Classifying new and unknown (zero-day) malware has always been a challenge in the security industry as new variants are discovered in the wild at an overwhelming rate.

Once an adversary has compromised privileged credentials, for example, by exploiting an attack path, they want to make sure they don’t lose their foothold in the domain. That is, even if the accounts they have compromised are disabled or have their passwords reset, they want to be able to easily regain Domain Admin rights. One way to achieve this persistence is to exploit features of Active Directory that are intended to keep privileged accounts protected: AdminSDHolder and SDProp.

Rewind a couple of years and enterprises were heavily focused on acquiring new tech to drive forward their digitization plans. Then, when the pandemic struck, organizations were forced to fix any technology gaps in their environment and digitize services to hastily plug these gaps.

GitHub's Push Protection is now free for all public repositories, a significant milestone for open-source security! Find out the key points you need to keep in mind before using it to safeguard your code repositories.

If you read the news, you’ve encountered the term “Magecart” multiple times in recent years. The term refers to several hacker organizations that use online skimming methods to steal personal information from websites, most frequently customer information and credit card details on websites that take online payments.

Applications of machine learning have grown exponentially over the past few years and with it, the possibilities of malicious attacks targeting it through any vulnerabilities present.

In today's increasingly mobile-driven world, securing our digital assets and protecting sensitive information is of paramount importance. To address this need, the National Institute of Standards and Technology (NIST) recently released the latest version of their publication, NIST 800-124 Rev. 2: Guidelines for Managing the Security of Mobile Devices in the Enterprise.