Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
News
06 Jun 2023
Free Atlassian Jira DevSecOps tab opens doors to expansion
Vulnerability management data from Atlassian partners surfaces in a new Security in Jira tab for cloud customers, setting the stage for a potential DevSecOps expansion. Continue Reading
-
News
06 Jun 2023
Ransomware takes down multiple municipalities in May
City and local governments experienced severe disruptions to public services due to ransomware attacks in May, particularly from the Royal ransomware group. Continue Reading
-
News
05 Jun 2023
Atlassian cloud preps threat tool as security boss departs
Atlassian Beacon shores up cloud security as it adds transparency around security issues, but the chief trust officer role at the company is also changing hands. Continue Reading
-
News
05 Jun 2023
Ransomware actors exploiting MoveIt Transfer vulnerability
Microsoft said the recently disclosed zero-day flaw in Progress Software's managed file transfer product is being exploited by threat actors connected to the Clop ransomware gang. Continue Reading
-
Feature
05 Jun 2023
Attack surface reduction rules for Microsoft productivity apps
Attack surface reduction rules in Microsoft Defender for Endpoint help prevent apps from launching executable files and scripts, running suspicious scripts and more. Continue Reading
-
News
01 Jun 2023
Zyxel vulnerability under 'widespread exploitation'
Researchers warn that threat actors are widely exploiting an unauthenticated command injection vulnerability to target multiple Zyxel network devices. Continue Reading
-
News
01 Jun 2023
Zero-day vulnerability in MoveIt Transfer under attack
Rapid7 observed exploitation of a SQL injection vulnerability in Progress Software's managed file transfer product, which was disclosed this week but has not been patched. Continue Reading
-
News
31 May 2023
Barracuda zero-day bug exploited months prior to discovery
Barracuda said a zero-day flaw used to target its email security gateway appliance customers is a remote command injection vulnerability exploited since at least October 2022. Continue Reading
-
News
31 May 2023
Many Gigabyte PC models affected by major supply chain issue
Eclypsium researchers say the insecure implementation of PC hardware manufacturer Gigabyte's App Center could potentially result in supply chain attacks. Continue Reading
-
News
25 May 2023
Chinese hackers targeting U.S. critical infrastructure
Microsoft uncovered a Chinese nation-state threat group that is compromising Fortinet FortiGuard devices to gain access to critical infrastructure entities in the U.S. and Guam. Continue Reading
-
Tip
25 May 2023
9 smart contract vulnerabilities and how to mitigate them
Smart contracts execute tasks automatically when specific events occur, and often handle large data and resource flows. This makes them particularly attractive to attackers. Continue Reading
-
News
25 May 2023
Users dish on ransomware protection, recovery at VeeamON
To help protect against and recover from ransomware attacks, IT professionals at VeeamON 2023 recommended planning, testing and other key security measures. Continue Reading
-
Tip
25 May 2023
How to conduct a smart contract audit and why it's needed
Smart contracts ensure the integrity of transactions, such as those that initiate key services. A smart contract audit is one way to ensure the programs work as designed. Continue Reading
-
News
24 May 2023
Barracuda discloses zero-day flaw affecting ESG appliances
Barracuda Networks said threat actors exploited the zero-day to gain 'unauthorized access to a subset of email gateway appliances,' though it did not say how many. Continue Reading
-
News
23 May 2023
Threat actors leverage kernel drivers in new attacks
Fortinet detailed a campaign using a malicious driver in attacks against organizations in the Middle East, and Trend Micro detailed a driver-based attack by BlackCat ransomware. Continue Reading
-
News
22 May 2023
Iowa hospital discloses breach following Royal ransomware leak
Clarke County Hospital revealed that it took network services offline after an attack in April, but did not address the reported data leak by the Royal ransomware gang. Continue Reading
-
News
19 May 2023
Dish 'received confirmation' ransomware gang deleted stolen data
A line in Dish Network's breach notification sent to affected employees this week suggested the satellite TV provider had paid a ransomware gang to delete stolen data. Continue Reading
-
Feature
19 May 2023
The potential danger of the new Google .zip top-level domain
How much should the average end user be concerned about the new .zip and .mov TLDs? They aren't as bad as some make them out to be, but it's still worth doing something about them. Continue Reading
-
News
18 May 2023
Gentex confirms data breach by Dunghill ransomware actors
The Dunghill ransomware gang last month claimed responsibility for an attack against Gentex Corporation, which confirmed this week that it suffered a breach several months ago. Continue Reading
-
News
17 May 2023
KeePass vulnerability enables master password theft
KeePass developer Dominik Reichl said the vulnerability should be fixed in KeePass version 2.54, which is expected to release in July along with other security updates. Continue Reading
-
Tip
17 May 2023
Why Amazon S3 is a ransomware target and how to protect it
Hacking continues to evolve. While Amazon S3 is a major ransomware target, admins can take steps in configuration and event logging, among other protection measures. Continue Reading
-
News
16 May 2023
Chinese APT exploits TP-Link router firmware via implant
Check Point Software Technologies said the malicious implant, which it attributed to Chinese APT "Camaro Dragon," was firmware agnostic and could be used against other vendors. Continue Reading
-
Opinion
16 May 2023
Protect against current and future threats with encryption
Current and future cyber threats, such as ransomware, generative AI, quantum computing and an increase in surveillance, are driving the need to secure all data with encryption. Continue Reading
-
Tip
16 May 2023
How to build a better vulnerability management program
With a vulnerability management program in place, your organization is better equipped to identify and mitigate security vulnerabilities in people, processes and technologies. Continue Reading
-
News
15 May 2023
CrowdStrike warns of rise in VMware ESXi hypervisor attacks
As enterprise adoption of virtualization technology increases, CrowdStrike has observed a rise in ransomware attacks on servers running VMware's ESXi bare-metal hypervisors. Continue Reading
-
Feature
12 May 2023
Explore the impact of quantum computing on cryptography
When quantum computers become available, lots of encryption types will be vulnerable. Learn why, and what's being researched, to navigate post-quantum cryptography. Continue Reading
-
News
12 May 2023
Bl00dy ransomware gang targets schools via PaperCut flaw
The Bl00dy ransomware gang is targeting schools via a critical remote code execution flaw present in unpatched instances of PaperCut MF and NG print management software. Continue Reading
-
News
10 May 2023
Akamai bypasses mitigation for critical Microsoft Outlook flaw
Enterprises might remain vulnerable to a critical Outlook flaw that Microsoft patched in March, as an Akamai researcher uncovered a way to bypass remediation efforts. Continue Reading
-
Feature
10 May 2023
The ultimate guide to cybersecurity planning for businesses
This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
-
News
08 May 2023
Intel BootGuard private keys leaked following MSI hack
Intel said it was "actively investigating" reports that OEM BootGuard keys were stolen and leaked by ransomware actors following a breach at motherboard maker MSI Continue Reading
-
News
08 May 2023
Western Digital confirms ransomware actors stole customer data
Western Digital issued an update late Friday that confirmed customer data was stolen in an attack for which Alphv ransomware actors claimed responsibility. Continue Reading
-
News
04 May 2023
Ransomware gangs display ruthless extortion tactics in April
Ransomware groups are pressuring enterprises into paying with harsher extortion tactics, contacting individual victims directly and leaking stolen photos and video footage. Continue Reading
-
Feature
03 May 2023
Studies show ransomware has already caused patient deaths
No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Continue Reading
-
Feature
02 May 2023
Where climate change and cyber attacks intersect
One session at RSA Conference 2023 focused on climate change -- a topic that is not commonly featured during cybersecurity conversations, but should be. Continue Reading
-
Feature
28 Apr 2023
It's time to harden AI and ML for cybersecurity
An RSA Conference panel said that now is the time to become proactive against AI and ML adversarial attacks -- before they become more sophisticated. Continue Reading
-
News
25 Apr 2023
Bugcrowd CTO talks hacker feedback, vulnerability disclosure
Bugcrowd CTO Casey Ellis said the company's new penetration testing service helps establish the company beyond public perception of it being purely a bug bounty platform. Continue Reading
-
News
25 Apr 2023
Google, Mandiant highlight top threats, evolving adversaries
Enterprises are struggling to keep up as adversary groups improve tactics. But one of the most difficult groups to defend against, according to Google and Mandiant, was a surprise. Continue Reading
-
Conference Coverage
24 Apr 2023
RSA Conference 2023 highlights strength through alliances
Follow this RSA 2023 guide from TechTarget Editorial to get pre-conference coverage and stay on top of breaking news and analysis from the infosec world's biggest annual event. Continue Reading
-
Tip
21 Apr 2023
How to create an SBOM, with example and template
SBOMs help organizations inventory every component in their software. This free template, which includes an SBOM example, can help you secure your own software supply chain. Continue Reading
-
News
20 Apr 2023
Fortra completes GoAnywhere MFT investigation
An investigation around the zero-day attack that affected a growing number of victims revealed that activity started earlier than Fortra initially reported. Continue Reading
-
News
20 Apr 2023
Mandiant: 3CX breach caused by second supply chain attack
Trading Technologies said in a statement it had 'not had the ability to verify the assertions in Mandiant's report' that its software played a role in the 3CX supply chain attack. Continue Reading
-
News
18 Apr 2023
Mandiant: 63% of breaches were discovered externally in 2022
Mandiant said the 2022 increase is most likely affected by the threat intelligence firm proactively investigating threat activity targeting Ukraine last year. Continue Reading
-
Tip
18 Apr 2023
Top 7 enterprise cybersecurity challenges in 2023
Security teams faced unprecedented challenges in 2022. The year ahead appears no less daunting. Here are the cybersecurity trends and safeguards to take into account in 2023. Continue Reading
-
Feature
17 Apr 2023
Top 14 ransomware targets in 2023 and beyond
Two in three organizations suffered ransomware attacks in a single 12-month period, according to recent research. And, while some industries are taking particularly hard hits, no one is safe. Continue Reading
-
Guest Post
14 Apr 2023
Pen testing amid the rise of AI-powered threat actors
The importance of pen testing continues to increase in the era of AI-powered attacks, along with red teaming, risk prioritization and well-defined goals for security teams. Continue Reading
-
Tutorial
13 Apr 2023
How to use the John the Ripper password cracker
Password crackers are essential tools in any pen tester's toolbox. This step-by-step tutorial explains how to use John the Ripper, an open source offline password-cracking tool. Continue Reading
-
News
13 Apr 2023
Hacking Policy Council launches, aims to improve bug disclosure
Founding members for the Hacking Policy Council, launched Thursday by the Center for Cybersecurity Policy and Law, include HackerOne, Bugcrowd, Google and others. Continue Reading
-
News
12 Apr 2023
OpenAI launches bug bounty program with Bugcrowd
ChatGPT publisher OpenAI said its new Bugcrowd bug bounty program will not accept submissions involving "issues related to the content of model prompts and responses." Continue Reading
-
News
12 Apr 2023
Nokoyawa ransomware exploits Windows CLFS zero-day
The Nokoyawa ransomware attacks highlight the growing use of zero-day exploits by a variety of threat groups, including financially motivated cybercriminals. Continue Reading
-
Tip
11 Apr 2023
How to fix the top 5 API vulnerabilities
APIs are more ubiquitous than ever, but many are still subject to well-known and often easily preventable vulnerabilities. Continue Reading
-
News
07 Apr 2023
Microsoft, Fortra get court order to disrupt Cobalt Strike
Microsoft, Fortra and the Health Information Sharing and Analysis center announced they obtained a court order in an effort to curb malicious Cobalt Strike use. Continue Reading
-
Tip
07 Apr 2023
5 ChatGPT security risks in the enterprise
Whether in the hands of cybercriminals or oblivious end users, ChatGPT introduces new security risks. Continue Reading
-
News
05 Apr 2023
42% of IT leaders told to maintain breach confidentiality
While transparency and prompt reporting are important steps following an attack, Bitdefender found that many IT professionals were told to maintain confidentiality after a breach. Continue Reading
-
News
04 Apr 2023
March ransomware disclosures spike behind Clop attacks
The Clop ransomware gang claimed responsibility for several disclosed ransomware attacks on major enterprises, which stemmed from a zero-day flaw in Fortra's GoAnywhere software. Continue Reading
-
Podcast
04 Apr 2023
Risk & Repeat: Inside the 3CX supply chain attack
This podcast episode discusses the 3CX supply chain attack, where it may have started, who was behind it and how the unified communications vendor has responded to the incident. Continue Reading
-
News
03 Apr 2023
Source of 3CX supply chain attack unclear as fallout continues
Multiple statements originally referenced a third-party library as the apparent source for 3CX's recent supply chain attack, but that may no longer be the case. Continue Reading
-
Feature
03 Apr 2023
Why medical device vulnerabilities are hard to prioritize
Vulnerabilities in critical medical devices could lead to loss of life. But opinions are mixed on how serious the risk is to patient safety and how best to address the flaws. Continue Reading
-
News
30 Mar 2023
Azure Pipelines vulnerability spotlights supply chain threats
Legit Security researchers discovered a remote code execution flaw within Microsoft's Azure DevOps platform that could give threat actors complete control of development pipelines. Continue Reading
-
News
29 Mar 2023
Google: Spyware vendors exploiting iOS, Android zero days
Recent campaigns observed by Google's Threat Analysis Group showed spyware vendors' use of zero days and known vulnerabilities pose an increasing threat. Continue Reading
-
Tip
29 Mar 2023
Vulnerability management vs. risk management, compared
Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running. Continue Reading
- Feature 28 Mar 2023
-
Feature
28 Mar 2023
Publicly disclosed U.S. ransomware attacks in 2023
TechTarget Editorial's ransomware database collects public disclosures, notifications and confirmed reports of attacks against U.S. organizations each month. Continue Reading
-
Tip
28 Mar 2023
Compare breach and attack simulation vs. penetration testing
A deep dive into breach and attack simulation vs. penetration testing shows both tools prevent perimeter and data breaches. Find out how they complement each other. Continue Reading
-
News
27 Mar 2023
Zoom launches Okta Authentication for E2EE to verify identity
Authenticated Zoom attendees will get a blue shield icon next to their participant name to give enterprises additional security during sensitive meetings. Continue Reading
-
Feature
24 Mar 2023
SMS pumping attacks and how to mitigate them
Online forms that use SMS can be costly to organizations if they are vulnerable to SMS pumping attacks. Use the following methods to mitigate or prevent this fraud-based attack. Continue Reading
-
News
23 Mar 2023
More victims emerge from Fortra GoAnywhere zero-day attacks
Threat actors began exploiting a zero-day vulnerability in Fortra's GoAnywhere file sharing software in late January, victimizing several large enterprises. Continue Reading
-
Podcast
22 Mar 2023
BreachForums taken down after arrest of alleged owner
This Risk & Repeat podcast episode covers the arrest of BreachForums' alleged owner and the site's subsequent closure, as well as possible connections to the DC Health Link breach. Continue Reading
-
Tip
20 Mar 2023
4 cloud API security best practices
APIs make up the majority of web traffic now, but they aren't always kept as secure as needed. Consider implementing these four cloud API security best practices. Continue Reading
-
Tip
20 Mar 2023
Boost cluster security with Kubernetes vulnerability scanning
Performing vulnerability scans on Kubernetes clusters can help keep container environments secure and running smoothly. Learn what risks to look out for and compare tool options. Continue Reading
-
News
17 Mar 2023
Google warns users of Samsung Exynos zero-day vulnerabilities
To prevent threat actors from exploiting the unpatched attack vectors, Google Project Zero made an exception for four Exynos chipset flaws by extending its disclosure timeline. Continue Reading
-
News
16 Mar 2023
U.S. federal agency hacked via 3-year-old Telerik UI flaw
A CISA advisory said multiple threat actors recently exploited a Progress Telerik UI vulnerability, first disclosed in 2019, to breach an unnamed federal civilian agency. Continue Reading
-
News
15 Mar 2023
Secureworks IR team saw BEC attacks double in 2022
Vendor and incident response firm Secureworks referred to business email compromise, or BEC attacks, as 'the largest monetary threat to organizations.' Continue Reading
-
News
15 Mar 2023
Rubrik discloses data breach, blames Fortra zero-day
The cybersecurity vendor said it is investigating a data breach after attackers exploited a zero-day vulnerability in Fortra's GoAnywhere managed file transfer software. Continue Reading
-
Podcast
15 Mar 2023
Hacker claims exposed database led to DC Health Link breach
This Risk & Repeat podcast episode covers the breach of health insurance exchange DC Health Link, as well as a hacker's claim that the breach was caused by an exposed database. Continue Reading
-
News
14 Mar 2023
Magniber ransomware actors exploiting Microsoft zero day
Magniber ransomware actors discovered a way to bypass Microsoft's remediation for a previous SmartScreen vulnerability to attack enterprises, according to Google researchers. Continue Reading
-
News
13 Mar 2023
DC Health Link confirms breach, but questions remain
While DC Health Link confirmed the breach, it is unknown how threat actors obtained the personal health data of more than 56,000 customers, including members of Congress. Continue Reading
-
Podcast
13 Mar 2023
Tech news this week: AI, decentralized apps and ransomware
AI washing, new ransomware tactics and decentralized regulation challenges populated the news this week. Continue Reading
-
News
13 Mar 2023
GitHub SBOM updates build automation foundation
A new CLI extension and other features due to ship this month lay the groundwork to help developers make better use of software supply chain data and mitigate vulnerabilities. Continue Reading
-
News
09 Mar 2023
Is ransomware declining? Not so fast, experts say
While some 2022 ransomware statistics indicate a possible 'decline' in activity, threat researchers warn there's more to the picture than the numbers suggest. Continue Reading
-
News
09 Mar 2023
IceFire ransomware targets Linux, exploits IBM vulnerability
IceFire ransomware actors have shifted their attention to Linux servers and are actively exploiting a known vulnerability in IBM's Aspera Faspex file sharing software. Continue Reading
-
News
09 Mar 2023
Flashpoint: Threat vectors converging, increasing damage
The threat intelligence vendor warned that threat actors are increasingly combining known vulnerabilities, stolen credentials and exposed data to wreak maximum damage. Continue Reading
-
News
09 Mar 2023
VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022
VulnCheck said CISA's Known Exploited Vulnerabilities catalog 'cannot be treated as the authoritative catalog of exploited vulnerabilities' in its current state. Continue Reading
-
Podcast
07 Mar 2023
Biden administration raises software liability questions
This Risk & Repeat podcast episode discusses the White House's National Cybersecurity Strategy and its proposal to hold technology companies liable for insecure software. Continue Reading
-
News
02 Mar 2023
Ransomware attacks ravaged big names in February
While ransomware incidents appear to be decreasing, several high-profile organizations, including Dole, Dish Network and the U.S. Marshals Service, suffered notable attacks. Continue Reading
-
Opinion
02 Mar 2023
Accurately assessing the success of zero-trust initiatives
Zero-trust preparation can be difficult. Measuring how well the model provides security and business benefits after implementation is even more difficult. Continue Reading
-
News
28 Feb 2023
Rapid7: Attackers exploiting vulnerabilities 'faster than ever'
Rapid7's 2022 Vulnerability Intelligence Report analyzed how attackers' increasing speed in deploying exploits affected an onset of widespread threats in 2022. Continue Reading
-
Feature
28 Feb 2023
Pig butchering scam explained: Everything you need to know
People wanting to make money on the cryptocurrency market are becoming targets for scammers. Scammers are even looking for their next victim through dating and social media apps. Continue Reading
-
News
28 Feb 2023
U.S. Marshals Service suffers ransomware attack, data breach
Ransomware actors breached the U.S. Marshals Service earlier this month and stole sensitive information pertaining to agency investigations, though many questions remain. Continue Reading
-
News
28 Feb 2023
CrowdStrike: Threat actors shifting away from ransomware
CrowdStrike's '2023 Global Threat Report' showed a 20% increase in the number of threat actors using data theft and extortion tactics without deploying actual ransomware. Continue Reading
-
Tip
27 Feb 2023
Building an incident response framework for your enterprise
Understanding incident response framework standards and how to build the best framework for your organization is essential to prevent threats and mitigate cyber incidents. Continue Reading
-
Tip
24 Feb 2023
Cloud incident response: Frameworks and best practices
Cloud incident response, like it sounds, involves responding to incidents in the cloud. But there are nuances to be aware of and unique best practices to follow. Continue Reading
-
News
22 Feb 2023
Exploitation attempts observed against Fortinet FortiNAC flaw
Hours after Horizon3.ai released a proof of concept exploit through GitHub, Shadowserver Foundation observed several IP addresses attempting to exploit the vulnerability. Continue Reading
-
News
16 Feb 2023
Google: Russia continues to set cyber sights on NATO nations
A new report from Google's Threat Analysis Group shed light on Russia's efforts to conduct malicious cyber campaigns not only against Ukraine but also NATO nations too. Continue Reading
-
News
16 Feb 2023
Ransomware actors increasingly weaponizing old vulnerabilities
A new report from Cyber Security Works shows that 76% of all ransomware-associated vulnerabilities tracked in 2022 were old flaws initially discovered between 2010 and 2019. Continue Reading
-
News
15 Feb 2023
Cisco Talos spots new MortalKombat ransomware attacks
Researchers discovered the threat campaign is also using a new GO version of malware called Laplas Clipper to steal cryptocurrency from individuals and businesses in the U.S. Continue Reading
-
Podcast
15 Feb 2023
ESXiArgs attack vector unclear as infections continue
This Risk & Repeat podcast episode discusses the recent developments involving ESXiArgs, the ransomware variant that has been infecting vulnerable VMware ESXi servers this month. Continue Reading
-
News
14 Feb 2023
Dragos: ICS/OT ransomware attacks up 87%
Ransomware attacks against industrial organizations remains a growing problem, according to ICS/OT vendor Dragos' new 'Year in Review 2022' report. Continue Reading
-
News
13 Feb 2023
Namecheap email system hacked, used for phishing campaign
While the domain registrar said it was not breached directly, it did confirm its third-party email system was compromised Sunday and warned customers not to open any unauthorized emails. Continue Reading
-
News
10 Feb 2023
New ESXi ransomware strain spreads, foils decryption tools
Since the onset of the widespread attacks last week, the ESXiArgs ransomware strain appears to have undergone updates that make it harder for enterprises to recover data. Continue Reading
-
News
09 Feb 2023
U.S., U.K. hit TrickBot cybercrime gang with sanctions
TrickBot malware has caused considerable damage to U.S. organizations, particularly in the healthcare industry, and was used in Conti and Ryuk ransomware attacks. Continue Reading
-
News
09 Feb 2023
Hypervisor patching struggles exacerbate ESXiArgs attacks
Ransomware hit a high number of unpatched VMware ESXi servers by exploiting two- and three-year-old flaws, which has put hypervisor patching difficulties in the spotlight. Continue Reading
-
News
09 Feb 2023
Thousands of victims apparently hit by ESXiArgs ransomware
A joint security advisory from CISA and the FBI said the ESXiArgs ransomware campaign has claimed over 3,800 servers globally since attacks first emerged last week. Continue Reading