Threats and vulnerabilities

Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.

September 30, 2022 30 Sep'22
Microsoft Exchange Server targeted with zero-day vulnerabilities

Microsoft warned that two unpatched zero-day vulnerabilities are being exploited against Exchange Server, a problem that's causing déjà vu for some researchers.
September 29, 2022 29 Sep'22
Cobalt Strike malware campaign targets job seekers

Cisco Talos researchers spotted a new wave of phishing attacks that target job seekers in the U.S. and New Zealand, infecting them with Cobalt Strike beacons.
September 29, 2022 29 Sep'22
Unit 42 finds polyglot files delivering IcedID malware

Palo Alto Networks' Unit 42 says attackers are using decoy Microsoft Compiled HTML Help files containing multiple file formats to infect systems with information-stealing malware.
September 28, 2022 28 Sep'22
NCC Group: IceFire ransomware gang ramping up attacks

While the ransomware group was first observed in March, IceFire emerged on NCC Group's radar last month when attacks against English-speaking organizations soared.

Bring yourself up to speed with our introductory content

Zero trust vs. defense in depth: What are the differences?

Security administrators don't have to choose between zero-trust and defense-in-depth cybersecurity methodologies. Learn how the two frameworks complement each other. Continue Reading
cryptojacking

Cryptojacking is a cybercrime in which another party's computing resources are hijacked to mine cryptocurrency. Continue Reading
Cloud detection and response: CDR vs. EDR vs. NDR vs. XDR

Cloud detection and response is the latest detection and response abbreviation. Explore how it differs from endpoint, network and extended detection and response. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Compare zero trust vs. the principle of least privilege

Zero trust and the principle of least privilege may appear to solve the same issue, but they have their differences. Read up on the two methodologies. Continue Reading
Does AI-powered malware exist in the wild? Not yet

AI sending out malware attacks may invoke images of movielike, futuristic technology, but it may not be too far from reality. Read up on the future of AI-powered malware. Continue Reading
Discover the benefits and challenges of bug bounty programs

Bug bounty programs have a number of benefits and challenges. Before adopting such a program at your organization, read up on the pros and cons to decide if it would be a good fit. Continue Reading

Learn to apply best practices and optimize your operations.

Use shadow IT discovery to find unauthorized devices and apps

Shadow IT may be convenient for users, but it isn't for IT -- especially where security is concerned. Shadow IT discovery finds unmanaged devices and apps. Continue Reading
Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
Remote work cybersecurity: 12 risks and how to prevent them

Expanding attack surfaces, increasing vulnerabilities and overstressed staffs are among a litany of security risks whose ultimate cure requires more than an ounce of prevention. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Solve ICS security issues with ICS and IT team convergence

It's predicted that threat actors will weaponize industrial control systems to harm or kill humans by 2025. Prepare by learning how to balance ICS and security convergence. Continue Reading
How to conduct a secure code review

Learn how to conduct a secure code review -- a critical step in the software development lifecycle -- to avoid releasing an app with bugs and security vulnerabilities. Continue Reading
A guide to MSP patch management best practices

As software patch management challenges mount, industry experts offer advice to MSPs on prioritizing system risk levels, selecting proper tools and testing patches internally. Continue Reading