Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
New & Notable
Threats and vulnerabilities News
-
June 28, 2022
28
Jun'22
Ransomware gangs using Log4Shell to attack VMware instances
Ransomware groups are exploiting the Log4Shell flaw in VMware Horizon and using DLL sideloading techniques to exfiltrate and encrypt data, according to Trend Micro.
-
June 28, 2022
28
Jun'22
Wiz launches open database to track cloud vulnerabilities
Wiz researchers Alon Schindel and Amitai Cohen and Scott Piper, cloud security engineer at Block, launched a database to list all known cloud vulnerabilities and security issues.
-
June 24, 2022
24
Jun'22
Researchers criticize Oracle's vulnerability disclosure process
While the critical flaws were reported in April, it took the vendor nearly half a year to issue patches, exceeding the standard responsible coordinated disclosure policy.
-
June 23, 2022
23
Jun'22
Chinese HUI Loader malware ups the ante on espionage attacks
A state-sponsored piece of malware may become a favorite weapon for Beijing-backed hacking crews looking to lift intellectual property from foreign firms.
Threats and vulnerabilities Get Started
Bring yourself up to speed with our introductory content
-
How to determine out-of-scope bug bounty assets
What happens when a security researcher discovers a bug in an out-of-scope asset? Learn how to handle bug bounty scope in this excerpt from 'Corporate Cybersecurity.' Continue Reading
-
directory traversal
Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory. Continue Reading
-
Creating a patch management policy: Step-by-step guide
A comprehensive IT patch management policy is insurance against network hardware and software prone to bugs and vulnerabilities that can disrupt critical business processes. Continue Reading
Evaluate Threats and vulnerabilities Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
-
An enterprise bug bounty program vs. VDP: Which is better?
Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground. Continue Reading
-
Top metaverse cybersecurity challenges to consider
The metaverse introduces cybersecurity problems companies must address, from identity and privacy to moderation and physical security. Continue Reading
-
How hackers use AI and machine learning to target enterprises
AI benefits security teams and cybercriminals alike. Learn how hackers use AI and machine learning to target enterprises, and get tips on preventing AI-focused cyber attacks. Continue Reading
Manage Threats and vulnerabilities
Learn to apply best practices and optimize your operations.
-
How to improve cyber attack detection using social media
Social media has cybersecurity pros and cons. One benefit is that it can help improve cyber attack detection. These four real-world examples show how. Continue Reading
-
How to counter insider threats in the software supply chain
Insider threats extend beyond employees within your company to include people working at partners and third parties. Learn about these insider threats in the software supply chain. Continue Reading
-
How to implement an attack surface management program
Keeping attackers away from corporate assets means keeping a constant vigilance over the organization's attack surface. An attack surface management program can help. Continue Reading
Problem Solve Threats and vulnerabilities Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
-
A guide to MSP patch management best practices
As software patch management challenges mount, industry experts offer advice to MSPs on prioritizing system risk levels, selecting proper tools and testing patches internally. Continue Reading
-
3 threats dirty data poses to the enterprise
The Information Security Forum predicted dirty data will pose three threats to the enterprise. Learn about these threats, and get tips on how to protect your organization from them. Continue Reading
-
8 ways to avoid NFT scams
People and businesses are turning to NFTs to make money, trade collectibles and use as promotions. But scams are also trying to trick people and businesses out of money. Continue Reading