Beyond the obvious benefit of proactively identifying application security incidents, threat modeling gives security leaders opportunities to educate developers and foster a DevSecOps culture.
It's time for cloud security teams to turn the tables on malicious actors and use doxing — in the form of attacker reconnaissance — to uncover vulnerabilities before they turn into full-blown threats.
The Outlaw threat group is using a botnet to distribute a Monero cryptocurrency miner and a Perl-based backdoor component.
Threat actors are using targeted attack tools to distribute typical malware, such as cryptocurrency miners and ransomware.
Per X-Force IRIS, at least 22 percent of reported campaigns in April 2019 delivered macro malware. What methods can defenders leverage to help detect malicious macro activity?
A threat actor known as TA505 recently launched a phishing campaign that uses living-of-the-land binaries (LOLBins) to distribute a new backdoor malware.
Researchers observed variants of the Emotet Trojan injecting themselves into existing email conversations as a means of distributing malicious links.
To avoid malware, always get hardware and software from authorized and reputable sources and vendors, right? But what happens when those same sources actually contain or deliver malicious payloads?
Some of the latest website security threats originate from thriving dark web marketplaces for TLS/SSL certificates, which often come packaged with other cybercrime services.
Security researchers discovered that a threat actor is targeting LinkedIn users with fake job offers to deliver the More_eggs backdoor.