Threats and vulnerabilities

Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.

June 28, 2022 28 Jun'22
Ransomware gangs using Log4Shell to attack VMware instances

Ransomware groups are exploiting the Log4Shell flaw in VMware Horizon and using DLL sideloading techniques to exfiltrate and encrypt data, according to Trend Micro.
June 28, 2022 28 Jun'22
Wiz launches open database to track cloud vulnerabilities

Wiz researchers Alon Schindel and Amitai Cohen and Scott Piper, cloud security engineer at Block, launched a database to list all known cloud vulnerabilities and security issues.
June 24, 2022 24 Jun'22
Researchers criticize Oracle's vulnerability disclosure process

While the critical flaws were reported in April, it took the vendor nearly half a year to issue patches, exceeding the standard responsible coordinated disclosure policy.
June 23, 2022 23 Jun'22
Chinese HUI Loader malware ups the ante on espionage attacks

A state-sponsored piece of malware may become a favorite weapon for Beijing-backed hacking crews looking to lift intellectual property from foreign firms.

Bring yourself up to speed with our introductory content

How to determine out-of-scope bug bounty assets

What happens when a security researcher discovers a bug in an out-of-scope asset? Learn how to handle bug bounty scope in this excerpt from 'Corporate Cybersecurity.' Continue Reading
directory traversal

Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory. Continue Reading
Creating a patch management policy: Step-by-step guide

A comprehensive IT patch management policy is insurance against network hardware and software prone to bugs and vulnerabilities that can disrupt critical business processes. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

An enterprise bug bounty program vs. VDP: Which is better?

Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground. Continue Reading
Top metaverse cybersecurity challenges to consider

The metaverse introduces cybersecurity problems companies must address, from identity and privacy to moderation and physical security. Continue Reading
How hackers use AI and machine learning to target enterprises

AI benefits security teams and cybercriminals alike. Learn how hackers use AI and machine learning to target enterprises, and get tips on preventing AI-focused cyber attacks. Continue Reading

Learn to apply best practices and optimize your operations.

How to improve cyber attack detection using social media

Social media has cybersecurity pros and cons. One benefit is that it can help improve cyber attack detection. These four real-world examples show how. Continue Reading
How to counter insider threats in the software supply chain

Insider threats extend beyond employees within your company to include people working at partners and third parties. Learn about these insider threats in the software supply chain. Continue Reading
How to implement an attack surface management program

Keeping attackers away from corporate assets means keeping a constant vigilance over the organization's attack surface. An attack surface management program can help. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

A guide to MSP patch management best practices

As software patch management challenges mount, industry experts offer advice to MSPs on prioritizing system risk levels, selecting proper tools and testing patches internally. Continue Reading
3 threats dirty data poses to the enterprise

The Information Security Forum predicted dirty data will pose three threats to the enterprise. Learn about these threats, and get tips on how to protect your organization from them. Continue Reading
8 ways to avoid NFT scams

People and businesses are turning to NFTs to make money, trade collectibles and use as promotions. But scams are also trying to trick people and businesses out of money. Continue Reading