Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
Feature
24 Mar 2023
SMS pumping attacks and how to mitigate them
Online forms that use SMS can be costly to organizations if they are vulnerable to SMS pumping attacks. Use the following methods to mitigate or prevent this fraud-based attack. Continue Reading
-
News
23 Mar 2023
More victims emerge from Fortra GoAnywhere zero-day attacks
Threat actors began exploiting a zero-day vulnerability in Fortra's GoAnywhere file sharing software in late January, victimizing several large enterprises. Continue Reading
-
Podcast
22 Mar 2023
BreachForums taken down after arrest of alleged owner
This Risk & Repeat podcast episode covers the arrest of BreachForums' alleged owner and the site's subsequent closure, as well as possible connections to the DC Health Link breach. Continue Reading
-
Tip
20 Mar 2023
4 cloud API security best practices
APIs make up the majority of web traffic now, but they aren't always kept as secure as needed. Consider implementing these four cloud API security best practices. Continue Reading
-
Tip
20 Mar 2023
Boost cluster security with Kubernetes vulnerability scanning
Performing vulnerability scans on Kubernetes clusters can help keep container environments secure and running smoothly. Learn what risks to look out for and compare tool options. Continue Reading
-
News
17 Mar 2023
Google warns users of Samsung Exynos zero-day vulnerabilities
To prevent threat actors from exploiting the unpatched attack vectors, Google Project Zero made an exception for four Exynos chipset flaws by extending its disclosure timeline. Continue Reading
-
News
16 Mar 2023
U.S. federal agency hacked via 3-year-old Telerik UI flaw
A CISA advisory said multiple threat actors recently exploited a Progress Telerik UI vulnerability, first disclosed in 2019, to breach an unnamed federal civilian agency. Continue Reading
-
News
15 Mar 2023
Secureworks IR team saw BEC attacks double in 2022
Vendor and incident response firm Secureworks referred to business email compromise, or BEC attacks, as 'the largest monetary threat to organizations.' Continue Reading
-
News
15 Mar 2023
Rubrik discloses data breach, blames Fortra zero-day
The cybersecurity vendor said it is investigating a data breach after attackers exploited a zero-day vulnerability in Fortra's GoAnywhere managed file transfer software. Continue Reading
-
Podcast
15 Mar 2023
Hacker claims exposed database led to DC Health Link breach
This Risk & Repeat podcast episode covers the breach of health insurance exchange DC Health Link, as well as a hacker's claim that the breach was caused by an exposed database. Continue Reading
-
News
14 Mar 2023
Magniber ransomware actors exploiting Microsoft zero day
Magniber ransomware actors discovered a way to bypass Microsoft's remediation for a previous SmartScreen vulnerability to attack enterprises, according to Google researchers. Continue Reading
-
News
13 Mar 2023
DC Health Link confirms breach, but questions remain
While DC Health Link confirmed the breach, it is unknown how threat actors obtained the personal health data of more than 56,000 customers, including members of Congress. Continue Reading
-
Podcast
13 Mar 2023
Tech news this week: AI, decentralized apps and ransomware
AI washing, new ransomware tactics and decentralized regulation challenges populated the news this week. Continue Reading
-
News
13 Mar 2023
GitHub SBOM updates build automation foundation
A new CLI extension and other features due to ship this month lay the groundwork to help developers make better use of software supply chain data and mitigate vulnerabilities. Continue Reading
-
News
09 Mar 2023
Is ransomware declining? Not so fast, experts say
While some 2022 ransomware statistics indicate a possible 'decline' in activity, threat researchers warn there's more to the picture than the numbers suggest. Continue Reading
-
News
09 Mar 2023
IceFire ransomware targets Linux, exploits IBM vulnerability
IceFire ransomware actors have shifted their attention to Linux servers and are actively exploiting a known vulnerability in IBM's Aspera Faspex file sharing software. Continue Reading
-
News
09 Mar 2023
Flashpoint: Threat vectors converging, increasing damage
The threat intelligence vendor warned that threat actors are increasingly combining known vulnerabilities, stolen credentials and exposed data to wreak maximum damage. Continue Reading
-
News
09 Mar 2023
VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022
VulnCheck said CISA's Known Exploited Vulnerabilities catalog 'cannot be treated as the authoritative catalog of exploited vulnerabilities' in its current state. Continue Reading
-
Podcast
07 Mar 2023
Biden administration raises software liability questions
This Risk & Repeat podcast episode discusses the White House's National Cybersecurity Strategy and its proposal to hold technology companies liable for insecure software. Continue Reading
-
News
02 Mar 2023
Ransomware attacks ravaged big names in February
While ransomware incidents appear to be decreasing, several high-profile organizations, including Dole, Dish Network and the U.S. Marshals Service, suffered notable attacks. Continue Reading
-
Opinion
02 Mar 2023
Accurately assessing the success of zero-trust initiatives
Zero-trust preparation can be difficult. Measuring how well the model provides security and business benefits after implementation is even more difficult. Continue Reading
-
News
28 Feb 2023
Rapid7: Attackers exploiting vulnerabilities 'faster than ever'
Rapid7's 2022 Vulnerability Intelligence Report analyzed how attackers' increasing speed in deploying exploits affected an onset of widespread threats in 2022. Continue Reading
-
Feature
28 Feb 2023
Pig butchering scam explained: Everything you need to know
People wanting to make money on the cryptocurrency market are becoming targets for scammers. Scammers are even looking for their next victim through dating and social media apps. Continue Reading
-
News
28 Feb 2023
U.S. Marshals Service suffers ransomware attack, data breach
Ransomware actors breached the U.S. Marshals Service earlier this month and stole sensitive information pertaining to agency investigations, though many questions remain. Continue Reading
-
News
28 Feb 2023
CrowdStrike: Threat actors shifting away from ransomware
CrowdStrike's '2023 Global Threat Report' showed a 20% increase in the number of threat actors using data theft and extortion tactics without deploying actual ransomware. Continue Reading
-
Tip
27 Feb 2023
Building an incident response framework for your enterprise
Understanding incident response framework standards and how to build the best framework for your organization is essential to prevent threats and mitigate cyber incidents. Continue Reading
-
Tip
24 Feb 2023
Cloud incident response: Frameworks and best practices
Cloud incident response, like it sounds, involves responding to incidents in the cloud. But there are nuances to be aware of and unique best practices to follow. Continue Reading
-
News
22 Feb 2023
Exploitation attempts observed against Fortinet FortiNAC flaw
Hours after Horizon3.ai released a proof of concept exploit through GitHub, Shadowserver Foundation observed several IP addresses attempting to exploit the vulnerability. Continue Reading
-
News
16 Feb 2023
Google: Russia continues to set cyber sights on NATO nations
A new report from Google's Threat Analysis Group shed light on Russia's efforts to conduct malicious cyber campaigns not only against Ukraine but also NATO nations too. Continue Reading
-
News
16 Feb 2023
Ransomware actors increasingly weaponizing old vulnerabilities
A new report from Cyber Security Works shows that 76% of all ransomware-associated vulnerabilities tracked in 2022 were old flaws initially discovered between 2010 and 2019. Continue Reading
-
News
15 Feb 2023
Cisco Talos spots new MortalKombat ransomware attacks
Researchers discovered the threat campaign is also using a new GO version of malware called Laplas Clipper to steal cryptocurrency from individuals and businesses in the U.S. Continue Reading
-
Podcast
15 Feb 2023
ESXiArgs attack vector unclear as infections continue
This Risk & Repeat podcast episode discusses the recent developments involving ESXiArgs, the ransomware variant that has been infecting vulnerable VMware ESXi servers this month. Continue Reading
-
News
14 Feb 2023
Dragos: ICS/OT ransomware attacks up 87%
Ransomware attacks against industrial organizations remains a growing problem, according to ICS/OT vendor Dragos' new 'Year in Review 2022' report. Continue Reading
-
News
13 Feb 2023
Namecheap email system hacked, used for phishing campaign
While the domain registrar said it was not breached directly, it did confirm its third-party email system was compromised Sunday and warned customers not to open any unauthorized emails. Continue Reading
-
News
10 Feb 2023
New ESXi ransomware strain spreads, foils decryption tools
Since the onset of the widespread attacks last week, the ESXiArgs ransomware strain appears to have undergone updates that make it harder for enterprises to recover data. Continue Reading
-
News
09 Feb 2023
U.S., U.K. hit TrickBot cybercrime gang with sanctions
TrickBot malware has caused considerable damage to U.S. organizations, particularly in the healthcare industry, and was used in Conti and Ryuk ransomware attacks. Continue Reading
-
News
09 Feb 2023
Hypervisor patching struggles exacerbate ESXiArgs attacks
Ransomware hit a high number of unpatched VMware ESXi servers by exploiting two- and three-year-old flaws, which has put hypervisor patching difficulties in the spotlight. Continue Reading
-
News
09 Feb 2023
Thousands of victims apparently hit by ESXiArgs ransomware
A joint security advisory from CISA and the FBI said the ESXiArgs ransomware campaign has claimed over 3,800 servers globally since attacks first emerged last week. Continue Reading
-
News
08 Feb 2023
CISA battles ESXiArgs ransomware campaign with recovery tool
The U.S. Cybersecurity and Infrastructure Security Agency published a decryptor script intended to assist VMware customers affected by ESXiArgs ransomware. Continue Reading
-
Podcast
08 Feb 2023
ESXiArgs ransomware campaign raises concerns, questions
This Risk & Repeat podcast looks at the widespread ESXiArgs ransomware attacks and the questions they've raised about the threat landscape, vulnerability patching and more. Continue Reading
-
News
06 Feb 2023
Vastaamo hacking suspect arrested in France
The suspect in the infamous cyber attack, Julius Kivimäki, is a 25-year-old Finnish man who was arrested after being remanded in absentia in October 2022. Continue Reading
-
News
06 Feb 2023
Widespread ransomware campaign targets VMware ESXi servers
he attacks exploited a two-year-old heap overflow vulnerability in VMware ESXi. Many questions remain about the scope of the campaign and the threat actor behind it. Continue Reading
-
Feature
06 Feb 2023
How to fix the top 5 cybersecurity vulnerabilities
Check out how to fix the top five cybersecurity vulnerabilities to prevent data loss whether the problem is poor endpoint security, ineffective network monitoring or other issues. Continue Reading
-
News
02 Feb 2023
Threat activity increasing around Fortinet VPN vulnerability
Following public disclosure of the critical VPN flaw in December, multiple reports show threat actors are exploiting it to target high-profile organizations. Continue Reading
-
News
02 Feb 2023
HeadCrab malware targets Redis to mine cryptocurrency
Aqua Security said the HeadCrab botnet has taken control of at least 1,200 servers via internet-facing instances of the opensource DBMS Redis and is using them for cryptomining. Continue Reading
-
Tip
01 Feb 2023
What reverse shell attacks are and how to prevent them
Attackers use reverse shells to covertly attack an organization's environment. Discover what a reverse shell is and how to mitigate such attacks. Continue Reading
-
News
31 Jan 2023
Horizon3.ai releases POC exploit for VMware vulnerabilities
Penetration testing vendor Horizon3.ai published technical details and exploit code for three new CVEs in VMware vRealize Log Insight that can be chained for remote code execution. Continue Reading
-
Feature
26 Jan 2023
Ransomware trends, statistics and facts in 2023
Supply chain attacks, double extortion and RaaS were just a few of the ransomware trends that plagued 2022 and will continue to disrupt businesses in 2023. Continue Reading
-
Tip
20 Jan 2023
How to select a security analytics platform, plus vendor options
Security analytics platforms aren't traditional SIEM systems, but rather separate platforms or a SIEM add-on. Learn more about these powerful and important tools. Continue Reading
-
Opinion
20 Jan 2023
6 cybersecurity buzzwords to know in 2023
Enterprise Strategy Group research indicates many organizations will increase cybersecurity spending in 2023, and with that comes an evolving set of vendor buzzwords to sort out. Continue Reading
-
News
19 Jan 2023
Chainalysis: Ransomware payments down, fewer victims paying
Ransomware payments dropped significantly this past year, falling more than 40% from 2021, according to new research from blockchain analysis firm Chainalysis. Continue Reading
-
News
18 Jan 2023
Bitzlato cryptocurrency exchange founder arrested, charged
Russian national Anatoly Legkodymov is accused of using Bitzlato to process more than $700 million in illicit cryptocurrency transactions, including ransomware payments. Continue Reading
-
Tip
18 Jan 2023
Top 10 ICS cybersecurity threats and challenges
Industrial control systems are subject to both unique and common cybersecurity threats and challenges. Learn about the top ones here and how to mitigate them. Continue Reading
-
News
17 Jan 2023
Microsoft fixes SSRF vulnerabilities found in Azure services
Orca Security, which discovered the Azure flaws, warned enterprises to be aware of SSRF attacks, which can result in a threat actor accessing or modifying sensitive data. Continue Reading
-
News
12 Jan 2023
Windows zero day patched but exploitation activity unclear
Avast threat researchers detected exploitation of a Windows zero-day flaw in the wild, and organizations are being urged to patch the flaw immediately. Continue Reading
-
News
11 Jan 2023
Vulnerable software, low incident reporting raises risks
Beneath the buzz around tech innovations at CES were discussions about cybersecurity and how to prevent the next generation of tech from being just as vulnerable as the last. Continue Reading
-
Tip
10 Jan 2023
How to prevent and detect lateral movement attacks
Reduce the success of lateral movement attacks by performing these eight key cybersecurity activities at strategic, operational and proactive levels. Continue Reading
-
News
06 Jan 2023
10 of the biggest ransomware attacks of 2022
Like last year, ransomware attacks in 2022 caused prolonged disruptions and saw stolen data leaked to public sites. Here are 10 of the biggest attacks from last year. Continue Reading
-
News
06 Jan 2023
Rackspace: Ransomware actor accessed 27 customers' data
Rackspace said Personal Storage Tables of 27 customers were accessed in the attack last month, but added there was no evidence threat actors viewed, obtained or misused the data. Continue Reading
-
Feature
05 Jan 2023
Windows security tips for the enterprise
Securing a Windows environment is no easy feat. Read up on low-hanging fruit to quickly address, as well as top tips from two security practitioners to get started. Continue Reading
-
News
04 Jan 2023
Rackspace: Ransomware attack caused by zero-day exploit
The exploit that led to the Rackspace ransomware attack, referred to as OWASSRF, combines two Exchange Server flaws -- CVE-2022-41080 and a ProxyNotShell flaw, CVE-2022-41082. Continue Reading
-
News
03 Jan 2023
Many Exchange servers still vulnerable to ProxyNotShell flaw
A new exploit chain using one of the ProxyNotShell vulnerabilities has bypassed Microsoft's URL Rewrite mitigations from September and put Exchange servers at risk. Continue Reading
-
Tip
28 Dec 2022
Top 7 enterprise cybersecurity challenges in 2023
Security teams faced unprecedented challenges in 2022. The year ahead appears no less daunting. Here are the cybersecurity trends and safeguards to take into account in 2023. Continue Reading
-
Tip
27 Dec 2022
How to prevent and mitigate process injection
Process injection is a defense evasion technique that helps attackers hide from enterprise security systems. Learn how it works and how to mitigate it. Continue Reading
-
Feature
22 Dec 2022
Top 14 ransomware targets in 2023 and beyond
Two in three organizations suffered ransomware attacks in a single 12-month period, according to recent research. And, while some industries are taking particularly hard hits, no one is safe. Continue Reading
-
News
21 Dec 2022
Play ransomware actors bypass ProxyNotShell mitigations
CrowdStrike is urging organizations to apply the latest Microsoft Exchange updates after investigations revealed attackers developed a bypass for ProxyNotShell mitigations. Continue Reading
-
News
20 Dec 2022
Malicious Python package in PyPI poses as SentinelOne SDK
No attacks resulting from the malicious Python package have been recorded to date. However, according to PyPI, more than 1,000 users had downloaded it before it was taken down. Continue Reading
-
Tip
20 Dec 2022
What enumeration attacks are and how to prevent them
Web applications may be vulnerable to user enumeration attacks. Learn how these brute-forcing attacks work and how to prevent them. Continue Reading
-
Feature
20 Dec 2022
20 companies affected by major ransomware attacks in 2021
Between hefty ransom demands, major disruptions and leaked data, 2021 saw major ransomware activity across companies and industries. Continue Reading
-
Feature
19 Dec 2022
11 cybersecurity predictions for 2023
Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
-
News
15 Dec 2022
Check Point classifies Azov as wiper, not ransomware
While Azov was initially considered ransomware, Check Point researchers warned the polymorphic malware is designed to inflict maximum damage to targeted systems. Continue Reading
-
News
14 Dec 2022
Cybereason warns of rapid increase in Royal ransomware
Enterprises need to be aware of the group's partial encryption technique because the less data it encrypts, the less chance the activity will be detected by a security product. Continue Reading
-
Tip
14 Dec 2022
Top 15 email security best practices for 2023
Attackers exploit email every day to break into corporate networks, but the risk can be reduced by adhering to these 15 email security best practices. Continue Reading
-
News
13 Dec 2022
Microsoft addresses two zero days in December Patch Tuesday
December's Patch Tuesday features fixes for 48 new bugs, including several critical vulnerabilities and two zero days, one of which is currently being exploited in the wild. Continue Reading
-
News
13 Dec 2022
Citrix ADC and Gateway zero day under active exploitation
The NSA said that APT5, a suspected Chinese nation-state threat group, is actively exploiting the Citrix zero-day flaw, which affects the vendor's ADC and Gateway products. Continue Reading
-
Feature
13 Dec 2022
12 types of wireless network attacks and how to prevent them
From packet sniffing and rogue access points to spoofing attacks and encryption cracking, learn about common wireless network attacks and how to prevent them. Continue Reading
-
News
12 Dec 2022
Fortinet confirms VPN vulnerability exploited in the wild
In an advisory Monday, Fortinet urged customers to take steps to immediately mitigate the critical flaw, which was disclosed earlier by French infosec firm Olympe Cyberdefense. Continue Reading
-
Feature
07 Dec 2022
Understanding malware analysis and its challenges
Discover what to expect in a malware analyst career, from the types of malware you'll encounter to important tools to use to difficulties that arise for those new to the field. Continue Reading
-
Feature
07 Dec 2022
Why is malware analysis important?
Malware continues to plague all organizations, causing data loss and reputational damage. Discover how malware analysis helps protect companies from such attacks. Continue Reading
-
News
06 Dec 2022
MegaRAC flaws, IP leak impact multiple server brands
MegaRAC BMC software from American Megatrends, Inc. have a trio of serious security vulnerabilities that were discovered following an intellectual property leak. Continue Reading
-
Tutorial
06 Dec 2022
How to use the Hydra password-cracking tool
Need help brute-forcing passwords? Get started by learning how to use the open source Hydra tool with these step-by-step instructions and companion video. Continue Reading
-
News
05 Dec 2022
Education sector hit by Hive ransomware in November
The education sector remained a popular target last month, particularly from Hive, a ransomware-a-as-a-service group, that even warranted a government alert in late November. Continue Reading
-
News
01 Dec 2022
Archive files become preferred format for malware delivery
The team at HP Wolf Security found that cybercriminals are using archive files as the preferred method for spreading malware, beating Microsoft Office for the first time. Continue Reading
-
News
30 Nov 2022
Exchange Server bugs caused years of security turmoil
The four high-profile sets of security vulnerabilities in Microsoft Exchange Server, disclosed by researcher Orange Tsai, are set to remain a major concern for organizations. Continue Reading
-
Podcast
30 Nov 2022
Risk & Repeat: Twitter, Elon Musk and security concerns
This podcast episode discusses Twitter's security concerns following Elon Musk's acquisition last month, as well as a possible data breach from 2021 that came to light recently. Continue Reading
-
News
30 Nov 2022
Tenable: 72% of organizations remain vulnerable to Log4Shell
New research shows the attack surface remains wide for the Log4j vulnerability, known as Log4Shell, which caused significant problems for organizations over the past year. Continue Reading
-
News
28 Nov 2022
Infosec researcher reports possible 'massive' Twitter breach
The alleged Twitter breach involves a data set from late 2021 and includes the phone numbers and personal information of millions of users in the U.S. and Europe. Continue Reading
-
News
28 Nov 2022
Small open source projects pose significant security risks
Open source security initiatives might prevent large-scale vulnerabilities such as Log4j, but smaller projects pose risks without more maintainer support, industry experts say. Continue Reading
-
News
23 Nov 2022
Cybereason warns of fast-moving Black Basta campaign
Threat actors with the Black Basta ransomware-as-a-service group are compromising networks in as little as one hour and stealing sensitive data before disabling DNS services. Continue Reading
-
Opinion
21 Nov 2022
Ransomware preparedness: The long road ahead
Is your organization ready for ransomware? A recent survey shows that businesses in a variety of industries are all struggling with ransomware prevention and recovery. Continue Reading
-
Tip
18 Nov 2022
Top metaverse cybersecurity challenges: How to address them
As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
-
News
17 Nov 2022
Magecart malware menaces Magento merchants
Sansec researchers say as many as 38% of commercial customers running the Adobe Commerce and Magento platforms could be infected with Magecart's TrojanOrders malware. Continue Reading
-
Tip
17 Nov 2022
Top 5 vulnerability scanning tools for security teams
Use these five vulnerability scanning tools to find weaknesses and potential exploits in web applications, IT and cloud infrastructure, IoT devices and more. Continue Reading
-
Podcast
16 Nov 2022
Risk & Repeat: Researchers criticize HackerOne
This podcast episode discusses a recent TechTarget Security article about bug bounty platform HackerOne in which researchers aired several complaints about the company. Continue Reading
-
News
16 Nov 2022
Rapid7 discloses more F5 BIG-IP vulnerabilities
While the severity of the issues is relatively low, F5 devices are commonly targeted by attackers to gain persistence inside a network. Continue Reading
-
Tip
14 Nov 2022
Dissect open source ransomware code to understand an attack
To protect your organization from ransomware, it's helpful to know what goes on behind the scenes. Unpack this ransomware code example to understand and defend against attacks. Continue Reading
-
News
10 Nov 2022
Flashpoint launches new 'ransomware prediction model'
Flashpoint's new model assigns a 'ransomware likelihood' rating for vulnerabilities contained in the VulnDB database, which contains more than 300,000 flaws. Continue Reading
-
Tip
10 Nov 2022
Common lateral movement techniques and how to prevent them
Lateral movement techniques enable attackers to dig deeper into compromised environments. Discover what lateral movement attacks are and four attack techniques. Continue Reading
-
Tip
08 Nov 2022
Types of vulnerability scanning and when to use each
Vulnerability scanning gives companies a key weapon when looking for security weaknesses. Discovery, assessment and threat prioritization are just a few of its benefits. Continue Reading
-
Feature
08 Nov 2022
How to build a shadow IT policy to reduce risks, with template
With a shadow IT policy in place, organizations reduce security risks from unapproved applications and services that employees introduce independently. Continue Reading
-
News
07 Nov 2022
Microsoft: Nation-state threats, zero-day attacks increasing
Microsoft's Digital Defense Report 2022 pointed the finger at China, which enacted a new vulnerability disclosure law last year, as the source of many zero-day attacks. Continue Reading
-
News
04 Nov 2022
Yanluowang ransomware gang goes dark after leaks
The Yanluowang ransomware operation appears to have shut down for the time being after an anonymous individual published a series of internal code and chat leaks. Continue Reading