Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
Feature
14 Mar 2024
JetBrains, Rapid7 clash over vulnerability disclosure policies
In a blog post this week, JetBrains argued that attacks on TeamCity customers were the result of Rapid7 publishing the full technical details of two critical vulnerabilities. Continue Reading
-
Tip
14 Mar 2024
How to craft a generative AI security policy that works
The advent of generative AI threatens to poke additional holes in your cybersecurity strategy. Compiling a GenAI-based security policy to guide your responses can help. Continue Reading
-
Tip
26 Jul 2023
How to avoid LinkedIn phishing attacks in the enterprise
Organizations and users need to be vigilant about spotting LinkedIn phishing attacks by bad actors on the large business social media platform. Learn how to foil the attempts. Continue Reading
-
News
25 Jul 2023
Ivanti EPMM zero-day vulnerability exploited in wild
A zero-day authentication bypass vulnerability in Ivanti Endpoint Manager Mobile was exploited in a cyber attack against a Norwegian government agency. Continue Reading
-
News
24 Jul 2023
Coveware: Rate of victims paying ransom continues to plummet
Incident response firm Coveware said 34% of ransomware victims paid the ransom in Q2 2023, a sharp decline from last quarter and an enormous decline from 2020 and 2019. Continue Reading
-
Opinion
24 Jul 2023
IBM FlashSystem 5045 aids access to storage cyber resilience
As ransomware and other cyber attacks persist, enterprises should prioritize cyber resilience. IBM's FlashSystem 5045 improves accessibility for that protection. Continue Reading
-
Tip
20 Jul 2023
API keys: Weaknesses and security best practices
API keys are not a replacement for API security. They only offer a first step in authentication -- and they require additional security measures to keep them protected. Continue Reading
-
Podcast
20 Jul 2023
Risk & Repeat: Are data extortion attacks ransomware?
Ransomware gangs are focusing more on data theft and extortion, while skipping the encryption of networks. But should these attacks still be considered ransomware? Continue Reading
-
News
19 Jul 2023
Citrix NetScaler ADC and Gateway flaw exploited in the wild
Critical remote code execution flaw CVE-2023-3519 was one of three vulnerabilities in Citrix's NetScaler ADC and Gateway. Customers are urged to patch their instances. Continue Reading
-
News
18 Jul 2023
Multiple Adobe ColdFusion flaws exploited in the wild
One of the Adobe ColdFusion flaws exploited in the wild, CVE-2023-38203, was a zero-day bug that security vendor Project Discovery inadvertently published. Continue Reading
-
Feature
18 Jul 2023
Ransomware case study: Recovery can be painful
In ransomware attacks, backups can save the day and the data. Even so, recovery can still be expensive and painful, depending on the approach. Learn more in this case study. Continue Reading
-
Definition
18 Jul 2023
cyber extortion
Cyber extortion is a crime involving an attack or threat of an attack coupled with a demand for money or some other response in return for stopping or remediating the attack. Continue Reading
-
Feature
18 Jul 2023
The history and evolution of ransomware
Ransomware has evolved from a malicious floppy disk demanding $189 in ransom to a multibillion-dollar industry with ransom for rent, sophisticated techniques and big-name victims. Continue Reading
-
News
14 Jul 2023
XSS zero-day flaw in Zimbra Collaboration Suite under attack
A manual workaround is currently available for a cross-site scripting vulnerability in Zimbra Collaboration Suite, though a patch won't be available until later this month. Continue Reading
-
News
13 Jul 2023
Microsoft: Government agencies breached in email attacks
While Microsoft mitigated the attacks and found no evidence of further access beyond the email accounts, the Outlook breaches raised questions for the software giant. Continue Reading
-
News
12 Jul 2023
Russia-based actor exploited unpatched Office zero day
Microsoft investigated an ongoing phishing campaign that leverages Word documents to deliver malicious attachments to targeted organizations in the U.S. and Europe. Continue Reading
-
Podcast
11 Jul 2023
Risk & Repeat: How bad is Clop's MoveIt Transfer campaign?
Clop's data theft and extortion campaign against MoveIt Transfer customers marks some of the most high-profile threat activity this year, but its success level remains unclear. Continue Reading
-
News
11 Jul 2023
Clop's MoveIt Transfer attacks lead to mixed results
Clop's data theft extortion campaign against MoveIt Transfer customers has apparently compromised hundreds of organizations. But it's unclear how many victims have paid ransoms. Continue Reading
-
Feature
10 Jul 2023
How to map security gaps to the Mitre ATT&CK framework
Mapping security gaps to the Mitre ATT&CK framework enables SOC teams to prioritize, remediate and eliminate vulnerabilities before malicious actors exploit them. Continue Reading
-
Tip
07 Jul 2023
Enterprise risk management should inform cyber-risk strategies
Cyber-risk doesn't exist in a vacuum. By understanding the broader enterprise risk management landscape, CISOs can make decisions that best serve the business. Continue Reading
-
News
06 Jul 2023
CISA: Truebot malware infecting networks in U.S., Canada
CISA warned of Truebot attacks in a joint advisory alongside the FBI, the Canadian Centre for Cyber Security and the Multi-State Information Sharing and Analysis Center. Continue Reading
-
News
05 Jul 2023
June saw flurry of ransomware attacks on education sector
As the school year culminated, ransomware attacks surged across K-12 schools and universities, causing class disruptions and putting sensitive data at risk. Continue Reading
-
Definition
05 Jul 2023
WannaCry ransomware
WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system. Continue Reading
-
News
30 Jun 2023
TSMC partner breached by LockBit ransomware gang
A cyber attack against Chinese systems integrator Kinmax led to the theft of TSMC proprietary data, which LockBit threatened to publish unless TSMC paid a $70 million ransom. Continue Reading
-
Feature
29 Jun 2023
Quishing on the rise: How to prevent QR code phishing
A monthslong quishing campaign demonstrated how cybercriminals are using QR codes to trick users. Here's what enterprise security leaders need to know. Continue Reading
-
Tip
26 Jun 2023
How API gateways improve API security
API gateways keep APIs secure by providing rate limiting, DDoS protection and more. Learn more about these benefits, along with API gateway security best practices. Continue Reading
-
News
22 Jun 2023
Apple patches zero days used in spyware attacks on Kaspersky
Two Apple zero days were used in the spyware campaign Kaspersky Lab named 'Operation Triangulation,' which was initially discovered on iOS devices of Kaspersky employees. Continue Reading
-
News
21 Jun 2023
May ransomware activity rises behind 8base, LockBit gangs
LockBit was the most active group last month, but NCC Group researchers were surprised by 8base, which started listing victims from attacks that occurred beginning in April 2022. Continue Reading
-
Podcast
20 Jun 2023
Risk & Repeat: More victims emerge from MoveIt Transfer flaw
CISA last week said several federal agencies suffered data breaches resulting from a MoveIt Transfer zero-day vulnerability, though it's unclear what type of data was stolen. Continue Reading
-
Tip
20 Jun 2023
Implement zero trust to improve API security
Not all organizations have an API security strategy in place. Using zero trust in API security is one way to protect APIs and reduce their changes of being attacked. Continue Reading
-
News
20 Jun 2023
Attackers discovering exposed cloud assets within minutes
Cloud security vendor Orca Security used honeypots to learn more about how threat actors compromise cloud resources such as misconfigured AWS S3 buckets and GitHub repositories. Continue Reading
-
News
16 Jun 2023
U.S. government agencies breached via MoveIt Transfer flaw
CISA Director Jen Easterly said 'several' U.S. agencies suffered intrusions via their MoveIt Transfer instances, but have not seen significant effects from the attacks. Continue Reading
-
Tip
16 Jun 2023
Use IoT hardening to secure vulnerable connected devices
IoT and industrial IoT innovation continue to thrive, but IoT device security continues to be an afterthought. Companies should harden connected devices to remain protected. Continue Reading
-
Podcast
15 Jun 2023
Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks
Barracuda Networks attempted to fix the critical ESG zero-day vulnerability, but a Chinese nation-state threat actor was able to maintain access on compromised devices. Continue Reading
-
News
14 Jun 2023
State governments among victims of MoveIT Transfer breach
The Clop ransomware gang, which claimed responsibility for multiple data breaches tied to the MoveIT Transfer flaw, said it would delete data stolen from government agencies. Continue Reading
-
News
13 Jun 2023
Fortinet warns critical VPN vulnerability 'may' be under attack
Fortinet said the heap buffer overflow flaw might have been exploited already and warned that Chinese nation-state threat group Volt Typhoon would likely attack the vulnerability. Continue Reading
-
News
13 Jun 2023
Mandiant: New VMware ESXi zero-day used by Chinese APT
VMware said the ESXi flaw was 'low severity' despite being under active exploitation because it requires the attacker to already have gained root access on the target's system. Continue Reading
-
Tip
12 Jun 2023
Benefits of risk-based vulnerability management over legacy VM
Risk-based vulnerability management not only offers a proactive way to identify vulnerable assets, but it also helps prevent alert fatigue and improve patch prioritization. Continue Reading
-
News
12 Jun 2023
MoveIT Transfer attacks highlight SQL injection risks
Security vendors say SQL injection flaws, like the zero-day vulnerability recently disclosed by Progress Software, can be challenging for companies to identify and resolve. Continue Reading
-
News
12 Jun 2023
Veeam execs examine backup and security blend, other trends
Veeam leaders break down how cybersecurity issues have changed the data protection conversation. The discussion also details future plans, such as in SaaS backup and potential IPO. Continue Reading
-
News
08 Jun 2023
Cisco generative AI heads to Security Cloud, Webex
Cisco plans to release generative AI features in the Webex platform and Security Cloud this year. Together, the products tighten security for remote workers. Continue Reading
-
Podcast
08 Jun 2023
Risk & Repeat: Moveit Transfer flaw triggers data breaches
Several organizations, predominantly in the U.K., have confirmed data breaches that stemmed from exploitation of the critical Moveit Transfer zero-day vulnerability. Continue Reading
-
News
08 Jun 2023
Barracuda: Replace vulnerable ESG devices 'immediately'
Customers with email security gateway appliances affected by a recent zero-day flaw, CVE-2023-2868, are being urged to replace devices, even if the hardware has been patched. Continue Reading
-
News
08 Jun 2023
MoveIt Transfer flaw leads to wave of data breach disclosures
Organizations that have confirmed a data breach tied to the critical MoveIt flaw disclosed in May include the government of Nova Scotia, the BBC and HR software firm Zellis. Continue Reading
-
Tip
07 Jun 2023
6 blockchain use cases for cybersecurity
Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
-
Tip
07 Jun 2023
Top blockchain attacks, hacks and security issues explained
Blockchain is an attractive target for malicious actors. From blockchain-specific attacks to human vulnerabilities to lack of regulations, these are the top blockchain issues. Continue Reading
-
News
06 Jun 2023
Free Atlassian Jira DevSecOps tab opens doors to expansion
Vulnerability management data from Atlassian partners surfaces in a new Security in Jira tab for cloud customers, setting the stage for a potential DevSecOps expansion. Continue Reading
-
News
06 Jun 2023
Ransomware takes down multiple municipalities in May
City and local governments experienced severe disruptions to public services due to ransomware attacks in May, particularly from the Royal ransomware group. Continue Reading
-
News
06 Jun 2023
Verizon 2023 DBIR: Ransomware remains steady but complicated
Chris Novak, managing director of cybersecurity consulting at Verizon Business, said 2023 was a "retooling year" for ransomware threat actors adapted to improved defenses. Continue Reading
-
News
05 Jun 2023
Atlassian cloud preps threat tool as security boss departs
Atlassian Beacon shores up cloud security as it adds transparency around security issues, but the chief trust officer role at the company is also changing hands. Continue Reading
-
News
05 Jun 2023
Ransomware actors exploiting MoveIt Transfer vulnerability
Microsoft said the recently disclosed zero-day flaw in Progress Software's managed file transfer product is being exploited by threat actors connected to the Clop ransomware gang. Continue Reading
-
Feature
05 Jun 2023
Attack surface reduction rules for Microsoft productivity apps
Attack surface reduction rules in Microsoft Defender for Endpoint help prevent apps from launching executable files and scripts, running suspicious scripts and more. Continue Reading
-
News
01 Jun 2023
Zyxel vulnerability under 'widespread exploitation'
Researchers warn that threat actors are widely exploiting an unauthenticated command injection vulnerability to target multiple Zyxel network devices. Continue Reading
-
News
01 Jun 2023
Zero-day vulnerability in MoveIt Transfer under attack
Rapid7 observed exploitation of a SQL injection vulnerability in Progress Software's managed file transfer product, which was disclosed this week but has not been patched. Continue Reading
-
News
31 May 2023
Barracuda zero-day bug exploited months prior to discovery
Barracuda said a zero-day flaw used to target its email security gateway appliance customers is a remote command injection vulnerability exploited since at least October 2022. Continue Reading
-
News
31 May 2023
Many Gigabyte PC models affected by major supply chain issue
Eclypsium researchers say the insecure implementation of PC hardware manufacturer Gigabyte's App Center could potentially result in supply chain attacks. Continue Reading
-
News
25 May 2023
Chinese hackers targeting U.S. critical infrastructure
Microsoft uncovered a Chinese nation-state threat group that is compromising Fortinet FortiGuard devices to gain access to critical infrastructure entities in the U.S. and Guam. Continue Reading
-
Tip
25 May 2023
9 smart contract vulnerabilities and how to mitigate them
Smart contracts execute tasks automatically when specific events occur, and often handle large data and resource flows. This makes them particularly attractive to attackers. Continue Reading
-
News
25 May 2023
Users dish on ransomware protection, recovery at VeeamON
To help protect against and recover from ransomware attacks, IT professionals at VeeamON 2023 recommended planning, testing and other key security measures. Continue Reading
-
Tip
25 May 2023
How to conduct a smart contract audit and why it's needed
Smart contracts ensure the integrity of transactions, such as those that initiate key services. A smart contract audit is one way to ensure the programs work as designed. Continue Reading
-
News
24 May 2023
Barracuda discloses zero-day flaw affecting ESG appliances
Barracuda Networks said threat actors exploited the zero-day to gain 'unauthorized access to a subset of email gateway appliances,' though it did not say how many. Continue Reading
-
News
23 May 2023
Threat actors leverage kernel drivers in new attacks
Fortinet detailed a campaign using a malicious driver in attacks against organizations in the Middle East, and Trend Micro detailed a driver-based attack by BlackCat ransomware. Continue Reading
-
News
22 May 2023
Iowa hospital discloses breach following Royal ransomware leak
Clarke County Hospital revealed that it took network services offline after an attack in April, but did not address the reported data leak by the Royal ransomware gang. Continue Reading
-
News
19 May 2023
Dish 'received confirmation' ransomware gang deleted stolen data
A line in Dish Network's breach notification sent to affected employees this week suggested the satellite TV provider had paid a ransomware gang to delete stolen data. Continue Reading
-
Feature
19 May 2023
The potential danger of the new Google .zip top-level domain
How much should the average end user be concerned about the new .zip and .mov TLDs? They aren't as bad as some make them out to be, but it's still worth doing something about them. Continue Reading
-
News
18 May 2023
Gentex confirms data breach by Dunghill ransomware actors
The Dunghill ransomware gang last month claimed responsibility for an attack against Gentex Corporation, which confirmed this week that it suffered a breach several months ago. Continue Reading
-
News
17 May 2023
KeePass vulnerability enables master password theft
KeePass developer Dominik Reichl said the vulnerability should be fixed in KeePass version 2.54, which is expected to release in July along with other security updates. Continue Reading
-
Tip
17 May 2023
Why Amazon S3 is a ransomware target and how to protect it
Hacking continues to evolve. While Amazon S3 is a major ransomware target, admins can take steps in configuration and event logging, among other protection measures. Continue Reading
-
News
16 May 2023
Chinese APT exploits TP-Link router firmware via implant
Check Point Software Technologies said the malicious implant, which it attributed to Chinese APT "Camaro Dragon," was firmware agnostic and could be used against other vendors. Continue Reading
-
Opinion
16 May 2023
Protect against current and future threats with encryption
Current and future cyber threats, such as ransomware, generative AI, quantum computing and an increase in surveillance, are driving the need to secure all data with encryption. Continue Reading
-
Tip
16 May 2023
How to build a better vulnerability management program
With a vulnerability management program in place, your organization is better equipped to identify and mitigate security vulnerabilities in people, processes and technologies. Continue Reading
-
News
15 May 2023
CrowdStrike warns of rise in VMware ESXi hypervisor attacks
As enterprise adoption of virtualization technology increases, CrowdStrike has observed a rise in ransomware attacks on servers running VMware's ESXi bare-metal hypervisors. Continue Reading
-
Feature
12 May 2023
Explore the impact of quantum computing on cryptography
When quantum computers become available, lots of encryption types will be vulnerable. Learn why, and what's being researched, to navigate post-quantum cryptography. Continue Reading
-
News
12 May 2023
Bl00dy ransomware gang targets schools via PaperCut flaw
The Bl00dy ransomware gang is targeting schools via a critical remote code execution flaw present in unpatched instances of PaperCut MF and NG print management software. Continue Reading
-
News
10 May 2023
Akamai bypasses mitigation for critical Microsoft Outlook flaw
Enterprises might remain vulnerable to a critical Outlook flaw that Microsoft patched in March, as an Akamai researcher uncovered a way to bypass remediation efforts. Continue Reading
-
Definition
09 May 2023
juice jacking
Juice jacking is a security exploit in which an infected USB charging station is used to compromise devices that connect to it. Continue Reading
-
Definition
09 May 2023
hypervisor security
Hypervisor security is the process of ensuring the hypervisor -- the software that enables virtualization -- is secure throughout its lifecycle. Continue Reading
-
News
08 May 2023
Intel BootGuard private keys leaked following MSI hack
Intel said it was "actively investigating" reports that OEM BootGuard keys were stolen and leaked by ransomware actors following a breach at motherboard maker MSI Continue Reading
-
News
08 May 2023
Western Digital confirms ransomware actors stole customer data
Western Digital issued an update late Friday that confirmed customer data was stolen in an attack for which Alphv ransomware actors claimed responsibility. Continue Reading
-
News
04 May 2023
Ransomware gangs display ruthless extortion tactics in April
Ransomware groups are pressuring enterprises into paying with harsher extortion tactics, contacting individual victims directly and leaking stolen photos and video footage. Continue Reading
-
Feature
03 May 2023
Studies show ransomware has already caused patient deaths
No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Continue Reading
-
Feature
02 May 2023
Where climate change and cyber attacks intersect
One session at RSA Conference 2023 focused on climate change -- a topic that is not commonly featured during cybersecurity conversations, but should be. Continue Reading
-
Definition
01 May 2023
Web application firewall (WAF)
A web application firewall (WAF) is a firewall that monitors, filters and blocks Hypertext Transfer Protocol (HTTP) traffic as it travels to and from a website or web application. Continue Reading
-
Feature
28 Apr 2023
It's time to harden AI and ML for cybersecurity
An RSA Conference panel said that now is the time to become proactive against AI and ML adversarial attacks -- before they become more sophisticated. Continue Reading
-
News
25 Apr 2023
Bugcrowd CTO talks hacker feedback, vulnerability disclosure
Bugcrowd CTO Casey Ellis said the company's new penetration testing service helps establish the company beyond public perception of it being purely a bug bounty platform. Continue Reading
-
News
25 Apr 2023
Google, Mandiant highlight top threats, evolving adversaries
Enterprises are struggling to keep up as adversary groups improve tactics. But one of the most difficult groups to defend against, according to Google and Mandiant, was a surprise. Continue Reading
-
Definition
25 Apr 2023
smishing (SMS phishing)
Smishing -- or Short Message Service (SMS) phishing -- is a social engineering tactic cybercriminals use to trick people into divulging sensitive information over text messages. Continue Reading
-
Conference Coverage
24 Apr 2023
RSA Conference 2023 highlights strength through alliances
Follow this RSA 2023 guide from TechTarget Editorial to get pre-conference coverage and stay on top of breaking news and analysis from the infosec world's biggest annual event. Continue Reading
-
Definition
21 Apr 2023
Common Vulnerability Scoring System (CVSS)
The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity of security vulnerabilities in software. Continue Reading
-
Tip
21 Apr 2023
How to create an SBOM, with example and template
SBOMs help organizations inventory every component in their software. This free template, which includes an SBOM example, can help you secure your own software supply chain. Continue Reading
-
News
20 Apr 2023
Fortra completes GoAnywhere MFT investigation
An investigation around the zero-day attack that affected a growing number of victims revealed that activity started earlier than Fortra initially reported. Continue Reading
-
News
20 Apr 2023
Mandiant: 3CX breach caused by second supply chain attack
Trading Technologies said in a statement it had 'not had the ability to verify the assertions in Mandiant's report' that its software played a role in the 3CX supply chain attack. Continue Reading
-
Definition
19 Apr 2023
firewall
A firewall is a network security device that prevents unauthorized access to a network. It inspects incoming and outgoing traffic using a set of security rules to identify and block threats. Continue Reading
-
News
18 Apr 2023
Mandiant: 63% of breaches were discovered externally in 2022
Mandiant said the 2022 increase is most likely affected by the threat intelligence firm proactively investigating threat activity targeting Ukraine last year. Continue Reading
-
Guest Post
14 Apr 2023
Pen testing amid the rise of AI-powered threat actors
The importance of pen testing continues to increase in the era of AI-powered attacks, along with red teaming, risk prioritization and well-defined goals for security teams. Continue Reading
-
Tutorial
13 Apr 2023
How to use the John the Ripper password cracker
Password crackers are essential tools in any pen tester's toolbox. This step-by-step tutorial explains how to use John the Ripper, an open source offline password-cracking tool. Continue Reading
-
News
13 Apr 2023
Hacking Policy Council launches, aims to improve bug disclosure
Founding members for the Hacking Policy Council, launched Thursday by the Center for Cybersecurity Policy and Law, include HackerOne, Bugcrowd, Google and others. Continue Reading
-
Definition
13 Apr 2023
Microsoft Defender for Endpoint (formerly Windows Defender ATP)
Microsoft Defender for Endpoint -- formerly Microsoft Defender Advanced Threat Protection or Windows Defender ATP -- is an endpoint security platform designed to help enterprise-class organizations prevent, detect and respond to security threats. Continue Reading
-
News
12 Apr 2023
OpenAI launches bug bounty program with Bugcrowd
ChatGPT publisher OpenAI said its new Bugcrowd bug bounty program will not accept submissions involving "issues related to the content of model prompts and responses." Continue Reading
-
News
12 Apr 2023
Nokoyawa ransomware exploits Windows CLFS zero-day
The Nokoyawa ransomware attacks highlight the growing use of zero-day exploits by a variety of threat groups, including financially motivated cybercriminals. Continue Reading
-
Tip
11 Apr 2023
How to fix the top 5 API vulnerabilities
APIs are more ubiquitous than ever, but many are still subject to well-known and often easily preventable vulnerabilities. Continue Reading
-
News
07 Apr 2023
Microsoft, Fortra get court order to disrupt Cobalt Strike
Microsoft, Fortra and the Health Information Sharing and Analysis center announced they obtained a court order in an effort to curb malicious Cobalt Strike use. Continue Reading