Threats and vulnerabilities

Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.

Top Stories

Conference Coverage 13 May 2025
RSAC Conference 2025

Follow SearchSecurity's RSAC 2025 guide for insightful pre-conference insights and reports on notable presentations and breaking news at the world's biggest infosec event. Continue Reading
By
- Sharon Shea, Executive Editor
News 09 May 2025
News brief: AI security risks highlighted at RSAC 2025

Check out the latest security news from the Informa TechTarget team. Continue Reading
By
- Sharon Shea, Executive Editor

News 07 Jun 2022
Cybereason: Paying ransoms leads to more ransomware attacks

Cybereason found that the majority of organizations that pay threat actors to decrypt data are attacked again -- usually within a month and at the hands of the same attackers. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Jun 2022
MacOS malware attacks slipping through the cracks

Apple security specialist Patrick Wardle told RSA Conference 2022 attendees that some of the worst security flaws in the macOS operating system come from overlooked bits of code. Continue Reading
By
- Shaun Nichols
News 03 Jun 2022
Critical Atlassian Confluence flaw exploited in the wild

No patch is currently available for the critical Atlassian bug, which affects Confluence Server and Data Center products, though one is expected by end of day Friday. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Jun 2022
Conti ransomware group targeted Intel firmware tools

A pair of Intel firmware management platforms were targeted by the notorious Conti ransomware group to create new attack techniques, according to Eclypsium researchers. Continue Reading
By
- Shaun Nichols
Feature 01 Jun 2022
How ransomware kill chains help detect attacks

Reconstructing cyber attacks is a key step in incident response. Learn how ransomware kill chains can help security teams detect and mitigate the consequences of an attack. Continue Reading
By
- Isabella Harford, TechTarget
Feature 01 Jun 2022
How to improve cyber attack detection using social media

Social media has cybersecurity pros and cons. One benefit is that it can help improve cyber attack detection. These four real-world examples show how. Continue Reading
By
- Isabella Harford, TechTarget
- Packt Publishing
News 01 Jun 2022
Forescout proof-of-concept ransomware attack affects IoT, OT

Forescout's proof of concept showed how an attacker could use an IoT camera to gain access to an enterprise's IT network and then shut down operational technology hardware. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 31 May 2022
Microsoft zero day exploited in the wild, workarounds released

A zero-day flaw in the Microsoft Support Diagnostic Tool has already been exploited in the wild. No patch is available yet, but Microsoft released temporary mitigations. Continue Reading
By
- Rob Wright, Senior News Director
Tip 26 May 2022
Top 4 source code security best practices

Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Feature 26 May 2022
8 ways to avoid NFT scams

People and businesses are turning to NFTs to make money, trade collectibles and use as promotions. But scams are also trying to trick people and businesses out of money. Continue Reading
By
- Amanda Hetler, Senior Editor
News 26 May 2022
'Pantsdown' BMC vulnerability still present in Quanta servers

Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks. Continue Reading
By
- Shaun Nichols
News 25 May 2022
Verizon DBIR: Stolen credentials led to nearly 50% of attacks

The Verizon 2022 Data Breach Investigations Report revealed enterprises' ongoing struggle with securing credentials and avoiding common mistakes such as misconfigurations. Continue Reading
By
- Arielle Waldman, News Writer
Tip 25 May 2022
Prepare for deepfake phishing attacks in the enterprise

Deepfake phishing has already cost at least one company $243,000. Learn how cybersecurity leaders can train users to recognize this emerging attack vector. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 24 May 2022
Verizon DBIR: Ransomware dominated threat landscape in 2021

Though ransomware became an increasingly large threat to enterprises last year, Verizon's Data Breach Investigations Report found the model may not be as profitable as expected. Continue Reading
By
- Arielle Waldman, News Writer
News 23 May 2022
Veeam data protection aids users with secure restores

From 'nothing worked' to 'it just worked': How Veeam Software helped a Florida city out of a troublesome predicament with its legacy data backup platform. Continue Reading
By
- Paul Crocetti, Executive Editor
News 23 May 2022
AdvIntel: Conti rebranding as several new ransomware groups

According to AdvIntel's research, the Conti ransomware group's attack on the Costa Rican government was part of a rebranding effort, as the gang's ransom payments had dried up. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 20 May 2022
How to counter insider threats in the software supply chain

Insider threats extend beyond employees within your company to include people working at partners and third parties. Learn about these insider threats in the software supply chain. Continue Reading
By
- Will Kelly
News 19 May 2022
QNAP devices hit by DeadBolt ransomware again

DeadBolt ransomware is once again targeting QNAP's NAS devices, and the vendor is urging customers to patch immediately. Continue Reading
By
- Arielle Waldman, News Writer
News 19 May 2022
VMware vulnerabilities under attack, CISA urges action

Administrators are grappling with four VMware vulnerabilities -- two older flaws that are under active exploitation and two new bugs that CISA believes will be exploited soon. Continue Reading
By
- Shaun Nichols
Tip 19 May 2022
How to conduct a cyber-war gaming exercise

A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed. Continue Reading
By
- Johna Till Johnson, Nemertes Research
News 19 May 2022
VeeamON 2022: Backup and security union emerges as top trend

Veeam has seized an opportunity to make its products more secure amid the prevalence of cyber attacks. The vendor is also looking to expand its reach, potentially through acquisitions. Continue Reading
By
- Paul Crocetti, Executive Editor
News 18 May 2022
Axie Infinity hack highlights DPRK cryptocurrency heists

The $620 million hack of developer Sky Mavis earlier this year is only the latest in a long line of cryptocurrency platform attacks conducted by North Korean nation-state actors. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 17 May 2022
man in the browser (MitB)

Man in the browser (MitB) is a security attack where the perpetrator installs a Trojan horse on the victim's computer that is capable of modifying that user's web transactions. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Guest Post 16 May 2022
How cryptocurrencies enable attackers and defenders

Threat actors use cryptocurrencies for their anonymity, but they're not as impenetrable as once thought. Discover how cryptocurrencies can help attackers and defenders alike. Continue Reading
By
- Josh Davies
News 16 May 2022
Critical bug in Zyxel firewalls, VPNs exploited in the wild

Initially discovered by Rapid7, the vulnerability poses a critical risk to enterprise networks and could allow attackers to gain remote access to Zyxel security products. Continue Reading
By
- Arielle Waldman, News Writer
News 16 May 2022
Kasten backup adds Kubernetes ransomware detection, security

As ransomware becomes a bigger concern for container admins, updates to the Kasten backup and disaster recovery platform for Kubernetes take a proactive security stance. Continue Reading
By
- Paul Crocetti, Executive Editor
Answer 12 May 2022
Zero trust vs. zero-knowledge proof: What's the difference?

Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure networks. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 11 May 2022
Critical F5 vulnerability under exploitation in the wild

A remote code vulnerability in F5 BIG-IP network appliances is now being scanned for by threat actors, and some experts have observed exploitation in the wild. Continue Reading
By
- Shaun Nichols
News 10 May 2022
New clues point to REvil ransomware gang's return

New research from Secureworks' Counter Threat Unit provides further evidence that the REvil ransomware group, once thought to be defunct, is indeed back on the scene. Continue Reading
By
- Shaun Nichols
News 05 May 2022
Hackers exploit vulnerable Adminer for AWS database thefts

Mandiant researchers spotted a threat group using an exploit for older versions of Adminer to get their hands on metadata that included secret keys for AWS accounts. Continue Reading
By
- Shaun Nichols
News 05 May 2022
SentinelOne finds high-severity flaws in Avast, AVG

The Avast and AVG vulnerabilities, which have been patched, went undiscovered for 10 years and potentially impact millions of devices, according to SentinelOne. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 04 May 2022
SYN flood attack

A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server. Continue Reading
By
- Ben Lutkevich, Site Editor
News 04 May 2022
Winnti threat group rides again with IP theft campaign

A Chinese cyberespionage campaign, dubbed 'Operation CuckooBees' by Cybereason, went unnoticed for years as spies siphoned off intellectual property from companies. Continue Reading
By
- Shaun Nichols
News 03 May 2022
RCE vulnerabilities found in Avaya, Aruba network switches

Armis told SearchSecurity that depending on device model, it was 'not too hard to develop an exploit' for the Avaya and Aruba flaws, heightening concern for administrators. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 May 2022
April ransomware attacks slam US universities

April's ransomware attacks were highlighted by several universities and colleges in the U.S. reporting attacks, plus a possible data breach at one of the world's largest beverage companies. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Guest Post 02 May 2022
Russia-Ukraine war prompts security best practices refresher

The Russia-Ukraine war hasn't led to major cyber attacks affecting MSPs, but IT services providers should review cybersecurity best practices, including hardening and response. Continue Reading
By
- Dave Sobel, MAXfocus Partners
Definition 28 Apr 2022
Sender Policy Framework (SPF)

Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Feature 28 Apr 2022
Case study: Why it's difficult to attribute nation-state attacks

If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware. Continue Reading
By
- Isabella Harford, TechTarget
- No Starch Press
Feature 28 Apr 2022
Tips for using a threat profile to prevent nation-state attacks

Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile. Continue Reading
By
- Isabella Harford, TechTarget
News 27 Apr 2022
Five Eyes reveals 15 most exploited vulnerabilities of 2021

Law enforcement agencies from five countries share the top flaws they've observed being exploited this year, some of which were disclosed as early as 2018. Continue Reading
By
- Arielle Waldman, News Writer
Feature 27 Apr 2022
Why companies should focus on preventing privilege escalation

If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 27 Apr 2022
Best practices for creating an insider threat program

A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 26 Apr 2022
Cisco Talos observes 'novel increase' in APT activity in Q1

The security vendor uncovered new trends during Q1, including increased APT attacks, 'democratized' ransomware threats and significant exploitation of Log4j bugs. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Apr 2022
T-Mobile breached in apparent Lapsus$ attack

Lapsus$'s alleged theft of T-Mobile source code is in line with its previous activity; the cybercrime group previously stole code from Microsoft and Samsung. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 22 Apr 2022
An introduction to binary diffing for ethical hackers

Binary diffing is a useful tool in the ethical hacker's arsenal. This excerpt teaches aspiring penetration testers and red teamers how to get started. Continue Reading
By
- Alissa Irei, Senior Site Editor
- McGraw Hill Education
News 21 Apr 2022
Zero-day vulnerability exploitation soaring, experts say

Researchers with Mandiant and Google Project Zero say they observed significant increases in exploitation of zero-day vulnerabilities over the past year. Continue Reading
By
- Shaun Nichols
News 21 Apr 2022
Cryptocurrency theft leaves Beanstalk Farms' future in doubt

Beanstalk Farms' founders confirmed they found many aspects of activity during the attack 'strange' but saw no reason for concern. Now, the company's future is uncertain. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Apr 2022
FBI warns of 'timed' ransomware attacks on agriculture sector

In a recent alert, the FBI warned that food and agriculture businesses could become a target of ransomware attacks at the sector's busiest times of the year. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Tip 21 Apr 2022
7 best practices for Web3 security risk mitigation

Tech builders and businesses evaluating decentralized technologies should keep these seven Web3 security best practices in mind to help mitigate traditional and novel cyber threats. Continue Reading
By
- Jessica Groopman, Kaleido Insights
News 20 Apr 2022
U.S. warns of 'increased' threats from Russian hacking groups

The U.S. government and its Five Eyes intelligence partners issued a joint advisory warning of the dangers posed by both state-sponsored hackers and cybercriminal crews in Russia. Continue Reading
By
- Shaun Nichols
Tip 20 Apr 2022
Traditional IT vs. critical infrastructure cyber-risk assessments

When it comes to critical infrastructure cybersecurity, the stakes are uniquely high. Assessing associated cyber-risk, in turn, is uniquely challenging. Continue Reading
By
- Paul Rostick
News 20 Apr 2022
Kaspersky releases decryptor for Yanluowang ransomware

Kaspersky is offering users and admins a tool to decrypt data that had been locked away by the emerging Yanluowang ransomware gang, which was first revealed in December. Continue Reading
By
- Shaun Nichols
News 20 Apr 2022
BlackCat emerges as one of the top ransomware threats

After several notable ransomware attacks against major enterprises, the BlackCat gang is drawing the attention of security researchers who have connected it to other groups. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 20 Apr 2022
AWS Log4Shell hot patch vulnerable to privilege escalation

Amazon's initial Log4Shell fix had 'severe security issues,' a Palo Alto Networks security researcher said. Amazon released new patches to fix those issues Tuesday. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Apr 2022
Stolen OAuth tokens lead to 'dozens' of breached GitHub repos

Stolen OAuth tokens issued to Heroku and Travis CI were used to download data from the private repositories of 'dozens of organizations,' including GitHub subsidiary npm. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 15 Apr 2022
mail bomb

A mail bomb is a form of a denial-of-service (DoS) attack designed to overwhelm an inbox or inhibit a server by sending a massive number of emails to a specific person or system. Continue Reading
By
- Andrew Zola
News 14 Apr 2022
Critical Windows RPC vulnerability raises alarm

Security experts warn that a newly disclosed vulnerability in a critical Windows networking component is opening the door for remote takeover attacks. Continue Reading
By
- Shaun Nichols
Opinion 14 Apr 2022
Making sense of conflicting third-party security assessments

Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective. Continue Reading
By
- Dave Gruber, Principal Analyst
News 14 Apr 2022
VMware Workspace One flaw actively exploited in the wild

Multiple threat intelligence providers have detected threat activity related to the VMware Workspace One flaw, including cryptocurrency mining activity. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Apr 2022
US government, security vendors warn of new ICS malware

As attacks on critical infrastructure increase, experts warn that threat actors have developed new malware designed to take control of ICS and SCADA systems in the energy sector. Continue Reading
By
- Arielle Waldman, News Writer
News 13 Apr 2022
Microsoft dismantles ZLoader botnet

Microsoft and ESET security teams explained how they were able to identify and dismantle the command and control infrastructure of the notorious ZLoader malware network. Continue Reading
By
- Shaun Nichols
News 13 Apr 2022
Sophos: LockBit affiliates hacked regional government agency

Sophos said attackers spent at least five months inside an unnamed regional government agency's network, remotely Googling for hacking tools before deploying LockBit ransomware. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Apr 2022
Ukraine energy grid hit by Russian Industroyer2 malware

The 2016 malware known as 'Industroyer' has resurfaced in a new series of targeted attacks against industrial controller hardware at a Ukraine power company. Continue Reading
By
- Shaun Nichols
News 12 Apr 2022
Synopsys: Enterprises struggling with open source software

To curb open source risk, Synopsys advises enterprises to keep a comprehensive inventory of all software within its environment and to understand that securing open source requires strong management. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Apr 2022
Apple Security Bounty improves, but problems remain

Security researchers told SearchSecurity that Apple Security Bounty improved its communication earlier this year, which had been a key issue for participants. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Apr 2022
How the FBI took down the Cyclops Blink botnet

The FBI's operation copied and removed Cyclops Blink's malware from victims' systems that were used as command and control devices, severing Sandworm's control of the botnet. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 07 Apr 2022
Pen testing guide: Types, steps, methodologies and frameworks

Penetration testing helps organizations find security vulnerabilities before hackers do. Uncover details about pen testing steps, methodologies, frameworks and standards. Continue Reading
By
- Paul Kirvan
News 06 Apr 2022
US sanctions Garantex for laundering over $100M

The latest action follows a string of sanctions imposed during the past year against cryptocurrency exchanges operating out of Russia. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Apr 2022
Conti ransomware leaks show a low-tech but effective model

The Conti ransomware gang runs largely on elbow grease, according to Akamai security researchers who analyzed the group's training materials and operating policies. Continue Reading
By
- Shaun Nichols
Feature 06 Apr 2022
How secure are one-time passwords from attacks?

Adding an additional authentication layer makes it harder for attackers to get into accounts, but not all authentication factors are equal -- especially when it comes to OTPs. Continue Reading
By
- Kyle Johnson, Technology Editor
News 05 Apr 2022
March ransomware attacks strike finance, government targets

In March, ransomware reports and disclosures showed a variety of victims, from public schools and county governments to financial services firms and large enterprises. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 05 Apr 2022
Conti ransomware deployed in IcedID banking Trojan attack

The Conti ransomware gang gained recent notoriety for publicly backing Russia in its invasion of Ukraine. An anonymous researcher then leaked massive amounts of internal Conti data. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 04 Apr 2022
Cryptocurrency companies targeted in Mailchimp breach

Cryptocurrency wallet maker Trezor revealed phishing attacks against its customers that stemmed from a breach at Mailchimp, which the email marketing firm later confirmed. Continue Reading
By
- Arielle Waldman, News Writer
News 31 Mar 2022
Spring Framework vulnerabilities sow confusion, concern

Two different remote code execution vulnerabilities in a Java developer tool caused considerable confusion after one of the flaws was leaked online as a zero-day. Continue Reading
By
- Shaun Nichols
News 31 Mar 2022
New 'AcidRain' malware may be connected to Viasat attack

SentinelOne did not directly attribute the malware to the Viasat attack. That said, researchers argued the "AcidRain" malware's functionality matches open source intelligence. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 30 Mar 2022
Axie Infinity hack results in $600M cryptocurrency heist

Axie Infinity, whose developer was hacked this month, is a popular NFT-based video game in which players earn cryptocurrency by raising their pay-to-play digital pets, or 'Axies.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 29 Mar 2022
Rapid7 finds zero-day attacks surged in 2021

Cybercriminals are turning bugs into exploits faster than ever, according to Rapid7, which found that the average time to known exploitation dropped 71% last year. Continue Reading
By
- Shaun Nichols
Feature 29 Mar 2022
Cryptocurrency cyber attacks on the rise as industry expands

Consumers, businesses and governments are finding new ways to use cryptocurrency, but a recent string of cyber attacks has highlighted security risks and shortcomings. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Mar 2022
US indicts Russian nationals for critical infrastructure attacks

One defendant is accused of deploying the infamous Trisis or Triton malware against energy-sector companies, including a petrochemical plant in Saudi Arabia in a 2017 attack. Continue Reading
By
- Arielle Waldman, News Writer
Tip 25 Mar 2022
Review Microsoft Defender for endpoint security pros and cons

Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Podcast 25 Mar 2022
Risk & Repeat: Lapsus$ highlights poor breach disclosures

This Risk & Repeat podcast episode examines two high-profile breaches by emerging threat group Lapsus$ and how Microsoft and Okta responded to these attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 Mar 2022
North Korean hackers exploited Chrome zero-day for 6 weeks

Google researchers say a Chrome zero-day bug stemming from a use-after-free error was exploited by North Korean hackers against both media and financial targets earlier this year. Continue Reading
By
- Shaun Nichols
News 24 Mar 2022
FBI: Ransomware hit 649 critical infrastructure entities in 2021

The FBI's Internet Crime Complaint Center found ransomware was a top threat to critical infrastructure security in 2021, hitting a wide range of organizations. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Mar 2022
Microsoft confirms breach, attributes attack to Lapsus$

Microsoft disclosed it had been breached by emerging threat group Lapsus$ toward the end of a threat intelligence post dedicated to the extortion gang and its tactics. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 22 Mar 2022
Biden: Russia exploring cyber attacks against US

President Joe Biden's warning of potential Russian attacks against U.S. critical infrastructure is the latest call to action for the private sector to fortify its cyberdefenses. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 18 Mar 2022
Seeking truth in crisis times shows importance of metadata

Metadata gives context to data, and during crises like the war in Ukraine when it's difficult to know what news to trust, context can help distinguish truth from fiction. Continue Reading
By
- Eric Avidon, Senior News Writer
News 17 Mar 2022
JavaScript apps hit with pro-Ukraine supply chain attack

A popular JavaScript package was sabotaged by its developer and seeded with messages in support of Ukraine in what has become a supply chain attack. Continue Reading
By
- Shaun Nichols
News 17 Mar 2022
Sandworm APT ramps up Cyclops Blink botnet with Asus routers

Trend Micro discovered that the Cyclops Blink botnet, which had originally targeted WatchGuard devices, is now spreading to Asus and 'at least one other vendor.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 16 Mar 2022
LokiLocker ransomware crew bursts onto the scene

The mysterious LokiLocker ransomware group caught the attention of BlackBerry researchers, who say the outfit could become the next cybercrime group to menace enterprises. Continue Reading
By
- Shaun Nichols
News 15 Mar 2022
Container vulnerability opens door for supply chain attacks

A CRI-O container engine vulnerability could allow attackers to bypass security controls and take over a host system, according to CrowdStrike researchers. Continue Reading
By
- Shaun Nichols
News 10 Mar 2022
Log4Shell vulnerability continues to menace developers

Months after it was first disclosed, the Log4j RCE vulnerability remains widespread on code-sharing sites and open source repositories, according to security researchers. Continue Reading
By
- Shaun Nichols
Answer 10 Mar 2022
Use microsegmentation to mitigate lateral attacks

Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Feature 10 Mar 2022
6 potential enterprise security risks with NFC technology

Some NFC risks include payment processing fraud, eavesdropping and replay attacks. Continue Reading
By
- Sean Michael Kerner
Definition 10 Mar 2022
metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two types of malicious software (malware) that can change their code as they propagate through a system. Continue Reading
By
- Rahul Awati
News 09 Mar 2022
Researchers disclose new Spectre V2 vulnerabilities

The Spectre class of data disclosure vulnerabilities is once again at the security forefront after researchers discovered a new variant of the side-channel attack. Continue Reading
By
- Shaun Nichols
News 09 Mar 2022
Immersive Labs: Average cyberthreat response takes 96 days

Immersive Labs' Cyber Workforce Benchmark found that some critical threats, including a zero-day vulnerability, took an average of six months to fully address. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 08 Mar 2022
FBI finds Ragnar Locker hit 52 U.S. critical infrastructure targets

While providing an updated list of indicators of compromise, the FBI revealed that a range of critical sectors were attacked by the ransomware group. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Mar 2022
Researchers uncover vulnerabilities in APC Smart-UPS devices

Researchers with Armis found a trio of vulnerabilities in uninterruptible power supply (UPS) devices from APC that could be remotely exploited by threat actors. Continue Reading
By
- Shaun Nichols
Tip 07 Mar 2022
Top DevSecOps certifications and trainings

Check out some of the top DevSecOps certifications and trainings that can help professionals learn how to shift security left in the software development lifecycle. Continue Reading
By
- Isabella Harford, TechTarget
News 07 Mar 2022
Samsung breached, Nvidia hackers claim responsibility

Samsung said Galaxy device source code was stolen, but no employee or customer personal information was taken by the attackers, who appear to be with the Lapsus$ ransomware group. Continue Reading
By
- Alexander Culafi, Senior News Writer