Threat detection and response

Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.

Top Stories

Conference Coverage 16 May 2025
RSAC Conference 2025

Follow SearchSecurity's RSAC 2025 guide for insightful pre-conference insights and reports on notable presentations and breaking news at the world's biggest infosec event. Continue Reading
By
- Sharon Shea, Executive Editor
Tutorial 07 May 2025
How to use arpwatch to monitor network changes

The arpwatch utility flags administrators in the event of any unexpected changes or unauthorized devices, which could signal ARP spoofing or credential-harvesting attacks. Continue Reading
By
- Damon Garn, Cogspinner Coaction

Definition 09 May 2025
What is a security operations center (SOC)?

A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks. Continue Reading
By
- Kinza Yasar, Technical Writer
- Paul Kirvan
- Sarah Lewis
Definition 08 May 2025
What are the top 10 spyware threats?

The top 10 spyware list describes the most common spyware threats behind famous spyware attacks and is frequently identified by leading antispyware tools from vendors like Webroot, Norton and Malwarebytes. Continue Reading
By
- Katie Terrell Hanna
- Andrew Zola
News 07 May 2025

RSAC 2025: Cyware operationalizes threat intelligence with AI, automation

Keeping up with threat intelligence, given its exponential growth, is tough. What businesses need is automatic triaging of alerts and guidance for any necessary follow-up, says Cyware's Sachin Jade. Continue Reading
Tutorial 07 May 2025
How to use arpwatch to monitor network changes

The arpwatch utility flags administrators in the event of any unexpected changes or unauthorized devices, which could signal ARP spoofing or credential-harvesting attacks. Continue Reading
By
- Damon Garn, Cogspinner Coaction
News 05 May 2025

RSAC 2025 highlights gap between threat intel, response

Staying ahead means cyber defenders can’t operate in silos. Continue Reading
News 02 May 2025

A cybersecurity paradox: Even resilient organizations are blind to AI threats

A LevelBlue report looks at what goes into the security postures of a cyber-resilient organization, and found that AI is still a blind spot. Continue Reading
Video 02 May 2025
An explanation of pen testing

Pen testing uses six steps to test systems for vulnerabilities so organizations can remediate any problems and strengthen their cybersecurity against potential attacks. Continue Reading
By
- Tommy Everson, Assistant Editor
- Sabrina Polin, Managing Editor
News 01 May 2025

RSAC Conference: New Huntress, Qualys offers, Malwarebytes channel initiatives

Salt Security, Diligent, Vodafone Business and Fortinet also made channel-relevant announcements during the conference. Continue Reading
News 01 May 2025

Debunking security 'myths' to address common gaps

Dan Gorecki and Scott Brammer's interactive session during RSAC Conference 2025 encourages security professionals to rethink their security postures and address evolving and emerging risks. Continue Reading
News 01 May 2025

Former CISA head slams Trump admin over 'loyalty mandate'

Jen Easterly, former director of CISA, discussed the first 100 days of the second Trump administration and criticized the president's 'mandate for loyalty' during a panel at RSAC 2025. Continue Reading
News 30 Apr 2025

Nvidia's new AI security offering protects against software landmines

Nvidia's DOCA Argus prevents attacks before they compromise AI architectures. Continue Reading
News 30 Apr 2025

DHS boss Noem vows to get CISA back 'on mission'

Secretary Noem asks the cybersecurity community to get in touch with CISA to help reshape the agency to focus on finding efficiencies. Continue Reading
News 30 Apr 2025

DARPA highlights critical infrastructure security challenges

Leaders at federal research organizations DARPA, ARPA-I and ARPA-H discussed the myriad obstacles in addressing critical infrastructure security at RSAC Conference 2025. Continue Reading
News 28 Apr 2025
Cisco, former Google, Meta experts train cybersecurity LLM

Cisco's new Foundation AI group, which includes engineers from multiple companies, has released a compact AI reasoning model based on Llama 3 for cybersecurity to open source. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 28 Apr 2025
7 stages of the ransomware lifecycle

It can be nearly impossible to predict if or how a ransomware group will target an organization, but there are knowable stages of a ransomware attack. Continue Reading
By
- Char Sample, ICF International
- Andrew Froehlich, West Gate Networks
Opinion 25 Apr 2025
RSAC 2025 to center on agentic AI, GenAI in security

If AI continues to become more accurate and secure, automation and self-healing systems that strengthen security programs could be the future. Continue Reading
By
- Melinda Marks, Practice Director
Opinion 24 Apr 2025
Change is in the wind for SecOps: Are you ready?

Attackers have historically had time on their side, outpacing defenders who have struggled to keep up. Agentic AI appears poised to change the game. Continue Reading
By
- Dave Gruber, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 23 Apr 2025
What is ransomware? Definition and complete guide

Ransomware is malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
By
- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
Definition 21 Apr 2025
What is a brute-force attack?

A brute-force attack is a trial-and-error hacking method cybercriminals use to decode login information and encryption keys to gain unauthorized access to systems. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Katie Terrell Hanna
Tip 15 Apr 2025
How to effectively respond to a ransomware attack

Does your organization know what to do if its systems are suddenly struck by a ransomware attack? To be ready, prepare your ransomware response well ahead of time. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 11 Apr 2025
Ransomware negotiation: Does it work, and should you try it?

Negotiating with the criminals who are holding your data for ransom is a daunting and stressful endeavor. Experts weigh in on the risks and the potential outcomes. Continue Reading
By
- Mary K. Pratt
Tip 09 Apr 2025
How to prevent and protect against ransomware

Organizations sometimes learn difficult lessons about gaps in their cybersecurity defenses. Here's what to know about ransomware preparation, detection, response and recovery. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 09 Apr 2025
How to create a data breach response plan, with free template

A data breach response plan outlines how a business reacts to a breach. Follow these six steps, and use our free template to develop your organization's plan. Continue Reading
By
- Rob Shapland
Feature 07 Apr 2025
Explaining AI's impact on ransomware attacks and security

Experts say AI and LLMs will make ransomware attacks more dangerous, but those same tools could be turned against criminals by bolstering ransomware protections. Continue Reading
By
- Michael Nadeau
Tip 03 Apr 2025
How to detect and remove malware from an Android device

Mobile malware can come in many forms, but users might not know how to identify it. Understand the signs to be wary of on Android devices, as well as what to do to remove malware. Continue Reading
By
- Sean Michael Kerner
- Michael Goad, CDW
Feature 03 Apr 2025
4 ransomware detection techniques to catch an attack

While prevention is key, it's not enough to protect a company's systems from ransomware. Learn how early detection with these four methods helps reduce damage from attacks. Continue Reading
By
- Kyle Johnson, Technology Editor
Opinion 01 Apr 2025
How ESET is using AI PCs to boost endpoint security

While AI PCs show legitimate promise, the rock-solid use cases haven't been as prominent. However, security vendor ESET is showing more concrete applications of this technology. Continue Reading
By
- Gabe Knuth, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 31 Mar 2025
How quantum cybersecurity changes the way you protect data

Here's a full guide to the threats quantum computers pose to today's encryption algorithms -- and how to prepare now to become "crypto-agile" enough to stay ahead of bad actors. Continue Reading
By
- Michael Nadeau
Feature 20 Mar 2025
3 types of deepfake detection technology and how they work

Think you're talking to your boss on Zoom? You might want to think again. Deepfake technology has already cost enterprises millions of dollars. Here's how to fight fire with fire. Continue Reading
By
- Alissa Irei, Senior Site Editor
News 20 Mar 2025
Cloudflare unveils tools for safeguarding AI deployment

The cybersecurity vendor's new suite helps businesses, developers and content creators deploy AI technology at scale safely and securely. Continue Reading
By
- Esther Shittu, News Writer
Definition 14 Mar 2025
What is pharming?

Pharming is a scamming practice in which malicious code is installed on a PC or server, misdirecting users to fraudulent websites without their knowledge or consent. Continue Reading
By
- Nick Barney, Technology Writer
Feature 11 Mar 2025
Incident response for web application attacks

Web app security is like learning to ride a bike -- expect to struggle before getting it right. But don't be disheartened; learn from prior incidents to improve controls. Continue Reading
By
- Kyle Johnson, Technology Editor
- Manning Publications Co.
Feature 06 Mar 2025
Treasury Department hacked: Explaining how it happened

Another major cyberattack hit the U.S. Treasury, allegedly by Chinese state-sponsored hackers. Exploiting BeyondTrust software, they accessed sensitive unclassified documents. Continue Reading
By
- Sean Michael Kerner
Definition 28 Feb 2025
What is the NSA and how does it work?

The National Security Agency (NSA) is a federal government surveillance and intelligence agency that's part of the U.S. Department of Defense and is managed under the authority of the director of national intelligence (DNI). Continue Reading
By
News 27 Feb 2025
CrowdStrike: China hacking has reached 'inflection point'

In its 2025 Global Threat Report, CrowdStrike observed an increase in China's cyber capabilities, with a focus on espionage and 'pre-positioning' itself in critical environments. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 26 Feb 2025
How to improve third-party API integration security

External API integrations are critical, but so is managing third-party API risks to maintain customer trust, remain compliant and ensure long-term operational resilience. Continue Reading
By
- Jerald Murphy, Nemertes Research
Tip 25 Feb 2025
How to enhance OSINT investigations using AI

As the amount of data publicly available online continues to grow, AI-driven tools are becoming indispensable companions for intelligence gathering and analysis. Continue Reading
By
- Nihad Hassan
Definition 24 Feb 2025
What is red teaming?

Red teaming is the practice of rigorously challenging plans, policies, systems and assumptions with an adversarial approach. Continue Reading
By
- Paul Kirvan
News 21 Feb 2025
Palo Alto Networks vulnerabilities exploited in chained attack

The cybersecurity vendor urges customers to take immediate action to mitigate recently disclosed vulnerabilities that are being actively exploited in the wild. Continue Reading
By
- Arielle Waldman, News Writer
Definition 21 Feb 2025
What is a network packet?

A network packet is a basic unit of data that is transferred over a computer network, typically a packet-switched network, such as the internet. Continue Reading
By
- Rahul Awati
- Kinza Yasar, Technical Writer
- Andrew Zola
Podcast 20 Feb 2025
Risk & Repeat: Salt Typhoon hasn't stopped hacking

Although the Salt Typhoon telecom breaches from last year appear to have been remediated, the Chinese state-sponsored threat group continues to target critical organizations. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 Feb 2025
CISA, FBI warn of Ghost/Cring ransomware attacks

Ghost is a China-based financially motivated ransomware group that has launched attacks against organizations in more than 70 countries -- including its own. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 20 Feb 2025
Penetration testing vs. vulnerability scanning: What's the difference?

Confused by the distinctions between penetration testing and vulnerability scanning? You're not alone. Learn the key differences between the two and when to use each. Continue Reading
By
- Kyle Johnson, Technology Editor
- Andrew Froehlich, West Gate Networks
Definition 18 Feb 2025
What are social engineering attacks?

Social engineering is an attack vector that relies heavily on human interaction and often involves psychological manipulation of people into breaking normal security procedures and best practices to gain unauthorized access. Continue Reading
By
- Paul Kirvan
- Madelyn Bacon, TechTarget
Definition 18 Feb 2025
What is a botnet?

A botnet is a collection of internet-connected devices -- including PCs, servers, mobile devices and internet of things (IoT) devices -- infected and controlled by a common type of malware, often unbeknownst to their owners. Continue Reading
By
- Scott Robinson, New Era Technology
- Katie Terrell Hanna
- Ben Lutkevich, Site Editor
News 13 Feb 2025
Salt Typhoon compromises telecom providers' Cisco devices

Salt Typhoon's latest campaign exploits older vulnerabilities in Cisco edge devices to gain access to the networks of several telecom companies, including two based in the U.S. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 13 Feb 2025
What is a denial-of-service attack?

A denial-of-service (DoS) attack is a security threat that occurs when an attacker makes it impossible for legitimate users to access computer systems, networks, services or other IT resources. Continue Reading
By
- Scott Robinson, New Era Technology
- Kevin Ferguson
- Peter Loshin, Former Senior Technology Editor
Definition 12 Feb 2025
What is cyber hijacking?

Cyber hijacking, or computer hijacking, is a type of network security attack in which the threat actor takes control of computer systems, software programs and network communications. Continue Reading
By
- Scott Robinson, New Era Technology
Definition 12 Feb 2025
What is antimalware?

Antimalware is a software program created to protect IT systems and individual computers from malicious software, or malware. Continue Reading
By
- Scott Robinson, New Era Technology
- Linda Rosencrance
Definition 11 Feb 2025
What is a honeypot? How it protects against cyberattacks

A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to help organizations detect, deflect and study hacking attempts to gain unauthorized access to IT. Continue Reading
By
- Scott Robinson, New Era Technology
- Ben Lutkevich, Site Editor
- Casey Clark, TechTarget
Tip 07 Feb 2025
Top 21 Kali Linux tools and how to use them

Kali Linux includes many tools tailored to beefing up network security. Getting familiar with them takes a lot of work, but the benefits they provide can be wide-ranging. Continue Reading
By
- Damon Garn, Cogspinner Coaction
News 06 Feb 2025
Unpatched.ai: Who runs the vulnerability discovery platform?

There is limited information on the AI-powered vulnerability discovery platform that emerged in December after it reported Microsoft vulnerabilities Continue Reading
By
- Arielle Waldman, News Writer
Definition 05 Feb 2025
What is a cyberthreat hunter (cybersecurity threat analyst)?

A cyberthreat hunter, also called a cybersecurity threat analyst, proactively identifies security incidents that might go undetected using automated security tools such as malware detectors and firewalls. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Katie Terrell Hanna
- John Moore, Industry Editor
Tip 05 Feb 2025
How to build an effective purple team playbook

Enterprises across a wide variety of vertical industries can benefit from purple team exercises that harness red and blue teams toward a common goal: reducing vulnerabilities. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
News 05 Feb 2025
Chainalysis records 35% decrease in ransom payments in 2024

While the first half of 2024 was on pace to surpass 2023's record-setting numbers, Chainalysis found that the volume of ransom payments dropped in the second half of the year. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Feb 2025
NSFocus: DeepSeek AI hit with 'well planned' DDoS attacks

Cybersecurity vendor NSFocus said AI startup DeepSeek endured multiple waves of DDoS attacks from attackers since its reasoning model was released Jan. 20. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 30 Jan 2025
German police disrupt Cracked, Nulled cybercrime forums

Cracked and Nulled had a combined community of approximately 10 million users who used the sites to discuss cybercrime and sell malware and hacking tools. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 Jan 2025
DOJ indicts 5 individuals in North Korea IT worker scam

An unsealed indictment revealed threat actors working for North Korea tricked at least 64 U.S. businesses into hiring fake IT workers for financial and propriety data gains. Continue Reading
By
- Arielle Waldman, News Writer
Definition 23 Jan 2025
What is threat modeling?

Threat modeling is the systematic process of identifying threats to and vulnerabilities in software applications, and then defining countermeasures to mitigate those threats and vulnerabilities to better protect business processes, networks, systems and data. Continue Reading
By
- Rahul Awati
- Michael Cobb
News 23 Jan 2025
Zero-day vulnerability in SonicWall SMA series under attack

SonicWall released a hotfix for a critical pre-authentication remote code execution vulnerability in Secure Mobile Access 1000 products amidst reports of zero-day exploitation. Continue Reading
By
- Arielle Waldman, News Writer
Feature 23 Jan 2025
PowerSchool data breach: Explaining how it happened

Hackers are going to school (literally) as the education sector has become an increasingly attractive target for cybercriminals. Continue Reading
By
- Sean Michael Kerner
Podcast 21 Jan 2025
Risk & Repeat: What is the future of CISA?

South Dakota Gov. Kristi Noem, who is President Donald Trump's nominee for DHS secretary, said during a recent confirmation hearing that CISA should be 'smaller.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 21 Jan 2025
Threat actors abusing Microsoft Teams in ransomware attacks

Sophos researchers observed two separate threat campaigns in which attackers used Microsoft Teams to pose as IT support personnel and gain access to victims' systems. Continue Reading
By
- Arielle Waldman, News Writer
Tip 21 Jan 2025
How to prevent living-off-the-land attacks

Living-off-the-land attacks have been around since the dawn of modern computing, but they're drawing new attention from threat actors eager to find ways to penetrate defenses. Continue Reading
By
- Amanda Scheldt
News 17 Jan 2025
Treasury Department sanctions company tied to Salt Typhoon

The sanctions were in response to significant cyberattacks by Chinese nation-state threat groups against the U.S. government and critical infrastructure in recent months. Continue Reading
By
- Arielle Waldman, News Writer
Feature 16 Jan 2025
The mystery of the $75M ransom payment to Dark Angels

The Dark Angels gang stole 100 TB of data from a Fortune 50 company last year for a record-setting ransom payment. But the victim organization still hasn't disclosed those details. Continue Reading
By
- Rob Wright, Senior News Director
News 15 Jan 2025
FBI removes Chinese PlugX malware from 4,258 U.S. computers

The FBI did not inform individuals that it deleted PlugX malware from users' computers beforehand, citing the possibility of Chinese state-sponsored hackers making adjustments. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jan 2025
Attackers exploiting critical Fortinet zero-day vulnerability

Fortinet disclosed another zero-day vulnerability in its FortiOS and FortiProxy products days after Arctic Wolf detailed a threat campaign targeting the vendor's devices. Continue Reading
By
- Arielle Waldman, News Writer
News 14 Jan 2025
CISA: BeyondTrust flaw CVE-2024-12686 exploited in the wild

BeyondTrust discovered the flaw last month while investigating breaches of a 'limited number' of SaaS customers at the hands of Chinese state-sponsored threat actors. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jan 2025
Ivanti zero-day patching increases amid ongoing attacks

Recent scans conducted by the Shadowserver Foundation show many organizations have patched Ivanti instances vulnerable to CVE-2025-0282 over the last week. Continue Reading
By
- Arielle Waldman, News Writer
Tip 13 Jan 2025
How to avoid and remove malvertising

Malvertising is an up-and-coming cybersecurity threat, but marketing and IT teams alike can take several important steps to avoid and remove this threat. Continue Reading
By
- Griffin LaFleur, Swing Education
Feature 13 Jan 2025
9 secure email gateway options for 2025

Finding the best email security gateway is vital to protect companies from cyberattacks. Here's a look at some current market leaders and their standout features. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 09 Jan 2025
Mandiant links Ivanti zero-day exploitation to Chinese hackers

Mandiant warned users to be prepared for widespread exploitation of CVE-2025-0282 as Ivanti products have become a popular target for attackers in recent years. Continue Reading
By
- Arielle Waldman, News Writer
News 07 Jan 2025
CISA: BeyondTrust breach affected Treasury Department only

The government cybersecurity agency says fallout from a breach against BeyondTrust last month has not affected other federal agencies, although the investigation is ongoing. Continue Reading
By
- Arielle Waldman, News Writer
Tip 06 Jan 2025
Top 4 incident response certifications to consider in 2025

Cybersecurity professionals pursuing an incident response track should consider the following certifications to bolster their knowledge and advance their career. Continue Reading
By
- Rob Shapland
News 31 Dec 2024
Treasury Department breached through BeyondTrust service

The Treasury Department said Chinese government hackers gained access to a key for BeyondTrust's Remote Support service and used it to breach the federal agency. Continue Reading
By
- Rob Wright, Senior News Director
Feature 30 Dec 2024
Navigate the 2025 threat landscape with expert insights

AI technology and company employees can serve as both gateways and buffers against cyberthreats. Learn more from expert thought leaders on how to protect your environment in 2025. Continue Reading
By
- Alicia Landsberg, Senior Managing Editor
Podcast 23 Dec 2024
Risk & Repeat: The state of ransomware in 2024

Ransomware made major headlines in 2024, from the massive Change Healthcare attack to the creative takedown of the notorious LockBit ransomware-as-a-service gang. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 23 Dec 2024
10 of the biggest cybersecurity stories of 2024

Some of the biggest stories of the year include a massive IT outage, a record-setting ransom payment and devastating breaches at several U.S. telecommunications companies. Continue Reading
By
- Alexander Culafi, Senior News Writer
Guest Post 19 Dec 2024
Add gamification learning to your pen testing training playbook

Organizations that embrace gamification in their pen testing training are better positioned to build and maintain the skilled security teams needed to address evolving threats. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
News 16 Dec 2024
Blackberry sells Cylance to Arctic Wolf for $160M

After exiting the mobile device market, Blackberry acquired Cylance for $1.4 billion in 2018 to expand its presence in enterprise security. Continue Reading
By
- Arielle Waldman, News Writer
News 16 Dec 2024
ESET: RansomHub most active ransomware group in H2 2024

The antimalware vendor says law enforcement operations against the LockBit ransomware gang were successful, but a new prolific group has emerged in its place. Continue Reading
By
- Arielle Waldman, News Writer
Tip 12 Dec 2024
5 common malvertising examples

Malvertising is relatively new in the world of cyberthreats and can be the hardest to spot. Here are five examples of these malicious ads. Continue Reading
By
- Christine Campbell, The Alpha Content Company
News 05 Dec 2024
Police bust cybercrime marketplace, phishing network

As part of Europol's announcement of the cybercriminal marketplace's disruption, the agency included an image of a takedown notice referencing the 'Manson Market.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 04 Dec 2024
FBI: Criminals using AI to commit fraud 'on a larger scale'

As AI technology becomes more widely adopted, attackers are abusing it for their scams, which the FBI says are becoming increasingly more difficult to detect. Continue Reading
By
- Arielle Waldman, News Writer
News 02 Dec 2024
AWS launches automated service for incident response

AWS Security Incident Response, which launched ahead of the re:Invent 2024 conference this week, can automatically triage and remediate events detected in Amazon GuardDuty. Continue Reading
By
- Rob Wright, Senior News Director
Tip 27 Nov 2024
How AI is reshaping threat intelligence

As promising as AI technology is for threat intelligence, organizations grapple with a long learning curve and other challenges that could impede successful adoption. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
- Sharon Shea, Executive Editor
News 26 Nov 2024
AWS CISO details automated cybersecurity tools for customers

Chris Betz, CISO at AWS, discusses how three internal tools are designed to automatically identify and mitigate threats for the cloud giant's customers. Continue Reading
By
- Rob Wright, Senior News Director
Definition 22 Nov 2024
What is endpoint detection and response (EDR)?

Endpoint detection and response (EDR) is a system that gathers and analyzes security threat-related information from computer workstations and other endpoints. Continue Reading
By
- Nick Barney, Technology Writer
- Gavin Wright
- Alexander S. Gillis, Technical Writer and Editor
Definition 21 Nov 2024
What is a threat intelligence feed?

A threat intelligence feed, also known as a TI feed, is an ongoing stream of data related to potential or current threats to an organization's security. Continue Reading
By
- Nick Barney, Technology Writer
- Ivy Wigmore
News 21 Nov 2024
Cyber insurers address ransom reimbursement policy concerns

In a recent op-ed for The Financial Times, U.S. Deputy National Security Advisor Anne Neuberger wrote that reimbursing ransom payments is a 'troubling practice that must end.' Continue Reading
By
- Arielle Waldman, News Writer
News 21 Nov 2024
DOJ charges 5 alleged Scattered Spider members

The defendants, charged for conducting alleged phishing scams across the U.S., are suspected members of a prolific threat group responsible for last year's casino attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 20 Nov 2024
Risk & Repeat: China hacks major telecom companies

The FBI and CISA confirmed reports that Salt Typhoon breached several major telecom companies and accessed data related to law enforcement requests. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 Nov 2024
Apple warns 2 macOS zero-day vulnerabilities under attack

The macOS Sequoia vulnerabilities are the latest to be targeted and exploited by threat actors as cybersecurity vendors report a shift in the landscape. Continue Reading
By
- Arielle Waldman, News Writer
News 19 Nov 2024
2 Palo Alto Networks zero-day vulnerabilities under attack

CVE-2024-9474 marks the second zero-day vulnerability in Palo Alto Networks' PAN-OS firewall management interface to come under attack in the last week. Continue Reading
By
- Arielle Waldman, News Writer
News 15 Nov 2024
Palo Alto Networks PAN-OS management interfaces under attack

Palo Alto Networks confirmed that threat actors are exploiting a vulnerability in PAN-OS firewall management interfaces after warning customers to secure them for nearly a week. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Nov 2024
Most widely exploited vulnerabilities in 2023 were zero days

While zero-day exploitation surged throughout 2023, CISA said threat actors continue to exploit known vulnerabilities that were disclosed and patched as far back as 2017. Continue Reading
By
- Arielle Waldman, News Writer
Tip 12 Nov 2024
SIEM vs. SOAR vs. XDR: Evaluate the key differences

SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs. Continue Reading
By
- Paul Kirvan
Tip 12 Nov 2024
EDR vs. XDR vs. MDR: Key differences and benefits

One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
By
- Paul Kirvan
News 06 Nov 2024
CISA on 2024 election security: 'Good news' for democracy

CISA Director Jen Easterly says that despite disruptions including bomb threats in multiple states, Election Day 2024 was a success story from a security standpoint. Continue Reading
By
- Alexander Culafi, Senior News Writer