Recent research has failed to pin down exactly how the current crypto-mining craze is trending, but companies can derive many key enterprise security lessons from the latest headline-grabbing threat.
New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.
New malware is infiltrating bona fide apps, making banking Trojans harder to detect. Fortunately, it can be shut down if it is detected in time.
Malicious script Magecart is still going strong, allowing threat actors to hire U.S. mules to ship fraudulently purchased goods.
A Dutch developer stole e-commerce customers' login credentials using a website backdoor and admin access that former employers had neglected to revoke.
IBM Research — Haifa recently developed a solution that acts like a moving target, randomizing files to safeguard against ROP attacks.
Cybercriminals use code hooking to intercept OS function calls to alter or augment their behavior. The technique is becoming more popular and dangerous.
A new exploit called pastejacking results in victims unwittingly infecting their own machines thanks to malicious code hidden in seemingly normal text.
Cross-site scripting (XSS) attacks exploit Web design tools to sneak malicious scripts onto users' browsers. Preventive measures can minimize the risk.
Fifty percent of the exploits observed by Trusteer and IBM X-Force Research in December 2013 targeted Java vulnerabilities.