Information Security Threats
- March 24, 2020
What's happening at the 2020 RSA Conference? Our team keeps you up to date with pre-conference coverage and breaking news from the infosec world's biggest event.
- November 07, 2019
A Trend Micro employee stole and sold customer support data, which was used by a malicious third-party actor to scam consumer customers of the cybersecurity company.
- August 14, 2019
Learn the latest from this year's Black Hat conference, Aug. 3 to 8. Our team is in Las Vegas to report on what's new in information security risks, trends and defense tactics.
- June 12, 2019
As local and state governments continue to tackle the evolving threat landscape, experts share tips on how to improve security posture and highlight the resources available for help.
- May 23, 2019
Ahead of the 2020 elections, Microsoft unveiled ElectionGuard, an open source SDK designed to provide end-to-end verification of electronic voting machine results.
- May 01, 2019
Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network.
- March 26, 2019
CrowdStrike sounds off on the enhanced partnership between the cybercrime groups behind the TrickBot and BokBot malware and explains what such collaborations signify.
- March 22, 2019
Security researchers discovered the availability of SSL/TLS certificates for sale on the dark web, which allow cybercriminals to disguise their malicious activity as legitimate.
- March 20, 2019
Researchers from Palo Alto Networks have spotted a new variant of the Mirai botnet that is targeting enterprise presentation systems and digital signage with 11 new exploits.
- March 13, 2019
Fragile electronic voting systems and the weaponization of social media continue to menace U.S. election systems as presidential candidates ramp up their 2020 campaigns.
- March 13, 2019
At RSA Conference 2019, experts from the SANS Institute discuss the most dangerous attack techniques they've seen, including DNS manipulation and domain fronting.
- March 11, 2019
Threat actors are exploiting encryption protocols to deliver malicious content, according to Zscaler, which found a 400% increase in SSL-based phishing threats last year.
- March 07, 2019
Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team.
- March 06, 2019
At the recent RSA Conference, FBI Director Christopher Wray called for public-private partnerships to fend off cyberadversaries and threats.
- November 28, 2018
The Justice Department indicted eight individuals accused of running major ad fraud campaigns, including the 3ve botnet, which generated millions of dollars in fake ad revenue.
- April 12, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the big questions ahead of RSA Conference 2018, as well as notable sessions and speakers scheduled for the event.
- August 02, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors recap Black Hat 2017 and discuss some of the big news from the event, including the Broadpwn remote exploit.
- July 26, 2017
Long a conference that has thrived on technical sophistication and nuanced attacks, Black Hat USA 2017 in Las Vegas also found room for softer themes.
- March 10, 2017
News roundup: Report on zero-day vulnerabilities questions government stockpiling. Plus, Comey talks encryption and privacy, FCC blocks consumer protection rule, and more.
- March 08, 2017
Experts criticize both WikiLeaks and the CIA for failing responsible vulnerability disclosure around the Vault 7 documents, and question the CIA's use of the VEP.
- February 06, 2017
Rapid7's Beardsley and Brown are back with more insight into vulnerability disclosure, the value of bug bounty programs and, of course, IoT.
- January 20, 2017
News roundup: A flawed Adobe extension was secretly installed on 30 million Chrome browsers. Plus, the Mirai author has been identified; Google releases security details; and more.
- January 13, 2017
News roundup: St. Jude Medical patches vulnerable medical IoT devices after a five-month controversy. Plus, the Email Privacy Act is reintroduced; Juniper warns of a firewall flaw; and more.
- December 02, 2016
News roundup: Tor browser patches de-anonymizing vulnerability. Plus, Senators ask Obama to release information on Russia's impact on the election, Mirai botnet for rent and more.
- November 29, 2016
Vendors get an extra 30 days to patch under Cisco Talos' new responsible disclosure guidelines, as Talos notes key differences in time to patch among vendors.
- November 18, 2016
News roundup: The latest chapter of Symantec's security struggles involves a high-severity DLL code flaw. Plus, Dyn attacker might be a lone gamer, James Clapper resigns and more.
- October 19, 2016
IBM asks, and researcher pulls proof of concept code from a coordinated vulnerability disclosure, internet explodes.
- September 16, 2016
Google Project Zero Prize hacking competition is set to improve Android security by rewarding remote code execution exploits with prizes up to $200,000.
- August 05, 2016
Apple will be starting a bug bounty program for researchers who find critical vulnerabilities in iOS or iCloud and offer big rewards.
- May 19, 2016
The ImageTragick bug raises questions over responsible disclosure, as the flaw in the ImageMagick image-processing library exposes millions of websites to remote code execution.
- May 18, 2016
Internet pioneer Paul Vixie spoke with SearchSecurity about Internet crime, the glibc bug and other pervasive vulnerabilities that may never be eradicated.
- April 08, 2016
Vulnerability branding was once a practice that elevated understanding of flaws and potentially led to better remediation, but now serves as little more than marketing for security researchers.
- February 01, 2016
We often talk about shifts in information security from advanced threats to emerging technology defenses, but this year marks a few major turning points.
- February 01, 2016
What methods are attackers using to find vulnerabilities in corporate networks? Are these security attacks really advancing? We look at the latest hacking techniques and find out from top security researchers how malware and advanced cyberthreats ...
- October 14, 2015
Windows 10 security incorporates years of improvements to remove or mitigate long-term issues with Windows vulnerabilities.
- September 18, 2015
News roundup: Additional research shows a Cisco router implant affects more devices than originally reported. Plus: Let's Encrypt's first cert issued; Tor in the library; the mitigated (but not fixed) iOS AirDrop vulnerability.
- August 28, 2015
Video: SearchSecurity spoke with Tenable co-founder Ron Gula about recent additions to the Nessus feature set, including a version that lives in the cloud.
- July 16, 2015
There have been calls for the death of the Adobe Flash Player for years either due to performance issues or the threat of exploit. But with a recent rash of zero-day vulnerabilities, those calls are getting louder.
- July 14, 2015
The Windows Server 2003 end of life is upon us and many organizations still haven't made the upgrades or security remediations necessary to mitigate the coming risks.
- June 24, 2015
At RSA Conference 2015, Qualys CTO Wolfgang Kandek said enterprises need to be smart about how they tackle security vulnerabilities because there are simply too many for organizations to handle.
- May 18, 2015
As details emerge about a security researcher's alleged hack -- and subsequent denial -- of an airplane, more questions are being asked than answers given.
- March 27, 2015
As more data moves online, social engineering techniques are becoming increasingly advanced and traditional training methods may not be enough to keep enterprises safe.
- December 12, 2014
News roundup: Amid a devastating breach incident Sony Pictures is fighting back, raising legal and ethical questions. Plus: A big week in security acquisitions; Comcast sued over open Wi-Fi; and Yahoo announces vulnerability disclosure policy.
- November 14, 2014
News roundup: A recent study revealed IT pros' confidence in implementing basic security measures is high, contradicting data that enterprises consistently fail to thwart basic attacks. Plus: BrowserStack hack lessons; responsible phishing reporting...
- August 29, 2014
News roundup: Endpoint antimalware has been long considered ineffective, yet a recent IDC report projects endpoint security growth. What gives? Plus: AWS Zocalo, new gTLDs, QR code authentication and more.
- August 22, 2014
News roundup: Heartbleed vulnerabilities, point-of-sale malware and phishing scams are nothing new, yet numerous companies continue to fall victim to them. Shouldn't the lesson be learned by now? Plus: HTTP Shaming, Dropbox improvements and more.
- July 30, 2014
A vendor's Heartbleed scan shows that a majority of Global 2000 organizations may still be vulnerable despite patching the OpenSSL flaw.
- July 11, 2014
Former CSO Paul Howell details the school's Heartbleed response and how he overcame challenges with assessment, patching and communication.
- June 10, 2014
Video: Chris Wysopal of Veracode discusses the risks of externally sourced code and monitoring its use in the enterprise.
- June 03, 2014
According to one researcher, most enterprise wireless networks are likely vulnerable to Cupid, a proof-of-concept based on the Heartbleed attack.
- April 16, 2014
Though millions of Android devices could contain the Heartbleed OpenSSL vulnerability, experts say the risk to Android users may not be that great.
- April 08, 2014
Researchers who discovered the 'Heartbleed' OpenSSL security vulnerability say it could have exposed encrypted Internet traffic from millions of systems.
- June 18, 2013
Oracle has issued a new security patch for Java, but only 7% deployed the patch before it.
- July 26, 2011
Researcher Tarjei Mandt uncovered dozens of hidden vulnerabilities deep inside Microsoft Windows.
- June 01, 2004
Your desktop AV may be leaving you wide open to attack.