Home
Topics
Information Security Threats

Exploit kits evolved: How to defend against the late...

Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.
DDoS attack trends highlight increasing sophisticati...

Though the Spamhaus DDoS attack showed the potential devastation of increasing bandwidth, DDoS attack trends show DDoS type to be just as important.
Department of Labor website hack highlights advanced...

The IE8 zero-day attack planted in the U.S. Labor Department's website highlights how few organizations can ward off never-before-seen attacks.
Microsoft offers 'fix' for latest Internet Explorer ...

Microsoft released a temporary fix to mitigate attacks using the most recent Internet Explorer 8 zero day vulnerability.

Information Security Threats

Malware, Viruses, Trojans and Spyware
Smartphone and PDA Viruses and Threats
Emerging Information Security Threats
Information Security Incident Response
Hacker Tools and Techniques: Underground Sites and Hacking Groups
Denial of Service (DoS) Attack Prevention
Security Awareness Training and Internal Threats
Application Attacks -Information Security Threats
Web Server Threats and Countermeasures
Identity Theft and Data Security Breaches
Enterprise Vulnerability Management
Email and Messaging Threats
Web Application and Web 2.0 Threats

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

How to use RAT security flaws to turn the table on attackers

Nick Lewis discusses how to learn from RAT security flaws not only for defense, but also to find out more about attackers via offensive security.Answer
MiniFlame malware: Assessing the threat to enterprises

Expert Nick Lewis analyzes miniFlame, the plug-in for the Flame malware, to determine how it operates and whether enterprises should be concerned.Answer
Analyzing updated man-in-the-browser attack techniques

Do man-in-the-browser attack prevention tactics need to be updated as the attacks themselves take on new characteristics? Expert Nick Lewis discusses.Answer
Malware hits businesses 20 to 60 times an hour, say researchers

Advanced cyber attacks hit businesses 20 times an hour on average, say researchers at security firm FireEyeNews | 04 Apr 2013
Botnet takedowns: A dramatic defense

The infections and cyberattacks that botnets are used to launch remain hard-to-detect malware threats that have moved beyond PCs to mobile devices.Feature
The pros, cons and ROI of network malware detection

Consider the pros and cons of network malware detection when calculating ROI, says expert Matt Pascucci.Answer
Botnet takedowns: A dramatic defense
Why advanced malware detection is key to cut through 'network noise'

Video: Wolfgang Kandek, CTO at Qualys, discusses the need for advanced malware detection as true enterprise threats are being lost in "network noise."Video
Utilize Windows 8 ELAM to secure the boot process, detect rootkits

Expert Michael Cobb details how the Windows 8 ELAM feature can detect rootkits and other malicious drivers, help secure the Windows boot process.Answer
Application whitelisting vs. blacklisting: Which is the way forward?

Which method is better at fighting next-gen malware? Security expert Michael Cobb weighs in on the application whitelisting vs. blacklisting debate.Answer
VIEW MORE ON : Malware, Viruses, Trojans and Spyware

differential power analysis (DPA)2

A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition
Black Hat 2010 podcast: Mobile app threats

Kevin Mahaffey, John Hering of mobile security vendor Lookout explain their latest project, App Genome Project, a study of 300,000 smartphone applications. The two researchers said mobile applications pose a major threat and predict it to be the next big attack vector of cybercriminals.News | 28 Jul 2010
VIEW MORE ON : Smartphone and PDA Viruses and Threats

Martin Roesch: Increase in cybersecurity breaches demands new tactics

Video: Sourcefire interim CEO Martin Roesch discusses the need for new tactics amid rampant cybersecurity breaches, plus APTs, big data and CISO priorities.Video
Defending against watering hole attacks: Consider using a secure VM

Expert Nick Lewis analyzes the techniques employed by watering hole attacks and discusses how to use a secure VM to defend enterprises against them.Tip
Emerging threats include kinetic attack, offensive forensics: RSA 2013

At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks.News | 04 Mar 2013
RSA 2013: China not the only cyber espionage country, says Mandiant

China is not the only country carrying out large-scale cyber espionage, says US cyber security firm Mandiant.News | 28 Feb 2013
Spear phishing, manpower drive Chinese APTs, says researcher at RSA 2013

Chinese cyberattacks rely on spear phishing and overwhelming numbers, not sophisticated attack methods, says a researcher at RSA Conference 2013.News | 27 Feb 2013
Antivirus evasion techniques show ease in avoiding antivirus detection

In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.Feature
Antivirus evasion techniques show ease in avoiding antivirus detection
Big data creates cloudy security forecast

Security in the cloud has come a long way and it’s now possible to control the quality of security you get in Web deployments, and to monitor what’s going on in your slice of the cloud.Column
Outsourcing security services

This month, Information Security Magazine examines security in the cloud. Cloud security and cloud services have come a long way and it’s now possible to control the quality of security you get in Web deployments, and to monitor what’s going on in your slice of the cloud.E-Zine
Big data creates cloudy security forecast
VIEW MORE ON : Emerging Information Security Threats

Opinion: Yemeni CERT could turn the tide for Millennials

Providing order and security for the Internet in Yemen, where half of the population is under 18, could provide opportunity in a faltering nation.Opinion
ISM February 2004 Ranum
Opinion: LinkedIn hacking incident betrays users’ trust

Users are told to create strong passwords, but the LinkedIn hacking showed strong passwords are no defense when the application provider is attacked.News | 14 Jun 2012
Some CISOs consider ripping out or augmenting outdated SIEM systems

Outdated SIEM systems were difficult to deploy and costly to maintain, according to one expert. Today, CISOs are considering highly integrated, lightweight systems with more automation.News | 02 Apr 2012
Avoiding cloud bandwidth costs resulting from a cloud DDoS attack

A cloud DDoS attack on Web applications in the cloud could be expensive if it results in extra cloud bandwidth costs. Learn how to plan ahead.Answer
Confusion over APT attacks leads to misguided security effort

Enterprises swayed by vendor marketing and a lack of understanding still fail to adequately counter advanced persistent threats (APT).News | 15 Nov 2011
Getting started with a DNSSEC implementation

The many well-publicized flaws in DNS make implementing DNSSEC even more vital. In this expert response, Mike Chapple explains the enterprise basics for a DNSSEC implementation.Answer
React in seconds with a network incident response plan

A network incident response plan enables the split-second reactions necessary to survive next-generation attacks.Column
Lessons of cyberwar: A chance to boost information security budgets

In the wake of an incident, CISOs should make the most of the opportunity to increase information security budgets.Column

What risk does the Apple UDID security leak pose to iOS users?

Expert Michael Cobb details Apple's Unique Device Identifiers, plus why iOS users should be concerned about the Anonymous UDID security leak.Answer
ISM April 2004 Ranum
Examining hacker bounty pros and cons: Do they stop computer hackers?
Spammers drive organizations to block Internet traffic to stop attacks
Peter Kuper on hacktivism, the evolution of hacking and mobile threats

In-Q-Tel's Peter Kuper discusses hacktivists’ desire for attention, and how the growing use of mobile devices is driving the evolution of hacking.Video
The hacktivist threat to enterprise security
DDoS, SQL injection discussions trending in hacking forums, study finds

Hackers share attack techniques and vulnerability information, shedding light on what threats matter most, according to a new study.News | 30 Oct 2012
Hacker demonstrates targeted attack
Time to take cyberterrorism talk seriously
Metasploit Project acquisition ups ante for penetration testing market
VIEW MORE ON : Hacker Tools and Techniques: Underground Sites and Hacking Groups

Cyberbunker’s Sven Kamphuis denies unleashing DDoS attacks on Spamhaus

The internet activist accused of being behind one of the biggest distributed denial-of-service (DDoS) attacks to date claims he is the victim of an establishment conspiracy.cyber security | 02 Apr 2013
UGNazi hacker group claims responsibility for Twitter outage

Hacktivist group UGNazi says it caused multiple Twitter outages Thursday. Update: Twitter says a "cascading bug" was to blame.News | 21 Jun 2012
Avoiding cloud bandwidth costs resulting from a cloud DDoS attack

A cloud DDoS attack on Web applications in the cloud could be expensive if it results in extra cloud bandwidth costs. Learn how to plan ahead.Answer
Apache DDoS vulnerability requires immediate update to avoid threat

Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.News | 31 Aug 2011
voluntary botnet

A voluntary botnet is a distributed network of computers whose processing power is harnessed to carry out a political or socially-motivated denial of service (DoS) attack.Definition
metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition

Gaining awareness to prevent social engineering techniques, attacks

Cybercriminals are using social engineering fueled by social media to attack users and break into companies.Magazine
rootkit

A rootkit is a collection of tools (programs) that enables administrator-level access to a computer or computer network... (Continued)Definition
Anatomy of an attack

Attackers are more resourceful, determined and prolific than ever before. This lesson will help you know your enemy and understand how to respond to and defend against increasingly complex types of hacker attacks and techniques.partOfGuideSeries
U.S. critical infrastructure security: Highlighting critcal infrastructure threats

Despite heightened post-9/11 security awareness, the U.S. is exposed to numerous critical infrastructure threats.Misc
Antivirus software comparison, 2004: Not all AV products are equal

Your desktop AV may be leaving you wide open to attack.News | 01 Jun 2004
VIEW MORE ON : Security Awareness Training and Internal Threats

Targeted attack protection: Step-by-step preparation and mitigation

Targeted attacks can be stopped with a defense-in-depth strategy. Michael Cobb explains how to implement a targeted attack prevention plan.Tip
Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say

Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say.News | 21 Dec 2011
XSS cheat sheet: How to prevent XSS attacks and detect exploits

Cross-site scripting (XSS) attacks are constantly top-of-mind for enterprise security professionals, and for good reason: They can do a great deal of damage. In this XSS cheat sheet guide, security professionals will receive advice on how to prevent XSS attacks and detect exploits.Tutorial
blue pill rootkit

The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources. Joanna Rutkowska, a security researcher for Singapore-based IT security firm COSEINC, developed the Blue Pill rootkit as proof-of-concept malware, which she demonstrated at the 2006 Black Hat Briefings conference.Definition
Scott Charney: Microsoft security policy and collective defense

In this video, Microsoft's VP for Trustworthy Computing, Scott Charney, discusses collective defense, the Microsoft security policy proposition for securing consumer computers on the Internet.Video
privilege escalation attack

A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Definition
metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition

Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say

Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say.News | 21 Dec 2011
privilege escalation attack

A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Definition
metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition
Proxy server security: Defending against DoS and other attacks

In this expert response, find out how to boost proxy server security in the enterprise.Ask the Expert
Preventing Web server attacks

Web servers need constant hardening, testing and monitoring to prevent Web server attacks. In this lesson, learn tactics, policies and best practices for keeping enterprise Web servers safe and secure.partOfGuideSeries

The RSA breach: One year later

The attack on RSA shook the security industry to its core: A look at the breach’s far reaching impact.Magazine
Symantec breach highlights remote management holes

Poorly configured remote administration tools are a common attack vector, security experts say.Magazine
New Epsilon CISO to expand security team, assess security practices

Newly appointed Epsilon CISO Chris Ray said he will take a step back and get a better understanding of the business before trying to address gaps.News | 25 Jan 2012
Care2 resets millions of account credentials following security breach

Care2, a social network that promotes a variety of causes, announced a data security breach Dec. 28 in which hackers targeted account credentials on the company servers.News | 05 Jan 2012
QR codes security: Do malicious QR codes pose a risk?

Expert Nick Lewis discusses QR codes security and whether malicious QR codes pose enough risk to justify disabling them.Answer
Year’s top 5 security podcasts highlight security breaches of 2011

Among the experts are Verizon’s Wade Baker on data breaches, Microsoft’s David Ladd on software security and Catalin Cosoi of BitDefender on targeted attack prevention.News | 30 Dec 2011
Cybersecurity threats target lack of SMB security

Cybercriminals are zeroing in on small and midsize businesses with fewer security resources.Magazine
Breaches prompt call for certificate authority architecture alternatives

The breaches of certificate authorities fuel renewed debate for Internet security alternatives.Magazine
Data breaches show enterprise need for better data security management

Sony and other data breaches suggest need for data accountability, better configuration management.Magazine
Lack of SMB security opens door to online criminals

Online criminals have smaller targets firmly in their crosshairs.Magazine
VIEW MORE ON : Identity Theft and Data Security Breaches

Striving for better information security intelligence

Security teams strive to gain visibility from a deluge of security information and put that data to work.Magazine
differential power analysis (DPA)2

A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition
advanced persistent threat (APT)

An advanced persistent threat is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time.Definition
Which tools will help in validating form input in a website?

Find out how to validate form input in a website.Ask the Expert
Antivirus software comparison, 2004: Not all AV products are equal

Your desktop AV may be leaving you wide open to attack.News | 01 Jun 2004
VIEW MORE ON : Enterprise Vulnerability Management

Improving enterprise email security: Systems and tips

Enterprise email security has become more vital than ever due to increased attacks and threats. This tip details systems that can improve protection.Tip
Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz.Quiz
domain rotation

Domain rotation is a technique use by malware distributors to drive traffic from multiple domains to a single IP address that is controlled by the distributor. The goal of domain rotation is to make it harder for a network administrator to blacklist the malware distributor.Definition

TLS security: Background on the 'Lucky Thirteen' attack

Professor Kenneth Paterson and graduate student Nadhem AlFardan have discovered a TLS attack that tracks the timing of error messages to reveal plaintext.News | 08 Feb 2013
The threat landscape and Web 2.0 technologies
Tackling SSL vulnerabilities for secure online transactions
Tackling SSL vulnerabilities for secure online transactions

A rash of CA breaches shows up weaknesses in the SSL infrastructure. Take action to protect your customers and employees.Magazine
The threat landscape and Web 2.0 technologies

The idea that social media and other Web 2.0 technologies have vastly altered the threat landscape is plain wrong.Magazine
malvertisement (malicious advertisement or malvertising)

A malvertisement (malicious advertisement) is an advertisement on the Internet that delivers a malicious payload. Definition
XSS cheat sheet: How to prevent XSS attacks and detect exploits

Cross-site scripting (XSS) attacks are constantly top-of-mind for enterprise security professionals, and for good reason: They can do a great deal of damage. In this XSS cheat sheet guide, security professionals will receive advice on how to prevent XSS attacks and detect exploits.Tutorial
metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition
Which tools will help in validating form input in a website?

Find out how to validate form input in a website.Ask the Expert
Preventing Web server attacks

Web servers need constant hardening, testing and monitoring to prevent Web server attacks. In this lesson, learn tactics, policies and best practices for keeping enterprise Web servers safe and secure.partOfGuideSeries

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

Information Security Threats

Email Alerts

About This Topic

More from Related TechTarget Sites