Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
Tip
10 Dec 2024
Webhook security: Risks and best practices for mitigation
Webhook security is an ongoing process, with responsibility shared between providers and consumers to protect against threats and ensure a secure webhook ecosystem. Continue Reading
By- Twain Taylor, Twain Taylor Consulting
-
News
09 Dec 2024
Attackers exploit vulnerability in Cleo file transfer software
Cleo disclosed and patched the remote code execution vulnerability in late October, but managed file transfer products have proved to be popular targets for threat actors. Continue Reading
By- Arielle Waldman, News Writer
-
News
06 Dec 2024
Ultralytics YOLO AI model compromised in supply chain attack
While Ultralytics has not released an official security advisory, the company pulled two recent versions of its YOLO11 AI model after reports said they contained a cryptominer. Continue Reading
By- Arielle Waldman, News Writer
-
News
05 Dec 2024
Police bust cybercrime marketplace, phishing network
As part of Europol's announcement of the cybercriminal marketplace's disruption, the agency included an image of a takedown notice referencing the 'Manson Market.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
04 Dec 2024
How to protect against malware as a service
Malware operators are further monetizing their malicious software by selling it to other attackers on a subscription basis. Learn how to detect and mitigate the threat. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
News
04 Dec 2024
FOSS security concerns increase amid widespread adoption
A new report from the Linux Foundation, OpenSSF and Harvard University calls for transparency and standardization to address growing security risks in open source software. Continue Reading
By- Arielle Waldman, News Writer
-
News
03 Dec 2024
Ransomware attacks on critical sectors ramped up in November
Supply chain software vendor Blue Yonder and energy management giant Schneider Electric SE experienced some of the most notable ransomware incidents in November. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
26 Nov 2024
Russian hackers exploit Firefox, Windows zero-days in wild
RomCom threat actors chain two Firefox and Windows zero-day vulnerabilities together in order to execute arbitrary code in vulnerable Mozilla browsers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
22 Nov 2024
Volexity details Russia's novel 'Nearest Neighbor Attack'
The security company warned that the new attack style highlights the importance of securing Wi-Fi networks, implementing MFA and patching known vulnerabilities. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
22 Nov 2024
What is endpoint detection and response (EDR)?
Endpoint detection and response (EDR) is a system that gathers and analyzes security threat-related information from computer workstations and other endpoints. Continue Reading
By- Nick Barney, Technology Writer
- Gavin Wright
- Alexander S. Gillis, Technical Writer and Editor
-
Definition
21 Nov 2024
What is a threat intelligence feed?
A threat intelligence feed, also known as a TI feed, is an ongoing stream of data related to potential or current threats to an organization's security. Continue Reading
By- Nick Barney, Technology Writer
- Ivy Wigmore
-
News
21 Nov 2024
Cyber insurers address ransom reimbursement policy concerns
In a recent op-ed for The Financial Times, U.S. Deputy National Security Advisor Anne Neuberger wrote that reimbursing ransom payments is a 'troubling practice that must end.' Continue Reading
By- Arielle Waldman, News Writer
-
News
21 Nov 2024
DOJ charges 5 alleged Scattered Spider members
The defendants, charged for conducting alleged phishing scams across the U.S., are suspected members of a prolific threat group responsible for last year's casino attacks. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
20 Nov 2024
What is Common Vulnerabilities and Exposures (CVE)?
Common Vulnerabilities and Exposures (CVE) is a publicly listed catalog of known security threats. Continue Reading
By- Nick Barney, Technology Writer
- Rahul Awati
-
News
20 Nov 2024
Apple warns 2 macOS zero-day vulnerabilities under attack
The macOS Sequoia vulnerabilities are the latest to be targeted and exploited by threat actors as cybersecurity vendors report a shift in the landscape. Continue Reading
By- Arielle Waldman, News Writer
-
Answer
20 Nov 2024
How does malvertising work?
With each ad placed, a hidden risk often goes overlooked: Cybercriminals who exploit ads to spread malware. Continue Reading
By- Robert Peledie, 365Knowledge Ltd.
-
News
19 Nov 2024
Microsoft to offer hackers millions in Zero Day Quest event
Microsoft launched Zero Day Quest on Tuesday with a preliminary event offering bug bounty researchers rewards with multipliers for select security scenarios. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
19 Nov 2024
2 Palo Alto Networks zero-day vulnerabilities under attack
CVE-2024-9474 marks the second zero-day vulnerability in Palo Alto Networks' PAN-OS firewall management interface to come under attack in the last week. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
19 Nov 2024
Biometric privacy and security challenges to know
Fingerprints and facial scans can make identity access more convenient than passwords, but biometric tools present significant ethical and legal challenges. Continue Reading
-
News
18 Nov 2024
Chinese APT exploited unpatched Fortinet zero-day flaw
Volexity reported that a Chinese APT actor exploited a zero-day vulnerability in Fortinet's Windows VPN FortiClient software that enables credentials to be stolen from a system. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
18 Nov 2024
What is a whaling attack (whaling phishing)?
A whaling attack, also known as 'whaling phishing' or a 'whaling phishing attack,' is a specific type of phishing attack that targets high-profile employees, such as the chief executive officer (CEO) or chief financial officer, to steal sensitive information from a company. Continue Reading
By- Scott Robinson, New Era Technology
- Ben Lutkevich, Site Editor
- Casey Clark, TechTarget
-
Definition
18 Nov 2024
What is a spam trap?
A spam trap is an email address that's used to identify and monitor spam email. It's also a type of honeypot because it uses a fake email address to bait spammers. Continue Reading
By- Scott Robinson, New Era Technology
- Ben Lutkevich, Site Editor
-
News
15 Nov 2024
Palo Alto Networks PAN-OS management interfaces under attack
Palo Alto Networks confirmed that threat actors are exploiting a vulnerability in PAN-OS firewall management interfaces after warning customers to secure them for nearly a week. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
14 Nov 2024
Infoblox: 800,000 domains vulnerable to hijacking attack
While the 'Sitting Ducks' attack vector continues to pose a problem, Infoblox says domain registrars, DNS providers and government bodies remain inactive. Continue Reading
By- Arielle Waldman, News Writer
-
News
14 Nov 2024
CISA, FBI confirm China breached telecommunication providers
The government agencies confirmed Wall Street Journal reports that China-backed threat actors breached telecommunication providers and access data for law enforcement requests. Continue Reading
By- Arielle Waldman, News Writer
-
News
13 Nov 2024
Most widely exploited vulnerabilities in 2023 were zero days
While zero-day exploitation surged throughout 2023, CISA said threat actors continue to exploit known vulnerabilities that were disclosed and patched as far back as 2017. Continue Reading
By- Arielle Waldman, News Writer
-
News
12 Nov 2024
Amazon employee data leaked from MoveIt Transfer attack
Although Amazon confirms that employee data was leaked, it stresses that data was stolen via a third-party vendor and that only contact information was obtained. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
12 Nov 2024
SIEM vs. SOAR vs. XDR: Evaluate the key differences
SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs. Continue Reading
By -
Tip
12 Nov 2024
EDR vs. XDR vs. MDR: Key differences and benefits
One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
By -
Tip
08 Nov 2024
3 key generative AI data privacy and security concerns
Those charged with protecting and ensuring the privacy of user data are facing new challenges in the age of generative AI. Continue Reading
By -
Video
08 Nov 2024
An explanation of ransomware
Ransomware encrypts data and demands payment for release. Protect yourself by backing up data, updating software and avoiding suspicious links. Continue Reading
-
News
07 Nov 2024
Ransomware attacks caused prolonged disruptions in October
The Ransomhub, Rhysdia and Interlock ransomware gangs claimed responsibility for attacks that knocked victims' services offline, sometimes for several weeks. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
07 Nov 2024
15 IAM interview questions to prep for your next career move
The job market for identity and access management positions is strong right now, but the competition could be tough. Use these 15 questions to guide your interview prep. Continue Reading
-
News
06 Nov 2024
CISA on 2024 election security: 'Good news' for democracy
CISA Director Jen Easterly says that despite disruptions including bomb threats in multiple states, Election Day 2024 was a success story from a security standpoint. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
01 Nov 2024
Could SBOMs save lives? SecOps in critical infrastructure
'We live in glass houses,' said a seasoned cybersecurity expert of the U.S. water supply, healthcare and other lifeline services. 'And people are about to start throwing rocks.' Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
31 Oct 2024
China-based APTs waged 5-year campaign on Sophos firewalls
For years, several advanced persistent threat groups tied to the Chinese government targeted Sophos firewall products with custom malware and zero-day exploits. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
31 Oct 2024
Lottie Player NPM package compromised in supply chain attack
Threat actors published compromised versions of the Lottie Player component on NPM, and the malicious code prompted users to access their cryptocurrency wallets. Continue Reading
By- Arielle Waldman, News Writer
-
News
30 Oct 2024
Microsoft warns of Midnight Blizzard spear phishing campaign
The tech giant is notifying users affected by a recently observed campaign, which has targeted more than 100 victim organizations globally so far. Continue Reading
By- Arielle Waldman, News Writer
-
News
29 Oct 2024
REvil convictions unlikely to curb Russian cybercrime
In a rare action against cybercrime, a court in Russia sentenced four individuals tied to the Revil ransomware gang for money laundering and malware distribution charges. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
29 Oct 2024
How to configure and customize Kali Linux settings
Learning how to use Kali Linux for ethical hacking and penetration testing? Read step by step how to configure and customize the distribution. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
Tip
28 Oct 2024
How to identify and prevent insecure output handling
Sanitation, validation and zero trust are essential ways to reduce the threat posed by large language models generating outputs that could cause harm to downstream systems and users. Continue Reading
By- Matthew Smith, Seemless Transition LLC
-
Tip
28 Oct 2024
Insider threat hunting best practices and tools
Detecting threats coming from inside the organization presents unique challenges. Insider threat hunting helps identify potential threat actors and proactively deal with them. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Feature
28 Oct 2024
Types of cybersecurity controls and how to place them
A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset. Continue Reading
By- Isabella Harford, TechTarget
- Packt Publishing
-
News
24 Oct 2024
Cisco ASA and FTD zero day used in password spraying attacks
One day after Cisco disclosed a zero-day vulnerability discovered in its VPN software, CISA added the flaw to its Known Exploited Vulnerabilities catalog. Continue Reading
By- Arielle Waldman, News Writer
-
News
24 Oct 2024
Fortinet FortiManager zero-day flaw exploited since June
Mandiant researchers first observed exploitation activity against CVE-2024-47575 on June 27, with more than 50 FortiManager devices compromised since. Continue Reading
By- Rob Wright, Senior News Director
-
News
24 Oct 2024
AWS CDK security issue could lead to account takeovers
Aqua Security researchers discovered AWS Cloud Development Kit is susceptible to an attack vector the vendor refers to as 'shadows resources,' which can put accounts at risk. Continue Reading
By- Rob Wright, Senior News Director
-
News
23 Oct 2024
Fortinet discloses critical zero-day flaw in FortiManager
According to Fortinet, the FortiManager vulnerability 'may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
22 Oct 2024
Disinformation campaigns pose risk to enterprise businesses
Spotting and stopping disinformation campaigns often involve multiple entities within an enterprise business, including security, marketing and social media teams. Continue Reading
By- Makenzie Holland, Senior News Writer
-
Tip
22 Oct 2024
Threat intelligence vs. threat hunting: Better together
Understanding and using threat intelligence and threat hunting together provides enterprises with a well-rounded security posture. Find out how to build your plan. Continue Reading
-
Tip
22 Oct 2024
How AI is making phishing attacks more dangerous
Cybercriminals are using AI chatbots, such as ChatGPT, to launch sophisticated business email compromise attacks. Cybersecurity practitioners must fight fire with fire. Continue Reading
By- Sharon Shea, Executive Editor
- Ashwin Krishnan, StandOutin90Sec
-
News
21 Oct 2024
Study outlines 'severe' security issues in cloud providers
Possible security issues involving cloud systems should be taken seriously, as the paper noted the five vendors outlined are responsible for more than 22 million users. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
18 Oct 2024
The American Water cyberattack: Explaining how it happened
A cyberattack on American Water disrupted customer systems. While water operations were unaffected, the incident underscores the vulnerability of critical infrastructure. Continue Reading
-
Tip
18 Oct 2024
How to prevent DDoS attacks
Organizations have many methods they can use to prevent DDoS attacks, including increasing bandwidth and server scalability, rate limiting and using a web application firewall. Continue Reading
By- Ravi Das, ML Tech Inc.
-
News
17 Oct 2024
DOJ charges alleged Anonymous Sudan ringleaders
Two Sudanese brothers are accused of leading the cybercriminal group that caused significant damage to healthcare organizations as well as other high-profile victims. Continue Reading
By- Arielle Waldman, News Writer
-
News
17 Oct 2024
September a quiet month for ransomware attacks
Notable ransomware attacks in September involved a Rhode Island public school district, a Texas hospital system, and Kawasaki Motors' European branch. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
16 Oct 2024
Microsoft sees drop in ransomware reaching encryption phase
In its Digital Defense Report 2024, Microsoft observed a significant increase in the number of human-operated ransomware attacks, which often originated from unmanaged devices. Continue Reading
By- Arielle Waldman, News Writer
-
News
16 Oct 2024
Microsoft: Nation-state activity blurring with cybercrime
Microsoft's Digital Defense Report 2024 noted that Russia 'outsourced some cyberespionage operations' against Ukraine to otherwise independent cybercrime gangs. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
16 Oct 2024
Experts slam Chinese research on quantum encryption attack
Researchers at Shanghai University claim to have cracked RSA encryption using D-Wave quantum systems, but infosec experts say the claims are overblown. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
15 Oct 2024
7 common intrusion detection system evasion techniques
Malicious attackers use various evasion tactics to infiltrate networks without intrusion detection systems noticing. Learn what these techniques are and how to mitigate them. Continue Reading
By- Ravi Das, ML Tech Inc.
-
News
11 Oct 2024
Zero-day flaw behind Rackspace breach still a mystery
More than two weeks after threat actors exploited a zero-day vulnerability in a third-party utility to breach Rackspace, the details about the flaw and the utility remain unknown. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
11 Oct 2024
What is the Mitre ATT&CK framework?
The Mitre ATT&CK -- pronounced miter attack -- framework is a free, globally accessible knowledge base that describes the latest behaviors and tactics of cyberadversaries to help organizations strengthen their cybersecurity strategies. Continue Reading
By- Paul Kirvan
- Kinza Yasar, Technical Writer
- Ben Lutkevich, Site Editor
-
News
10 Oct 2024
OpenAI details how threat actors are abusing ChatGPT
While threat actors are using generative AI tools like ChatGPT to run election influence operations and develop malware, OpenAI says the efforts are rarely successful. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 Oct 2024
Coalition: Ransomware severity up 68% in first half of 2024
The cyber insurance carrier examined claims trends for the first half of 2024, which showed policyholders experienced disruptive and increasingly costly ransomware attacks. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 Oct 2024
Ivanti zero-day vulnerabilities exploited in chained attack
The new exploit chains targeting Ivanti Cloud Service Application customers are connected to a previously disclosed critical path traversal flaw, CVE-2024-8963. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 Oct 2024
High-severity Qualcomm zero-day vulnerability under attack
Qualcomm urges customers to patch the memory corruption vulnerability as Google researchers have observed targeted exploitation in the wild against the flaw. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 Oct 2024
American Water discloses breach, utilities unaffected
American Water says in its 8-K filing that it disconnected and deactivated certain systems in its incident response, though the nature of the cyberattack is unknown. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
03 Oct 2024
Cryptomining perfctl malware swarms Linux machines
Aqua Security researchers believe that perfctl malware has infected thousands of Linux machines in the last three to four years and that countless more could be next. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
02 Oct 2024
API security maturity model to assess API security posture
As API use proliferates, attackers are targeting them to exploit networks and data. This six-domain API security maturity model can assess weaknesses and vulnerabilities. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
News
01 Oct 2024
Law enforcement agencies arrest 4 alleged LockBit members
Operation Cronos' efforts to disrupt the LockBit ransomware gang continue as authorities announced the arrests of four alleged members, including one developer. Continue Reading
By- Arielle Waldman, News Writer
-
News
27 Sep 2024
CUPS vulnerabilities could put Linux systems at risk
Security researcher Simone Margaritelli discovered vulnerabilities in the Common UNIX Printing System that attackers could exploit during print jobs against Linux systems. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
27 Sep 2024
What is a cloud access security broker (CASB)?
A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Dan Sullivan
-
News
25 Sep 2024
More Ivanti vulnerabilities exploited in the wild
Three vulnerabilities in Ivanti products have come under attack by unknown threat actors in recent weeks, including two flaws in the company's Cloud Services Appliance. Continue Reading
By- Rob Wright, Senior News Director
-
News
24 Sep 2024
CrowdStrike exec apologizes to Congress, shares updates
CrowdStrike changed the way it rolls out content updates as a result of the global IT outage caused by a faulty update in July. Continue Reading
By- Makenzie Holland, Senior News Writer
-
News
24 Sep 2024
Arkansas City water treatment facility hit by cyberattack
While disruptions are limited, the attack on the water treatment facility highlights how the critical infrastructure sector remains a popular target for threat actors. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
24 Sep 2024
U.S. Army, Lockheed Martin detail SBOM progress
Despite muddied regulatory waters and industry angst over technical stumbling blocks, enterprises are forging ahead with SBOMs, according to presenters at a recent CISA event. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Feature
20 Sep 2024
How to prepare for post-quantum computing security
One of the biggest fears about quantum computing is its ability to easily break current encryption algorithms. Learn why and how to start making quantum security preparations. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
19 Sep 2024
Microsoft warns of Russian election threats, disinformation
As the 2024 U.S. presidential election nears, Microsoft detailed new influence campaigns, such as fake videos aimed at discrediting Vice President Kamala Harris. Continue Reading
By- Arielle Waldman, News Writer
-
News
19 Sep 2024
FBI disrupts another Chinese state-sponsored botnet
The FBI said the massive botnet, which included 260,000 connected devices, was developed and operated by a publicly traded Chinese company named Integrity Technology Group. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
19 Sep 2024
What is quishing (QR code phishing)?
QR code phishing, or 'quishing,' is a social engineering phishing attack that intentionally deceives its recipient into scanning a QR code, redirecting the person to a bogus website. Continue Reading
-
Opinion
18 Sep 2024
Top vulnerability management challenges for organizations
Organizations understand vulnerability management is essential to identifying cyber-risks, but coordinating teams, tools and handling CVEs keeps the pressure on. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Definition
18 Sep 2024
What is email spam and how to fight it?
Email spam, also known as 'junk email,' refers to unsolicited email messages, usually sent in bulk to a large list of recipients. Humans send spam, but more often, botnets are responsible for sending it. Continue Reading
-
News
16 Sep 2024
Windows spoofing flaw exploited in earlier zero-day attacks
Microsoft reveals that CVE-2024-43461, which was disclosed in September's Patch Tuesday, was previously exploited as a zero-day vulnerability in an attack chain. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
13 Sep 2024
How AI could change threat detection
AI is changing technology as we know it. Discover how it's already improving organizations' ability to detect cybersecurity threats and how its benefits could grow as AI matures. Continue Reading
-
Podcast
12 Sep 2024
CTO challenges software security status quo
A former U.S. Department of Homeland Security researcher argues that software is fundamentally broken from a security perspective. So, where does the industry go from here? Continue Reading
By- Beth Pariseau, Senior News Writer
-
Definition
12 Sep 2024
What is threat detection and response (TDR)? Complete guide
Threat detection and response (TDR) is the process of recognizing potential cyberthreats and reacting to them before harm can be done to an organization. Continue Reading
By- Phil Sweeney, Industry Editor
-
News
11 Sep 2024
Microsoft: Zero-day vulnerability rolled back previous patches
On Patch Tuesday, Microsoft addresses a critical zero-day vulnerability that reversed previous fixes for older vulnerabilities and put Windows 10 systems at risk. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
11 Sep 2024
How to prevent vendor email compromise attacks
Vendor email compromise is one of the latest email attacks to hit headlines. Learn how to prevent becoming a victim to this potentially expensive scheme. Continue Reading
-
News
10 Sep 2024
JFrog connects key software supply chain management dots
JFrog ties in with GitHub and Nvidia and ships Runtime Security to offer visibility into software supply chains from source code to production and back again, including AI apps. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
09 Sep 2024
Akira ransomware gang targeting SonicWall VPN accounts
Arctic Wolf recently observed the Akira ransomware gang compromising SonicWall SSL VPN accounts, which could be connected to a critical vulnerability in SonicOS. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
06 Sep 2024
Threat hunting frameworks, techniques and methodologies
Threat hunting's proactive approach plays a vital role in defending against cyberattacks. Learn about the frameworks, methodologies and techniques that make it so effective. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
06 Sep 2024
Ransomware rocked healthcare, public services in August
Ransomware remained a highly disruptive threat last month, as notable attacks claimed victims in healthcare, technology, manufacturing and the public sector. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
05 Sep 2024
What is threat hunting? Key strategies explained
If you are ready to take a more proactive approach to cybersecurity, threat hunting might be a tactic to consider. Here's what security teams should know. Continue Reading
By- Ed Moyle, Drake Software
-
News
03 Sep 2024
FBI: North Korean hackers targeting cryptocurrency employees
North Korean state-sponsored threat actors have been conducting successful social engineering campaigns against cryptocurrency employees over the last several months. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
03 Sep 2024
What is cybercrime and how can you prevent it?
Cybercrime is any criminal activity that involves a computer, network or networked device. Continue Reading
-
News
29 Aug 2024
Russia's APT29 using spyware exploits in new campaigns
A new report from Google TAG suggests that Russia's APT29 is using vulnerability exploits first developed from spyware vendors to target Mongolian government websites. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
29 Aug 2024
How AI will transform vulnerability management for the better
Artificial intelligence is improving how enterprises address security vulnerabilities, resulting in stronger security postures and smaller attack surfaces. Learn more. Continue Reading
By- John Burke, Nemertes Research
-
News
28 Aug 2024
Volt Typhoon exploiting Versa Director zero-day flaw
Lumen Technologies researchers have observed exploitation of CVE-2024-39717 against four U.S. organizations in the ISP, MSP and IT sectors. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
28 Aug 2024
Types of hackers: Black hat, white hat, red hat and more
Black, white and gray hats are familiar to security pros, but as the spectrum evolves to include green, blue, red and purple, things get muddled. Brush up on types of hackers. Continue Reading
By- Sharon Shea, Executive Editor
-
Feature
27 Aug 2024
An overview of storage firmware and the importance of updates
While challenges exist, IT teams that fail to update their storage firmware in a timely manner could put their data and organizations at significant risk. Continue Reading
-
Feature
27 Aug 2024
Infosec industry calls for more public sector collaboration
As cyberattacks continue to rise, infosec professionals address the need to increase private and public sector partnerships to assist law enforcement operations. Continue Reading
By- Arielle Waldman, News Writer
-
News
27 Aug 2024
Port of Seattle grappling with 'possible cyberattack'
A possible cyberattack against Washington's Port of Seattle has caused significant service disruptions to airline travel at the Seattle-Tacoma International Airport. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
26 Aug 2024
Risk & Repeat: National Public Data breach questions remain
The breach of National Public Data may have put billions of personal records at risk, but the scope of the attack and impact on consumers are still unclear. Continue Reading
By- Alexander Culafi, Senior News Writer