Threat detection and response
Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.
Top Stories
-
News
12 Sep 2024
Mastercard to acquire Recorded Future for $2.65B
Mastercard said the addition of threat intelligence vendor Recorded Future will bolster its cybersecurity services as threats against the financial sector continue to rise. Continue Reading
By- Arielle Waldman, News Writer
-
News
11 Sep 2024
Microsoft: Zero-day vulnerability rolled back previous patches
On Patch Tuesday, Microsoft addresses a critical zero-day vulnerability that reversed previous fixes for older vulnerabilities and put Windows 10 systems at risk. Continue Reading
By- Arielle Waldman, News Writer
-
News
27 Nov 2023
Threat actors targeting critical OwnCloud vulnerability
Researchers observed exploitation attempts against a vulnerability affecting OwnCloud's Graph API app, highlighting threat actors' continued focus on file-sharing products. Continue Reading
By- Arielle Waldman, News Writer
-
News
22 Nov 2023
CISA relaunches working group on cyber insurance, ransomware
Following a hiatus, the Cybersecurity Insurance and Data Analysis Working Group will relaunch in December to determine which security measures are most effective to reduce risk. Continue Reading
By- Arielle Waldman, News Writer
-
News
21 Nov 2023
CISA, FBI warn of LockBit attacks on Citrix Bleed
The latest advisory on exploitation of the Citrix Bleed vulnerability confirmed that the LockBit ransomware group perpetrated the attack on Boeing. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
17 Nov 2023
An introduction to IoT penetration testing
IoT systems are complex, and that makes checking for vulnerabilities a challenge. Penetration testing is one way to ensure your IoT architecture is safe from cyber attacks. Continue Reading
By- Laura Vegh, Laura Vegh Creative
-
Tip
17 Nov 2023
SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags
Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best. Continue Reading
By- Ravi Das, RaviDas.Tech Inc.
-
News
16 Nov 2023
CISA, FBI issue alert for ongoing Scattered Spider activity
The government advisory follows several high-profile attacks attributed to Scattered Spider, which uses advanced social engineering techniques like SIM swapping. Continue Reading
By- Arielle Waldman, News Writer
-
News
15 Nov 2023
LockBit observed exploiting critical 'Citrix Bleed' flaw
The Financial Services Information Sharing and Analysis Center warned that LockBit ransomware actors are exploiting CVE-2023-4966, also known as Citrix Bleed. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 Nov 2023
Lace Tempest exploits SysAid zero-day vulnerability
SysAid urged users to patch a zero-day vulnerability in its on-premises software, which is being exploited by the threat actor behind the MoveIt Transfer ransomware attacks. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
09 Nov 2023
emergency communications plan (EC plan)
An emergency communications plan (EC plan) is a document that provides guidelines, contact information and procedures for how information should be shared during all phases of an unexpected occurrence that requires immediate action. Continue Reading
By- Rahul Awati
- Paul Crocetti, Executive Editor
-
News
08 Nov 2023
Atlassian Confluence vulnerability under widespread attack
Atlassian's Confluence Data Center and Server products are under attack again as reports of widespread exploitation roll in just days after CVE-2023-22518 was publicly disclosed. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
08 Nov 2023
threat detection and response (TDR)
Threat detection and response (TDR) is the process of identifying potential threats and reacting to them before they impact the business. Continue Reading
-
Definition
08 Nov 2023
call tree
A call tree is a layered hierarchical communication model used to notify specific individuals of an event and coordinate recovery if necessary. Continue Reading
By- Rahul Awati
- Paul Crocetti, Executive Editor
-
Definition
03 Nov 2023
cybersecurity asset management (CSAM)
Cybersecurity asset management (CSAM) is the process created to continuously discover, inventory, monitor, manage and track an organization's assets to determine what those assets do and identify and automatically remediate any gaps in its cybersecurity protections. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
02 Nov 2023
Microsoft launches Secure Future Initiative to bolster security
In the wake of several significant attacks, Microsoft announced new initiatives to address software development and vulnerability mitigation, among other security risks. Continue Reading
By- Arielle Waldman, News Writer
-
News
31 Oct 2023
Dual ransomware attacks on the rise, but causes are unclear
While the FBI warned enterprises of an increase in dual ransomware attacks, infosec experts said there's insufficient data to consider the threat a trend. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
27 Oct 2023
How to create a cybersecurity awareness training program
Cybersecurity awareness training often misses the mark, leaving employees undereducated and organizations vulnerable to attack. Here's how to succeed where too many fail. Continue Reading
By- Alissa Irei, Senior Site Editor
- Mike Chapple, University of Notre Dame
-
Podcast
26 Oct 2023
Risk & Repeat: Okta under fire after support system breach
This podcast episode covers a security breach suffered by identity vendor Okta involving its customer support systems, which has sparked criticism from customers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
26 Oct 2023
Top 7 cloud misconfigurations and best practices to avoid them
Cloud security means keeping a close eye on the configuration of cloud resources and assets. These best practices can keep you safe from attackers and other malicious activities. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
24 Oct 2023
Cisco IOS XE instances still under attack, patch now
In the days since Cisco's initial disclosure, the networking giant found a second Cisco IOS XE zero-day as well as new evasion techniques being utilized by threat actors. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
23 Oct 2023
Okta customer support system breached via stolen credentials
During the latest breach against the identity and access management vendor, attackers took advantage of the system intended to provide support for Okta customers. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
23 Oct 2023
Top 10 tips for employees to prevent phishing attacks
Share this list of phishing techniques, detection and prevention tips, and best practices to help employees avoid falling victim to phishing schemes. Continue Reading
By- Sharon Shea, Executive Editor
-
News
19 Oct 2023
North Korean hackers exploit critical TeamCity vulnerability
While a patch is available, Microsoft and JetBrains confirmed TeamCity users have been compromised in attacks that leverage CVE-2023-42793 as an initial attack vector. Continue Reading
By- Arielle Waldman, News Writer
-
News
19 Oct 2023
CISA, NSA, FBI publish phishing guidance
In its guidance, CISA focused on two primary goals of phishing attacks: obtaining login credentials, often via social engineering, and installing malware on target systems. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
18 Oct 2023
antispoofing
Antispoofing is a technique for identifying and dropping packets that have a false source address. Continue Reading
By- Paul Kirvan
- Sharon Shea, Executive Editor
-
News
18 Oct 2023
Mandiant: Citrix zero-day actively exploited since August
Exploitation against CVE-2023-4966 is ongoing, and Mandiant CTO Charles Carmakal warned patching alone is insufficient against potential attacks that leverage MFA bypass techniques. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
18 Oct 2023
Cybersecurity vs. cyber resilience: What's the difference?
Companies need cybersecurity and cyber-resilience strategies to protect against attacks and mitigate damage in the aftermath of a successful data breach. Continue Reading
By -
News
17 Oct 2023
Cisco IOS XE zero-day facing mass exploitation
VulnCheck said its public scanning for CVE-2023-20198 revealed that 'thousands' of internet-facing Cisco IOS XE systems have been compromised with malicious implants. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
16 Oct 2023
SEO poisoning (search poisoning)
SEO poisoning, also known as 'search poisoning,' is a type of malicious advertising (malvertising) in which cybercriminals create malicious websites and then use search engine optimization (SEO) techniques to cause the sites' links to show up prominently in search results, often as ads at the top of the results. Continue Reading
-
News
16 Oct 2023
Cisco working on fix for critical IOS XE zero-day
Cisco designated the bug, CVE-2023-20198, with a CVSS score of 10 and said it was working on a patch, but advised customers to apply mitigations in the meantime. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
13 Oct 2023
Ransomware gang targets critical Progress WS_FTP Server bug
The vulnerability used in the failed ransomware attack, CVE-2023-40044, is a .NET deserialization vulnerability in Progress Software's WS_FTP Server with a CVSS score of 10. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
12 Oct 2023
Risk & Repeat: Rapid Reset and the future of DDoS attacks
This podcast episode covers the record-breaking DDoS attack Rapid Reset, why it stands out among other DDoS campaigns and whether it will be widely replicated in the future. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 Oct 2023
'Rapid Reset' DDoS attacks exploiting HTTP/2 vulnerability
Cloudflare said the Rapid Reset DDoS attack was three times larger than the attack it had on record. Google similarly called it 'the largest DDoS attack to date.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
10 Oct 2023
Security posture management a huge challenge for IT pros
Enterprise Strategy Group's John Oltsik explains why executing security hygiene and posture management at scale remains an uphill battle for organizations, despite automation. Continue Reading
By- Linda Tucci, Industry Editor -- CIO/IT Strategy
-
Tip
10 Oct 2023
Security log management and logging best practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
By -
News
06 Oct 2023
MGM faces $100M loss from ransomware attack
MGM's 8-K filing revealed some personal customer data was stolen during the September attack and said the company expects cyber insurance to sufficiently cover the losses. Continue Reading
By- Arielle Waldman, News Writer
-
News
05 Oct 2023
IBM launches new AI-powered TDR Services
IBM followed its first AI-focused offering from April, QRadar Suite, with an MDR product -- Threat Detection and Response Services -- featuring AI capabilities. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
05 Oct 2023
risk assessment
Risk assessment is the process of identifying hazards that could negatively affect an organization's ability to conduct business. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
News
04 Oct 2023
Okta debuts passkey support to combat account compromises
The identity and access management vendor introduced products and features that addressed new social engineering techniques that require additional security measures beyond MFA. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
04 Oct 2023
What is ransomware? How it works and how to remove it
Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
By- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
-
News
02 Oct 2023
Openwall patches 3 of 6 Exim zero-day flaws
The Openwall Project urged users to upgrade to the latest version of Exim, but there have been timely patching struggles with the message transfer agent software in the past. Continue Reading
By- Arielle Waldman, News Writer
-
News
28 Sep 2023
Cisco patches zero-day vulnerability under attack
Cisco said its Advanced Security Initiatives Group discovered the zero-day flaw while investigating attempted attacks on the vendor's Group Encrypted Transport VPN feature. Continue Reading
By- Arielle Waldman, News Writer
-
News
25 Sep 2023
Dallas doles out $8.5M to remediate May ransomware attack
The city of Dallas provided a detailed attack timeline that showed Royal threat actors compromised a service account a month before ransomware was deployed. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
22 Sep 2023
Google and Mandiant flex cybersecurity muscle at mWISE
End-to-end cybersecurity coverage and generative AI could accentuate Google and Mandiant's combined cybersecurity opportunities -- with the right execution. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Feature
22 Sep 2023
How SOAR helps improve MTTD and MTTR metrics
By automating initial incident response tasks, SOAR can help SOC analysts improve MTTD and MTTR metrics and ensure they focus on true positive alerts. Continue Reading
By- Kyle Johnson, Technology Editor
-
Feature
22 Sep 2023
How to create a SOAR playbook in Microsoft Sentinel
Using automation through tools such as SOAR and SIEM can improve incident response alert efficiency. One automated feature analysts can use is the SOAR playbook. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
News
20 Sep 2023
Cyber insurance report shows surge in ransomware claims
Coalition's H1 2023 report shows ransomware activity increased and severity reached "historic" highs as businesses lost an average of more than $365,000 following an attack. Continue Reading
By- Arielle Waldman, News Writer
-
News
14 Sep 2023
Caesars Entertainment breached in social engineering attack
Caesars said it took steps after the breach to "ensure that the stolen data is deleted by the unauthorized actor," suggesting it paid a ransom to the attackers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
13 Sep 2023
Browser companies patch critical zero-day vulnerability
While attack details remain unknown, Chrome, Edge and Firefox users are being urged to update their browsers as an exploit for CVE-2023-4863 lurks in the wild. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
13 Sep 2023
double extortion ransomware
Double extortion ransomware is a novel form of malware that combines ransomware with elements of extortionware to maximize the victim's potential payout. Continue Reading
-
Tip
08 Sep 2023
10 antimalware tools for ransomware protection and removal
Businesses face billions of malware and ransomware threats each year. Antimalware tools can help enterprises protect their networks and limit any damages that may occur. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
07 Sep 2023
How Storm-0558 hackers stole an MSA key from Microsoft
Microsoft detailed a series of errors that led to a consumer account signing key accidentally being included in a crash dump that was later accessed by Storm-0558 actors. Continue Reading
By- Arielle Waldman, News Writer
-
News
06 Sep 2023
Okta: 4 customers compromised in social engineering attacks
Okta said a threat actor convinced IT personnel at several customers to reset MFA factors for highly privileged users, though it's unclear how they accomplished that task. Continue Reading
By- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
-
Tutorial
05 Sep 2023
Use Angry IP Scanner to audit the network
Angry IP Scanner provides a network scanner alternative to Nmap that is simple, user-friendly and versatile across OSes. Scan types include ping scans, UDP scans and TCP scans. Continue Reading
By- Damon Garn, Cogspinner Coaction
-
Tip
31 Aug 2023
How to recover from a ransomware attack
With a ransomware recovery plan, organizations can act quickly to prevent data loss without descending into chaos. Learn the six steps to incorporate into your plan. Continue Reading
By- John Burke, Nemertes Research
-
News
30 Aug 2023
FBI, Justice Department dismantle Qakbot malware
The FBI operation, one of the largest U.S.-led botnet disruption efforts ever, included international partners such as France, Germany, the Netherlands and the United Kingdom. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Guest Post
30 Aug 2023
SEC cyber attack regulations prompt 10 questions for CISOs
New SEC regulations governing the disclosure of cyber attacks by public companies lead to 10 questions board members should ask their CISOs about managing cyber-risk. Continue Reading
By- Frank Kim, SANS Institute
-
Tip
28 Aug 2023
Enterprise dark web monitoring: Why it's worth the investment
Getting an early warning that your data has been compromised is a key benefit of dark web monitoring, but there are many more. By knowing your enemies, you can better protect your assets. Continue Reading
By- Ed Moyle, Drake Software
-
Feature
28 Aug 2023
3 ransomware detection techniques to catch an attack
While prevention is key, it's not enough to protect a company's system from ransomware. Reduce damage from attacks with these three ransomware detection methods. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
23 Aug 2023
Sophos: RDP played a part in 95% of attacks in H1 2023
While Sophos observed increasing activity around Active Directory and Remote Desktop Protocol abuse, it recommended simple mitigation steps can limit the attack surface. Continue Reading
By- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
-
News
22 Aug 2023
Ivanti issues fix for third zero-day flaw exploited in the wild
CVE-2023-38035 is the latest Ivanti zero-day vulnerability to be exploited in the wild. The vendor has released a series of remediation recommendations. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
14 Aug 2023
How to create a ransomware incident response plan
A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps, and download a free template to get started. Continue Reading
By- Paul Kirvan
- Sharon Shea, Executive Editor
-
News
10 Aug 2023
Palo Alto: SugarCRM zero-day reveals growing cloud threats
Recent incident response investigations reveal that attackers are becoming more advanced when it comes to the cloud, but there are steps enterprises can take to mitigate risks. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 Aug 2023
U.S., Ukraine cyber leaders talk resilience, collaboration
At Black Hat 2023, CISA's Jen Easterly and Ukraine's Victor Zhora discuss cyber resilience and security hardening in the face of destructive cyber campaigns. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 Aug 2023
Researchers put LLMs to the test in phishing email experiment
A Black Hat USA 2023 session discussed an experiment that used large language models to see how effective the technology can be in both detecting and producing phishing emails. Continue Reading
By- Rob Wright, Senior News Director
-
News
09 Aug 2023
Generative AI takes center stage at Black Hat USA 2023
About one year after generative AI launched into the spotlight, the technology is showing early signs of potential for security at Black Hat USA 2023 in Las Vegas. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 Aug 2023
CrowdStrike observes massive spike in identity-based attacks
Identity-based attacks like Kerberoasting saw massive increases over the last 12 months as adversary breakout time fell, according to CrowdStrike's 2023 Threat Hunting Report. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
31 Jul 2023
CISA details backdoor malware used in Barracuda ESG attacks
CISA said Friday that 'Submarine' is a novel persistent backdoor used in attacks against Barracuda Email Security Gateway appliances vulnerable to CVE-2023-2868. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
31 Jul 2023
How honey tokens support cyber deception strategies
Learn how to flip the script on malicious hackers with honey tokens, which act like tripwires to reveal an attacker's presence. Continue Reading
By- Rob Shapland, Falanx Cyber
- Alissa Irei, Senior Site Editor
-
News
27 Jul 2023
Google: 41 zero-day vulnerabilities exploited in 2022
While attackers increasingly exploited zero-day flaws last year, one of the most notable findings from the report emphasized how inadequate patches led to new variants. Continue Reading
By- Arielle Waldman, News Writer
-
News
25 Jul 2023
Ivanti EPMM zero-day vulnerability exploited in wild
A zero-day authentication bypass vulnerability in Ivanti Endpoint Manager Mobile was exploited in a cyber attack against a Norwegian government agency. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
24 Jul 2023
Mandiant: JumpCloud breach led to supply chain attack
Mandiant researchers attribute the supply chain attack to a North Korean threat actor that abused JumpCloud's commands framework to gain access to a downstream customer. Continue Reading
By- Rob Wright, Senior News Director
-
News
17 Jul 2023
Microsoft still investigating stolen MSA key from email attacks
While Microsoft provided additional attack details and techniques used by Storm-0558, it remains unclear how the Microsoft account signing key was acquired. Continue Reading
By- Arielle Waldman, News Writer
-
News
17 Jul 2023
JumpCloud breached by nation-state threat actor
JumpCloud's mandatory API key rotation earlier this month was triggered by a breach at the hands of a nation-state threat actor that gained access through spear phishing. Continue Reading
By- Rob Wright, Senior News Director
-
News
12 Jul 2023
Chainalysis observes sharp rise in ransomware payments
The rise in total ransomware payments so far this year is a reversal of the decline Chainalysis saw in 2022, when payments fell sharply to $457 million from $766 million in 2021. Continue Reading
By- Rob Wright, Senior News Director
-
News
12 Jul 2023
Threat actors forged Windows driver signatures via loophole
Threat actors bypassed Microsoft's driver signing policy using a technical loophole and signature timestamp forging tools commonly used in the video game cheat community. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
07 Jul 2023
network intrusion protection system (NIPS)
A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software systems that protect computer networks from unauthorized access and malicious activity. Continue Reading
By -
News
06 Jul 2023
JumpCloud invalidates API keys in response to ongoing incident
The cloud provider did not give any details about the incident that prompted a mandatory API key rotation, which might have caused service disruptions for customers. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
05 Jul 2023
host intrusion prevention system (HIPS)
A host intrusion prevention system (HIPS) is an approach to security that relies on third-party software tools to identify and prevent malicious activities. Continue Reading
By- Stephen J. Bigelow, Senior Technology Editor
-
Definition
05 Jul 2023
WannaCry ransomware
WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
-
Tip
23 Jun 2023
Top 10 threat modeling tools, plus features to look for
Automated threat modeling tools make identifying threats simpler, but the tools themselves can be fairly complex. Understanding where risks exist is only one part of the process. Continue Reading
By -
News
22 Jun 2023
Apple patches zero days used in spyware attacks on Kaspersky
Two Apple zero days were used in the spyware campaign Kaspersky Lab named 'Operation Triangulation,' which was initially discovered on iOS devices of Kaspersky employees. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
21 Jun 2023
How AI benefits network detection and response
Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response. Continue Reading
By- John Grady, Principal Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Podcast
15 Jun 2023
Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks
Barracuda Networks attempted to fix the critical ESG zero-day vulnerability, but a Chinese nation-state threat actor was able to maintain access on compromised devices. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
15 Jun 2023
Chinese nation-state actor behind Barracuda ESG attacks
Mandiant said the zero-day attacks on Barracuda Email Security Gateway appliances were part of a 'wide-ranging campaign in support of the People's Republic of China.' Continue Reading
By- Arielle Waldman, News Writer
-
Tip
15 Jun 2023
Risk assessment vs. threat modeling: What's the difference?
Risk assessments and threat modeling each address potential risks. But they play distinct roles in how they help companies protect systems and data. Continue Reading
By -
News
13 Jun 2023
Fortinet warns critical VPN vulnerability 'may' be under attack
Fortinet said the heap buffer overflow flaw might have been exploited already and warned that Chinese nation-state threat group Volt Typhoon would likely attack the vulnerability. Continue Reading
By- Arielle Waldman, News Writer
-
News
08 Jun 2023
Cisco generative AI heads to Security Cloud, Webex
Cisco plans to release generative AI features in the Webex platform and Security Cloud this year. Together, the products tighten security for remote workers. Continue Reading
By- Antone Gonsalves, News Director
-
News
06 Jun 2023
Verizon 2023 DBIR: Ransomware remains steady but complicated
Chris Novak, managing director of cybersecurity consulting at Verizon Business, said 2023 was a "retooling year" for ransomware threat actors adapted to improved defenses. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
05 Jun 2023
Ransomware actors exploiting MoveIt Transfer vulnerability
Microsoft said the recently disclosed zero-day flaw in Progress Software's managed file transfer product is being exploited by threat actors connected to the Clop ransomware gang. Continue Reading
By- Rob Wright, Senior News Director
-
Feature
05 Jun 2023
Manage security posture with Microsoft Defender for Endpoint
Organizations need to implement security posture management to ensure their cybersecurity strategy can address malicious actions inside and out. Continue Reading
By- Kyle Johnson, Technology Editor
-
Feature
30 May 2023
Vendors: Threat actor taxonomies are confusing but essential
Despite concern about the proliferation of naming taxonomies used to identify threat groups, vendors say they are crucial their understanding and visibility into threat activity. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
News
25 May 2023
Chinese hackers targeting U.S. critical infrastructure
Microsoft uncovered a Chinese nation-state threat group that is compromising Fortinet FortiGuard devices to gain access to critical infrastructure entities in the U.S. and Guam. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
25 May 2023
9 smart contract vulnerabilities and how to mitigate them
Smart contracts execute tasks automatically when specific events occur, and often handle large data and resource flows. This makes them particularly attractive to attackers. Continue Reading
By -
News
24 May 2023
Updated 'StopRansomware Guide' warns of shifting tactics
CISA's updates to the 'StopRansomware Guide' address shifts in the threat landscape as more threat actors skip the encryption step and focus on data theft and extortion. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
24 May 2023
Top breach and attack simulation use cases
While pen tests offer a point-in-time report on the security of an organization's security defenses, breach and attack simulations offer regular or even constant status checks. Continue Reading
By -
News
23 May 2023
Veeam ransomware protection highlighted in Kasten, detection
Veeam unveiled security updates to its Kubernetes backup product at VeeamON. In addition, IDrive released an object storage appliance for users of Veeam and other backup vendors. Continue Reading
By- Paul Crocetti, Executive Editor
-
News
18 May 2023
Acronis adds EDR to endpoint security
Acronis EDR uses Intel threat detection technology to uncover sophisticated attacks, such as fileless malware, but it also has to compete in a crowded market. Continue Reading
By- Nicole Laskowski, Senior News Director
-
News
12 May 2023
Experts question San Bernardino's $1.1M ransom payment
While no public safety services were compromised in the ransomware attack on San Bernardino County's Sheriff's Department, the government opted to $1.1 million to threat actors. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
News
10 May 2023
Dragos discloses blocked ransomware attack, extortion attempt
Dragos Inc. published a blog post that outlined a likely ransomware attack it stopped this week, though a threat actor obtained 'general use data' for new hires. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 May 2023
Akamai bypasses mitigation for critical Microsoft Outlook flaw
Enterprises might remain vulnerable to a critical Outlook flaw that Microsoft patched in March, as an Akamai researcher uncovered a way to bypass remediation efforts. Continue Reading
By- Arielle Waldman, News Writer