Cyber Attacks

Cyber Attacks | News, how-tos, features, reviews, and videos

business travel / airport terminal walkway / traveller
Three businessmen - see no evil, hear no evil, speak no evil. [Thinkstock]

Red team  >  Hackers coordinate an attack.

5 steps to a successful red team engagement

You want red team pen testers to find the vulnerabilities attackers are most likely to use. Here's how.

Many keys, one lock  >  Brute-force credential stuffing.

Credential stuffing explained: How to prevent, detect and defend against it

The automated use of breached usernames and passwords to access accounts is low risk, high reward for cybercriminals. Here's how to make it harder for them to use credential stuffing.

CSO  >  danger / security threat / malware / biohazard symbol in data center

Review: Morphisec scrambles memory to thwart advanced attacks

With Morphisec, you get a full spectrum of protection that is more complete than any antivirus program alone.

jet aircraft is maneuvering for landing 149957988

Report: China supported C919 airliner development through cyberespionage

Chinese hackers and intelligence agencies coordinated cyberattacks to gather intellectual property of aerospace firms to gain competitive advantage.

budget piggy bank spending savings security spending

Security spending up, but adoption of cutting-edge tools is slow

While security budgets are expected to increase over the next year, it’s not clear that spending is aimed at the right problems or that IT is up-to-date on the latest security practices. (Download our research report.)

Maersk container ship / shipping containers / abstract data

Rebuilding after NotPetya: How Maersk moved forward

In the wake of NotPetya attacks, Maersk’s IT and security teams embraced transparency, greater collaboration with business, and a risk-based approach.

CSO slideshow - Insider Security Breaches - Flag of China, binary code

Chinese cyberespionage group PKPLUG uses custom and off-the-shelf tools

A previously unknown group or collective associated with China is targeting victims in Asia, possibly for geopolitical gain.

cybersecurity eye with binary face recognition abstract eye

Cyber-risk management is about to get easier

New continuous automated penetration and attack testing (CAPAT) tools will help CISOs better see where they are vulnerable and prioritize remediation actions.

online shopping cart magecart hackers shopping online

Magecart web skimming group targets public hotspots and mobile users

IBM researchers discover new Magecart scripts suggest planned advertisement injection through Wi-Fi and supply chain attacks.

Impersonation / disguise / fraud / false identity / identity theft

Rich PII enables sophisticated impersonation attacks

Hackers are now using rich personally identifying information, including device types and browser versions, cookies and web histories, and even voice recordings to gain account access or commit fraud.

Botnet Trouble / Botnet army

Secrets of latest Smominru botnet variant revealed in new attack

Researchers gained access to a Smominru command-and-control server to get details on compromised devices and scope of the attack.

DDOS attack

Misconfigured WS-Discovery in devices enable massive DDoS amplification

Researchers were able to achieve amplification rates of up to 15,300%. Some mitigations are possible.

computer crime scene / hacked / infected / cybercrime / cyberattack

Why you need a cybersecurity incident response specialist

If your cyber insurance provider gives you the number of an incident response specialist, call them now. It will save time when an attack occurs.

Capital One  >  hack

Capital One hack shows difficulty of defending against irrational cybercriminals

The motivation of the malicious actor who stole data of more than 100 million people was driven by emotional distress and did not follow traditional hacker patterns.

Smishing, an SMS phishing attack / Vishing, a voice phishing attack by phone

Smishing and vishing: How these cyber attacks work and how to prevent them

Smishing and vishing are types of phishing attacks that try to lure victims via SMS message and voice calls. Both rely on the same emotional appeals employed in traditional phishing scams and are designed to drive you into urgent...

compromised data / security breach / vulnerability

New Spectre-like CPU vulnerability bypasses existing defenses

The SWAPGS vulnerability can allow attackers to access contents of kernel memory addresses. Microsoft and Intel have coordinated on a mitigation.

team of hackers / organized attack / group of threat actors

Time – and the lack thereof

For cybersecurity, it is pivotal for the next decade to be able to operate with a decreasing time window to act.

cloud migration shipping company outsourcing global consolidation

Modernized maritime industry transports cyberthreats to sea

Attackers are equally capable of wreaking havoc whether their target is based on land or sea. Considering that more than 70 percent of the earth is covered by water, and an expanding attack surface for the vessels journeying across...

Load More