reading
-
Answer
20 Feb 2019
Is a Mirai botnet variant targeting unpatched enterprises?
New variants of popular botnets were found targeting IoT devices by Palo Alto Networks' Unit 42. Discover how these variants differ from their sources and what new risks they pose. Continue Reading
-
Answer
20 Feb 2019
Why is the N-gram content search key for threat detection?
Detected malware can now efficiently be tracked due to VirusTotal's enterprise version of its software. Discover what N-gram is and how it can be used with Nick Lewis. Continue Reading
-
Answer
20 Feb 2019
What new technique does the Osiris banking Trojan use?
A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it poses with Nick Lewis. Continue Reading
-
Blog Post
20 Feb 2019
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks. Continue Reading
-
Answer
18 Feb 2019
How does the iPhone phishing scam work?
An iPhone phishing scam leads users to believe malicious incoming calls are from Apple Support. How can enterprises protect their employee against this threat? Continue Reading
-
News
15 Feb 2019
Astaroth Trojan returns, abuses antivirus software
Cybereason's Nocturnus Research team has discovered a new strain of the Astaroth Trojan that attacks antivirus software to steal credentials. Continue Reading
-
Answer
14 Feb 2019
How did the Dirty COW exploit get shipped in software?
An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what this vulnerability can do. Continue Reading
-
Answer
08 Feb 2019
How did the Python supply chain attack occur?
A Python supply chain attack made it possible for an attacker to steal cryptocurrency. What steps should be taken to prevent incidents like this? Continue Reading
-
News
08 Feb 2019
'SpeakUp' backdoor Trojan could spell further trouble for Linux servers
Check Point Research explains why SpeakUp, the new Trojan targeting Linux servers, has the potential to unleash more harm and offers pointers on how to defend against such malware. Continue Reading
-
Feature
08 Feb 2019
USB attacks: Big threats to ICS from small devices
USB devices can carry malware that can wreak havoc on industrial control systems. Expert Ernie Hayden explores the history of USB attacks and possible mitigations. Continue Reading
-
Feature
01 Feb 2019
Battling nation-state cyberattacks in a federal leadership vacuum
Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers. Continue Reading
- 01 Feb 2019
-
Quiz
01 Feb 2019
Try this quiz on cybersecurity problems to earn CPE credit
This quiz tests your understanding of key cybersecurity issues in 2019 covered in the February issue of 'Information Security' magazine. Pass the quiz and earn CPE credit. Continue Reading
-
Feature
01 Feb 2019
Cyber NYC initiative strives to make New York a cybersecurity hub
New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation. Continue Reading
-
News
29 Jan 2019
Major Apple FaceTime bug allows audio eavesdropping
A new major FaceTime bug can allow someone to hear the other party's audio before they answer the call and the issue was reported to Apple more than a week ago. Continue Reading
-
News
29 Jan 2019
Dailymotion credential stuffing attacks lasted more than 6 days
Video-sharing website Dailymotion reset passwords for an unknown number of users following 'large-scale' credential stuffing attacks that lasted for more than six days before being stopped. Continue Reading
-
News
25 Jan 2019
DNS hijack attacks lead to government directive from DHS
Following a string of DNS hijack attacks around the globe, the Department of Homeland Security has directed federal agencies to harden defenses against DNS tampering. Continue Reading
-
Answer
24 Jan 2019
How can synthetic clicks aid a privilege escalation attack?
An Apple security expert introduced the concept of synthetic clicks, which can bypass privilege escalation defenses. Find out how this new attack technique works with Nick Lewis. Continue Reading
-
News
22 Jan 2019
DNC lawsuit claims Russian hackers attacked again after midterms
A Democratic National Committee lawsuit regarding Russian cyberattacks in the lead-up to the 2016 election now also claims Russia attacked DNC systems after the 2018 midterms. Continue Reading
-
Answer
21 Jan 2019
Man-in-the-disk attack: How are Android products affected?
Researchers from Check Point announced a new attack at Black Hat 2018 that targets Android devices. Discover how this attack works and how devices should be protected with Nick Lewis. Continue Reading
-
News
18 Jan 2019
Collection #1 breach data includes 773 million unique emails
Have I Been Pwned added a new trove of 773 million unique emails and 21 million passwords -- known as the Collection #1 breach data -- but there are questions about the freshness of the data. Continue Reading
-
News
15 Jan 2019
Ryuk ransomware poses growing threat to enterprises
Cybersecurity vendors CrowdStrike and FireEye both published new research that shows an increase in Ryuk ransomware attacks on enterprises, which have earned hackers $3.7 million. Continue Reading
-
Answer
15 Jan 2019
How was a credit card skimmer used to steal data from Newegg?
Researchers believe that malicious JavaScript code was used to steal credit card data from online retailer Newegg. Learn more about this attack with Judith Myerson. Continue Reading
-
News
11 Jan 2019
Iran implicated in DNS hijacking campaign around the world
FireEye researchers investigating a DNS hijacking campaign against governments and telecom companies said those who are potential targets of Iran should take precautions. Continue Reading
-
News
10 Jan 2019
McAfee casts doubt on Ryuk ransomware connection to North Korea
New research from McAfee refutes the connection between recent Ryuk ransomware attacks and the North Korean government. Instead, it points the finger at cybercriminals. Continue Reading
-
Podcast
10 Jan 2019
Risk & Repeat: What APT10 means for managed service providers
This week's Risk & Repeat podcast discusses how a Chinese state-sponsored threat group known as APT10 hacked into managed service providers to gain access to their clients. Continue Reading
-
Tip
10 Jan 2019
How NIST is preparing to defend against quantum attacks
The NSA has begun the transition from ECC to new algorithms to resist quantum attacks. Learn about the threat posed by quantum computing from expert Michael Cobb. Continue Reading
-
News
02 Jan 2019
Tribune Publishing cyberattack raises attribution questions
Malware hit the Tribune Publishing Company and disrupted the publication of several major newspapers, but the nature of the attack and threat actors remain unclear. Continue Reading
-
News
27 Dec 2018
Malwarebytes: Fileless ransomware an emerging threat for U.S.
A new Malwarebytes report examines Sorebrect, a fileless ransomware threat that's been detected in the U.S. this year, as well as with three other fileless attacks. Continue Reading
-
Answer
21 Dec 2018
How is SamSam ransomware using a manual attack process?
Sophos researchers believe the SamSam ransomware campaign could be the work of one or a few threat actors using manual techniques. Learn how it works and if recovery is possible. Continue Reading
-
News
20 Dec 2018
McAfee: When quantum computing threats strike, we won't know it
Quantum computing systems may not be powerful enough to break current encryption protocols, but McAfee CTO Steve Grobman says it will be tough to tell when that day arrives. Continue Reading
-
Answer
19 Dec 2018
GandCrab ransomware: How does it differ from previous versions?
A new version of GandCrab was discovered by researchers in July 2018 and involves the use of legacy systems. Learn how this version differs and who is at risk with Nick Lewis. Continue Reading
-
Answer
17 Dec 2018
Kronos banking Trojan: How does the new variant compare?
Proofpoint researchers found a Kronos variant after it targeted victims in Germany, Japan and Poland. Learn how this variant compares to the original banking Trojan with Nick Lewis. Continue Reading
-
News
14 Dec 2018
Facebook API bug exposed photos of 6.8 million users
GDPR regulators are already investigating a new Facebook API bug the social media giant announced Friday that might have exposed photos belonging to up to 6.8 million users. Continue Reading
-
Answer
14 Dec 2018
How does the new Dharma Ransomware variant work?
Brrr ransomware, a Dharma variant, was found adding malicious extensions to encrypted files. Discover how this is possible and how this attack can be mitigated with Judith Myerson. Continue Reading
-
News
13 Dec 2018
Operation Sharpshooter targets infrastructure around the world
Operation Sharpshooter is a recently discovered global cyberattack campaign targeting critical infrastructure organizations, including nuclear, defense and financial companies. Continue Reading
-
News
06 Dec 2018
NRCC email breach confirmed eight months later
A security company was brought in to investigate a National Republican Congressional Committee breach from April, but little is known about the NRCC email theft. Continue Reading
-
News
06 Dec 2018
NSO Group's Pegasus spyware linked to Saudi journalist death
Soon after the Pegasus spyware was linked to the death of a Mexican journalist, a new lawsuit alleged the NSO Group and its spyware were also linked to the death of a Saudi journalist. Continue Reading
-
Feature
05 Dec 2018
Testing email security products: Results and analysis
Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products and the challenges it faced to come up with sound methodologies. Continue Reading
