Cybercrime

Cybercrime | News, how-tos, features, reviews, and videos

The shadow of hand unsettlingly hovers over a keyboard.
An anonymous hooded figure is surrounded by an abstract network of avatars.

Cybersecurity  >  abstract network of circuits data and lock

CISA sees no significant harm from Log4j flaws but worries about future attacks

The U.S. cybersecurity agency can't rule out that adversaries are using Log4j to gain persistent access to launch attacks later.

hot and cold fire and ice clash temperature

7 hot cybersecurity trends (and 2 going cold)

Is that security trend hot or not? From tools and technologies to threats and tactics, the numbers don't lie.

Scanning for vulnerabilities.

The Apache Log4j vulnerabilities: A timeline

The Apache Log4j vulnerability has impacted organizations around the globe. Here is a timeline of the key events surrounding the Log4j exploit as they have unfolded.

gavel / abstract binary lines  >  court judgment / fine / penalty / settlement

The biggest data breach fines, penalties, and settlements so far

Hacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes have cost these companies a total of nearly $1.3 billion and counting.

01 intro prediction

Top 8 cybersecurity predictions for 2022

Seeing opportunities in the mass move to remote work, cyberattackers are updating their tactics, compelling security leaders to respond. Experts make their predictions about threat reduction, compliance, supply chain management,...

keys on a keychain / key ring / password management / binary code overlay

Exploit chains explained: How and why attackers target multiple vulnerabilities

Here is what you need to know about exploit chain risks, use cases, and mitigation.

train tracks converge / rails switch / paths merge / convergence / directory traversals

6 ways hackers hide their tracks

From trusted pentesting tools to LOLBINs, attackers abuse trusted platforms and protocols to evade security controls.

network security / network traffic scanning

Lessons learned from 2021 network security events

Rather than predict what 2022 will bring, let's manage the future by implementing the lessons learned from this year's biggest security threats.

locked data / bitcoins

How ransomware negotiations work

Here's what experienced negotiators say your organization should expect if it ever needs to pay a ransomware demand.

human weak link cybersecurity primary

Supply chain attacks show why you should be wary of third-party providers

The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.

A laptop user with magnifying lens examines binary data.

How to detect Log4Shell exposure and exploitation

Software dependencies and third-party products make detecting Log4j exploits tough, but this advice and some specialized tools can help.

online shopping cart magecart hackers shopping online

What is Magecart? How this hacker group steals payment card data

Hacking groups that make up Magecart are effective and persistent at stealing customer and payment card data through skimmers. Here's how they work and what you can do to mitigate the risk.

targeted holiday attacks  >  a red bow impaled by a hook, surrounded by abstract binary code

Security lessons from 2021 holiday shopping fraud schemes

Here are four ways fraudsters targeted the 2021 shopping period with insight into how retailers can prevent and defend against exploitation.

cybersecurity controls

The 7 CIS controls you should implement first

The CIS Critical Security Controls list (formerly the SANS Top 20 controls) has been the gold standard for security defense advice. These are the tasks you should do first.

A virtual checkmark in digital system / standards / quality control / certification / certificates

8 top penetration testing certifications employers value

If you're looking for a job as a penetration tester, these certs will help you demonstrate your hacking skills and your commitment to the field.

cso security hacker breach privacy ransomware malware attack gettyimages 1216075693 by towfiqu aham

Survey: Hackers approach staff to assist in ransomware attacks

Cyberattackers have approached employees in 48% of organizations in North America to assist in ransomware attacks, according to a report by Pulse and Hitachi ID.

CSO > breakthrough / penetration testing / hammer breaking binary glass

11 penetration testing tools the pros use

Automated and open source tools can help you conduct web application, network, and database penetration tests.

Abstract Java code

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it.

Load More