Home
Topics
Information Security Threats

cold boot attack

A cold boot attack is a process for obtaining unauthorized access to encryption keys stored in the dynamic random access memory (DRAM) chips of a c...
FortiGuard Labs sees fast rise of mobile malware in ...

FortiGuard Labs reports a 30% increase in mobile malware so far in 2013, and cautions ransomware is also making an appearance on mobile devices.
Using free Web application security scanning tools t...

Expert Michael Cobb explains how free Web application security scanning tools can help secure Web apps for budget-strapped organizations.
Black Hat 2013 keynote: Alexander details NSA survei...

In his keynote at Black Hat 2013, Gen. Keith Alexander said NSA surveillance programs have strict oversight, despite many inaccurate media reports.

Information Security Threats

Malware, Viruses, Trojans and Spyware
Smartphone and PDA Viruses and Threats
Emerging Information Security Threats
Information Security Incident Response
Hacker Tools and Techniques: Underground Sites and Hacking Groups
Denial of Service (DoS) Attack Prevention
Security Awareness Training and Internal Threats
Application Attacks -Information Security Threats
Web Server Threats and Countermeasures
Identity Theft and Data Security Breaches
Enterprise Vulnerability Management
Email and Messaging Threats
Web Application and Web 2.0 Threats

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Disable autorun to prevent autorun malware infections

Expert Nick Lewis explains how disabling autorun prevents malware from affecting users.Answer
How to protect data from ransomware malware

It can be difficult to recover data that is encrypted by ransomware malware -- unless you have expert Nick Lewis' recommendations in place.Answer
RSA warns about 'KINS' banking Trojan

RSA is warning that a new banking Trojan, 'KINS,' with architectural similarities to previous Trojans, may start hitting PCs soon.News | 24 Jul 2013
How to detect malware with changing file sizes

Malware authors change the size of malware files to avoid detection by antivirus software. Learn how to detect this malware from expert Nick Lewis.Answer
Malwarebytes: Maneuver around 'FBI ransomware' on Macs

Jerome Segura of Malwarebytes explains how to get around 'FBI ransomware' computer locking.News | 22 Jul 2013
Damballa: Security vendor partnerships of growing importance

Damballa executives say partnerships among security point product vendors are increasingly important, and will ultimately benefit enterprises.News | 09 Jul 2013
Recommended tools for remote access Trojan detection

Expert Brad Casey suggests tools that can detect remote access Trojans, or RATs, like FAKEM.Answer
Understanding logic bomb attacks: Examples and countermeasures

In light of the attacks on South Korean organizations, expert Nick Lewis defines logic bomb attacks and offers other examples and countermeasures.Tip
Measuring the risk posed by sophisticated malware evasion techniques

Learn about the evolving nature of malware evasion techniques. Security expert Nick Lewis determines whether anti-malware tools should detect them.Answer
Exploit kits evolved: How to defend against the latest attack toolkits

Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.Tip
VIEW MORE ON : Malware, Viruses, Trojans and Spyware

Inside the Samsung Galaxy Note 2 lock screen bypass vulnerability

Expert Nick Lewis explains how attackers bypassed the Samsung Galaxy Note 2 lock screen and which devices may be vulnerable.Answer
Enterprise mobile device defense fundamentals

This Security School lesson will examine the realities of the security threat posed by mobile devices such as smartphones and tablets, the methods savvy attackers are using today to take advantage of vulnerable mobile devices, and the technology and policy decisions you need to consider around personal devices and corporate data stored and accessed by consumer devices.partOfGuideSeries
differential power analysis (DPA)

A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition
New malware threats require new antimalware protection strategy

Attackers are targeting new vectors such as smartphones, social media and cloud services. Enterprises need to up their game.Magazine
QR codes security: Do malicious QR codes pose a risk?

Expert Nick Lewis discusses QR codes security and whether malicious QR codes pose enough risk to justify disabling them.Answer
Personal online banking at work: Avoiding online banking security issues

Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Answer
IT consumerization drives new security thinking

The influx of personal smartphones and other computing devices into the enterprise is forcing a shift in security strategy.Magazine
Mobility trend takes off in the enterprise but leaves out security

Banks and other businesses are rushing to jump on the mobility trend but leaving security behind.Magazine
SRA launches One Vault Messenger for BlackBerry device encryption

SRA has launched One Vault Messenger, which is a short message service (SMS) encryption product for BlackBerry mobile devices.Article | 16 Feb 2011
Mobile device security needs new approach, experts say

Companies lack the tools to control the onslaught of mobile devices in the enterprise.Feature
VIEW MORE ON : Smartphone and PDA Viruses and Threats

Black Hat 2013 opens with testy keynote, smart device hacks

After a contentious opening keynote by NSA Director Gen. Keith Alexander, day one of Black Hat 2013 showed smart device hacks, severe SCADA issues.News | 01 Aug 2013
New advanced persistent threat protection: Beyond perimeter defense

Firewalls and antivirus are ineffective in the face of APT attacks. Expert Nick Lewis offers suggestions for advanced persistent threat protection.Answer
Emerging threat detection techniques and products

Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing problem, penetrating networks and stealing intellectual property. This TechGuide will provide analysis of APT and ways to determine whether your organization risks exposure to targeted attacks. The chapters explore detection technologies, how to monitor insider threats and how to effectively use threat intelligence to defend against a targeted attack before it happens.E-Handbook
Cyberthreat landscape plagued by automated attacks, Gartner says

Gartner VP Richard Hunter reviews the enterprise cyberthreat landscape and explains why automated attacks will only make a bad situation worse.Podcast
Mega-DDoS attack prevention: How to prepare for larger DDoS attacks

Enterprises face increasing risks from mega-DDoS attacks. Expert Brad Casey provides advice on high-bandwidth DDoS attack prevention.Tip
FortiGuard Labs: Advanced persistent threats are escalating

Advanced persistent threats are on the rise, according to a report by FortiGuard Labs.News | 12 Jul 2013
Damballa: Security vendor partnerships of growing importance

Damballa executives say partnerships among security point product vendors are increasingly important, and will ultimately benefit enterprises.News | 09 Jul 2013
Understanding logic bomb attacks: Examples and countermeasures

In light of the attacks on South Korean organizations, expert Nick Lewis defines logic bomb attacks and offers other examples and countermeasures.Tip
Measuring the risk posed by sophisticated malware evasion techniques

Learn about the evolving nature of malware evasion techniques. Security expert Nick Lewis determines whether anti-malware tools should detect them.Answer
Exploit kits evolved: How to defend against the latest attack toolkits

Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.Tip
VIEW MORE ON : Emerging Information Security Threats

Opinion: Yemeni CERT could turn the tide for Millennials

Providing order and security for the Internet in Yemen, where half of the population is under 18, could provide opportunity in a faltering nation.Opinion
ISM February 2004 Ranum
Opinion: LinkedIn hacking incident betrays users’ trust

Users are told to create strong passwords, but the LinkedIn hacking showed strong passwords are no defense when the application provider is attacked.News | 14 Jun 2012
Some CISOs consider ripping out or augmenting outdated SIEM systems

Outdated SIEM systems were difficult to deploy and costly to maintain, according to one expert. Today, CISOs are considering highly integrated, lightweight systems with more automation.News | 02 Apr 2012
Avoiding cloud bandwidth costs resulting from a cloud DDoS attack

A cloud DDoS attack on Web applications in the cloud could be expensive if it results in extra cloud bandwidth costs. Learn how to plan ahead.Answer
Confusion over APT attacks leads to misguided security effort

Enterprises swayed by vendor marketing and a lack of understanding still fail to adequately counter advanced persistent threats (APT).News | 15 Nov 2011
Getting started with a DNSSEC implementation

The many well-publicized flaws in DNS make implementing DNSSEC even more vital. In this expert response, Mike Chapple explains the enterprise basics for a DNSSEC implementation.Answer
React in seconds with a network incident response plan

A network incident response plan enables the split-second reactions necessary to survive next-generation attacks.Column
Lessons of cyberwar: A chance to boost information security budgets

In the wake of an incident, CISOs should make the most of the opportunity to increase information security budgets.Column

Black Hat 2013 opens with testy keynote, smart device hacks

After a contentious opening keynote by NSA Director Gen. Keith Alexander, day one of Black Hat 2013 showed smart device hacks, severe SCADA issues.News | 01 Aug 2013
Cyberthreat landscape plagued by automated attacks, Gartner says

Gartner VP Richard Hunter reviews the enterprise cyberthreat landscape and explains why automated attacks will only make a bad situation worse.Podcast
Exploit kits evolved: How to defend against the latest attack toolkits

Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.Tip
After lull, PLA 'Comment Crew' hasn't changed cyber-espionage tactics

The Chinese government's alleged cyber-espionage arm remains active after a quiet period, using the same tactics revealed in Mandiant's APT1 report.News | 06 May 2013
The Red October malware campaign uncovered: What enterprises can learn

Expert Nick Lewis details the recently uncovered Red October malware campaign, plus the new and existing controls needed to thwart cyberespionage.Tip
Symantec 2013 Threat Report highlights rise in SMB attacks

Big Yellow's annual report indicates a threefold rise in targeted attacks against SMBs as attackers search beyond big firms for susceptible targets.News | 18 Apr 2013
Bruce Schneier: China cyberwar rhetoric risks dangerous implications

Video: Bruce Schneier explains why ongoing China cyberwar rhetoric evokes the wrong responses and may damage personal privacy, and ultimately freedom.Video
Cyberwar calls for software and system investment, not hacking back
'Internet underground' fight demands better cybersecurity intelligence

Former U.S. national security advisor Greg Rattray believes better cybersecurity intelligence is needed to combat a growing "Internet underground."News | 22 Mar 2013
Cyberwar calls for software and system investment, not hacking back

Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection.Tip
VIEW MORE ON : Hacker Tools and Techniques: Underground Sites and Hacking Groups

How a DNS reflection attack differs from a standard DoS attack program

A DNS reflection attack is like a regular denial-of-service attack, but much worse. Nick Lewis explains why.Answer
Cyberbunker’s Sven Kamphuis denies unleashing DDoS attacks on Spamhaus

The internet activist accused of being behind one of the biggest distributed denial-of-service (DDoS) attacks to date claims he is the victim of an establishment conspiracy.cyber security | 02 Apr 2013
UGNazi hacker group claims responsibility for Twitter outage

Hacktivist group UGNazi says it caused multiple Twitter outages Thursday. Update: Twitter says a "cascading bug" was to blame.News | 21 Jun 2012
Avoiding cloud bandwidth costs resulting from a cloud DDoS attack

A cloud DDoS attack on Web applications in the cloud could be expensive if it results in extra cloud bandwidth costs. Learn how to plan ahead.Answer
Apache DDoS vulnerability requires immediate update to avoid threat

Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.News | 31 Aug 2011
voluntary botnet

A voluntary botnet is a distributed network of computers whose processing power is harnessed to carry out a political or socially-motivated denial of service (DoS) attack.Definition
metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition

Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz.Quiz
Antivirus software comparison, 2004: Not all AV products are equal
U.S. critical infrastructure security: Highlighting critcal infrastructure threats
Gaining awareness to prevent social engineering techniques, attacks
Curb the spam virus threat via information security awareness training

Information security awareness training doesn't always protect users from the ongoing spam virus threat. Nick Lewis offers additional measures that may help.Answer
Personal online banking at work: Avoiding online banking security issues

Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Answer
Security School: Watching the watchers

In our latest lesson, Andreas M. Antonopoulos explores how to monitor the activities of trusted insiders with policy, processes and technology.Tutorial
metamorphic malware

Metamorphic malware is malicious software that is capable of changing its code and signature patterns with each iteration. Definition
Gartner’s Neil MacDonald on RSA, APT and the social engineering threat

In this video, Gartner Vice President Neil MacDonald discusses the SecurID attack at RSA, APT realities and the growing enterprise social engineering threat.News | 24 Jun 2011
RSA SecurID attack, social engineering threat analysis from Gartner's Neil MacDonald

In this video, Gartner Vice President Neil MacDonald discusses the SecurID attack at RSA, APT realities and the growing enterprise social engineering threat.Video
VIEW MORE ON : Security Awareness Training and Internal Threats

Does the Bit9 compromise call application whitelisting into question?

Expert Nick Lewis explains how Bit9 was recently compromised and the viability of application whitelisting as a result of the compromise.Answer
Targeted attack protection: Step-by-step preparation and mitigation

Targeted attacks can be stopped with a defense-in-depth strategy. Michael Cobb explains how to implement a targeted attack prevention plan.Tip
Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say

Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say.News | 21 Dec 2011
XSS cheat sheet: How to prevent XSS attacks and detect exploits

Cross-site scripting (XSS) attacks are constantly top-of-mind for enterprise security professionals, and for good reason: They can do a great deal of damage. In this XSS cheat sheet guide, security professionals will receive advice on how to prevent XSS attacks and detect exploits.Tutorial
blue pill rootkit

The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources. Joanna Rutkowska, a security researcher for Singapore-based IT security firm COSEINC, developed the Blue Pill rootkit as proof-of-concept malware, which she demonstrated at the 2006 Black Hat Briefings conference.Definition
Scott Charney: Microsoft security policy and collective defense

In this video, Microsoft's VP for Trustworthy Computing, Scott Charney, discusses collective defense, the Microsoft security policy proposition for securing consumer computers on the Internet.Video
privilege escalation attack

A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Definition
metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition

Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say

Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say.News | 21 Dec 2011
privilege escalation attack

A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Definition
metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition
Proxy server security: Defending against DoS and other attacks

In this expert response, find out how to boost proxy server security in the enterprise.Ask the Expert
Preventing Web server attacks

Web servers need constant hardening, testing and monitoring to prevent Web server attacks. In this lesson, learn tactics, policies and best practices for keeping enterprise Web servers safe and secure.partOfGuideSeries

Third-party risk management: Horror stories? You are not alone

The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.Feature
Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz.Quiz
Lack of SMB security opens door to online criminals
Data breaches show enterprise need for better data security management
Breaches prompt call for certificate authority architecture alternatives
The RSA breach: One year later
Symantec breach highlights remote management holes
piggybacking

Piggybacking, in a wireless communications context, is the unauthorized use of a wireless LAN. The purpose is network access, rather than any malicious intent, but it can slow down data transfer for the legitimate network users.Definition
Global Payments breach exposes PCI shortcomings

Payment processor Global Payment is the latest poster child for PCI shortcomings and shoddy data security.News | 03 Apr 2012
Ponemon Cost of Data Breach Report finds expenses declining for first time

The seventh annual Ponemon Cost of Data Breach Report analyzed 49 U.S. companies and found organizations with CISOs and a formal incident response plan helped cut costs.News | 20 Mar 2012
VIEW MORE ON : Identity Theft and Data Security Breaches

Cyberwar calls for software and system investment, not hacking back

Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection.Tip
Targeted attack protection: Step-by-step preparation and mitigation

Targeted attacks can be stopped with a defense-in-depth strategy. Michael Cobb explains how to implement a targeted attack prevention plan.Tip
Creating a normalized corporate compliance program

It's essential for IT security managers to create a corporate compliance program to adhere to regulations while maintaining a productive workplace.Video
Meeting PCI DSS compliance requirements with a data management program

In order to meet PCI DSS requirements and compliance, it is important to organize and sort the data coming in by devising a data management plan.Video
Security data mining techniques to weed through data overload

These security data mining techniques will allow security professionals to find and tackle the real issues while overcoming data overload.Video
differential power analysis (DPA)

A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition
Webcast: DNS security best practices; securing DNS infrastructure

Char Sample details three key methods for securing DNS, including how to monitor an enterprise’s DNS infrastructure traffic.Video
Adopt Zero Trust to help secure the extended enterprise

Forrester Analyst John Kindervag explains Zero Trust Model and how it can be applied to protect data in today’s extended enterprise.Tip
File integrity monitoring software benefits for the enterprise

In this video, Spryo Malaspinas offers a primer on file integrity software basics and file integrity monitoring software benefits for enterprises.Video
Personal online banking at work: Avoiding online banking security issues

Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Answer
VIEW MORE ON : Enterprise Vulnerability Management

Improving enterprise email security: Systems and tips

Enterprise email security has become more vital than ever due to increased attacks and threats. This tip details systems that can improve protection.Tip
Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz.Quiz
domain rotation

Domain rotation is a technique use by malware distributors to drive traffic from multiple domains to a single IP address that is controlled by the distributor. The goal of domain rotation is to make it harder for a network administrator to blacklist the malware distributor.Definition

TLS security: Background on the 'Lucky Thirteen' attack

Professor Kenneth Paterson and graduate student Nadhem AlFardan have discovered a TLS attack that tracks the timing of error messages to reveal plaintext.News | 08 Feb 2013
The threat landscape and Web 2.0 technologies
Tackling SSL vulnerabilities for secure online transactions
Tackling SSL vulnerabilities for secure online transactions

A rash of CA breaches shows up weaknesses in the SSL infrastructure. Take action to protect your customers and employees.Magazine
The threat landscape and Web 2.0 technologies

The idea that social media and other Web 2.0 technologies have vastly altered the threat landscape is plain wrong.Magazine
malvertisement (malicious advertisement or malvertising)

A malvertisement (malicious advertisement) is an advertisement on the Internet that delivers a malicious payload. Definition
XSS cheat sheet: How to prevent XSS attacks and detect exploits

Cross-site scripting (XSS) attacks are constantly top-of-mind for enterprise security professionals, and for good reason: They can do a great deal of damage. In this XSS cheat sheet guide, security professionals will receive advice on how to prevent XSS attacks and detect exploits.Tutorial
metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition
Which tools will help in validating form input in a website?

Find out how to validate form input in a website.Ask the Expert
Preventing Web server attacks

Web servers need constant hardening, testing and monitoring to prevent Web server attacks. In this lesson, learn tactics, policies and best practices for keeping enterprise Web servers safe and secure.partOfGuideSeries

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

Information Security Threats

Email Alerts

About This Topic

More from Related TechTarget Sites