Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
News
31 May 2023
Barracuda zero-day bug exploited months prior to discovery
Barracuda said a zero-day flaw used to target its email security gateway appliance customers is a remote command injection vulnerability exploited since at least October 2022. Continue Reading
-
News
31 May 2023
Many Gigabyte PC models affected by major supply chain issue
Eclypsium researchers say the insecure implementation of PC hardware manufacturer Gigabyte's App Center could potentially result in supply chain attacks. Continue Reading
-
Tip
29 Nov 2021
Tackle IoT application security threats and vulnerabilities
By taking action to secure IoT applications and including them in a security strategy, IT admins can close off a tempting entry point to criminals. Continue Reading
-
Tip
29 Nov 2021
How SBOMs for cybersecurity reduce software vulnerabilities
With SBOMs, companies will know what components constitute the software they purchase, making it easier for security teams to understand and manage vulnerabilities and risks. Continue Reading
-
Feature
29 Nov 2021
Elastic Stack Security tutorial: How to create detection rules
This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data. Continue Reading
-
Feature
29 Nov 2021
Elastic Security app enables affordable threat hunting
New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers. Continue Reading
-
Feature
29 Nov 2021
ProxyShell vs. ProxyLogon: What's the difference?
ProxyShell and ProxyLogon both affect Microsoft Exchange Servers, but they work in different ways. Continue Reading
-
News
23 Nov 2021
Apple files lawsuit against spyware vendor NSO Group
Apple sued the Israeli technology vendor, whose Pegasus spyware has been implicated in several malicious attacks on journalists, activists and government officials. Continue Reading
-
News
23 Nov 2021
Researcher drops instant admin Windows zero-day bug
A newly-disclosed zero-day vulnerability in Windows could potentially allow local users to elevate their permissions to administrator status, and Microsoft has yet to post a fix. Continue Reading
-
News
22 Nov 2021
Cryptocurrency exchange BTC-Alpha confirms ransomware attack
While it is common for threat actors to use cryptocurrency platforms to move and obfuscate ransom payments, this time an exchange platform was the victim of such an attack. Continue Reading
-
Answer
22 Nov 2021
What are the most important email security protocols?
Email was designed without security considerations, but these top email security protocols add mechanisms to keep messaging safe from threats. Continue Reading
-
News
19 Nov 2021
Cybercriminals discuss new business model for zero-day exploits
Digital Shadows observed increased chatter on dark web forums about the possible emergence of a new business model that would rent out zero-day exploits as a service. Continue Reading
-
News
18 Nov 2021
CISA, Microsoft warn of rise in cyber attacks from Iran
CISA and Microsoft this week issued alerts about increased threat activity Iranian nation-state hacking groups, including ransomware attacks on enterprises. Continue Reading
-
News
18 Nov 2021
New side channel attack resurrects DNS poisoning threat
A new side channel attack would potentially allow attackers to poison DNS servers and reroute traffic to malicious sites. Continue Reading
-
News
17 Nov 2021
Malwarebytes slams Apple for inconsistent patching
At the center of the Apple criticism is an exploit chain that utilized two vulnerabilities -- one of which was only patched in macOS Big Sur for several months. Continue Reading
-
Podcast
17 Nov 2021
Risk & Repeat: Are ransomware busts having an effect?
International law enforcement agencies this year have stepped up efforts to address the ransomware threat with arrests, indictments and multimillion-dollar rewards. Continue Reading
-
News
15 Nov 2021
Microsoft releases out-of-band update for Windows Server
Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability. Continue Reading
-
News
15 Nov 2021
ProxyShell leads to domain-wide ransomware attack
The domain-wide ransomware attack utilized "almost no malware," and the threat actor accomplished the attack with the months-old ProxyShell vulnerabilities. Continue Reading
-
Feature
11 Nov 2021
Tools to conduct security chaos engineering tests
Security teams are becoming curious about how chaos engineering can benefit them. Read about the security chaos engineering tools available for early adopters. Continue Reading
-
News
11 Nov 2021
Trend Micro reveals 'Void Balaur' cybermercenary group
New Trend Micro research revealed a cybermercenary group that has been actively targeting high-profile organizations and individuals across the globe since 2015. Continue Reading
-
News
11 Nov 2021
Citrix DDOS bug leaves networks vulnerable
Citrix patched a critical bug in its Application Delivery Controller and Gateway software that left networks open to DDOS attacks. It also fixed a less-severe SD-WAN WANOP bug. Continue Reading
-
News
11 Nov 2021
'King of Fraud' sentenced for Methbot botnet operation
Aleksandr Zhukov was sentenced to 10 years in prison for the theft of $7 million in a massive digital advertising fraud operation using his 'Methbot' botnet. Continue Reading
-
News
10 Nov 2021
US targets REvil, DarkSide ransomware with $10M rewards
Infosec experts weigh in on the U.S. government's latest tactic to thwart ransomware operations -- the offering of rewards of up to $10 million for information on operators. Continue Reading
-
News
09 Nov 2021
Medical devices at risk from Siemens Nucleus vulnerabilities
Thirteen bugs, including a critical security flaw, have been patched in the Siemens Nucleus TCP/IP stack, a vital component for millions of connected medical devices. Continue Reading
-
News
08 Nov 2021
REvil ransomware affiliates arrested in international takedown
Europol said the two suspected REvil affiliates were allegedly responsible for 5,000 ransomware infections and received approximately half a million euros in ransom payments. Continue Reading
-
News
03 Nov 2021
BlackMatter claims to shut down ransomware operations
Operators behind the ransomware, known to target critical infrastructure, attributed the shutdown to pressure from authorities and the disappearance of team members. Continue Reading
-
News
28 Oct 2021
Avast releases decryptors for multiple ransomware strains
Victims of three separate ransomware families can now recover data using tools developed by the antivirus vendor with help from a malware analyst and an alleged Babuk developer. Continue Reading
-
News
25 Oct 2021
Emsisoft cracked BlackMatter ransomware, recovered victims' data
Emsisoft developed a decryptor for BlackMatter and also found vulnerabilities in about a dozen other ransomware families that can be used to recover victims' data. Continue Reading
-
News
19 Oct 2021
Federal agencies issue warning on BlackMatter ransomware
U.S. government agencies say a new family of malware could create problems for critical infrastructure by shutting down critical networks and disrupting commerce. Continue Reading
-
News
13 Oct 2021
How hackers exploited RCE vulnerabilities in Atlassian, Azure
Barracuda researchers examined exploitation activity and attack patterns for two remote code execution vulnerabilities affecting Atlassian's Confluence and Microsoft's Azure. Continue Reading
-
News
12 Oct 2021
Apple patches iOS vulnerability actively exploited in the wild
Apple said in a security advisory that it had received a report that the iOS flaw, which impacts kernel extension IOMobileFrameBuffer, 'may have been actively exploited.' Continue Reading
-
News
11 Oct 2021
Iranian password spraying campaign hits Office 365 accounts
The Iran-backed DEV-0343 threat group has launched a password spraying offensive against Office 365 accounts in the defense, maritime and oil industries. Continue Reading
-
Feature
08 Oct 2021
4 types of ransomware and a timeline of attack examples
There are four main types of ransomware, but many examples of ransomware strains. Learn how the ransomware types work, and review notable ransomware attacks and variants. Continue Reading
-
Feature
08 Oct 2021
The history and evolution of ransomware
Ransomware has evolved from a malicious floppy disk demanding $189 in ransom to a trillion-dollar industry with ransom for rent, sophisticated techniques and big-name victims. Continue Reading
-
News
06 Oct 2021
Apache HTTP Server vulnerability under active attack
Security experts are urging administrators to update their installations of Apache HTTP Server following the disclosure of a zero-day vulnerability that had been under attack. Continue Reading
-
News
06 Oct 2021
Iranian hackers abusing Dropbox in cyberespionage campaign
A group of hackers believed to be based in Iran is targeting organizations in the U.S. and elsewhere with a campaign that uses cloud storage service Dropbox. Continue Reading
-
News
04 Oct 2021
2 suspected ransomware operators arrested in Ukraine
A coordinated international law enforcement operation led to the arrest of two alleged ransomware operators, though the ransomware gang has not been identified. Continue Reading
-
News
28 Sep 2021
SolarWinds hackers Nobelium spotted using a new backdoor
Microsoft researchers believe Nobelium, the Russian-backed group that breached SolarWinds, has been using a backdoor tool called FoggyWeb since at least April. Continue Reading
-
Answer
27 Sep 2021
What is extortionware? How does it differ from ransomware?
Prevention is the only line of defense against an extortionware attack. Learn how extortionware works and why it can be more damaging than ransomware. Continue Reading
-
News
24 Sep 2021
Spurned researcher posts trio of iOS zero days
An anonymous bug hunter critical of Apple's handling of reports to its bounty program has released details on three zero-day vulnerabilities in its iOS mobile platform. Continue Reading
-
Tip
24 Sep 2021
How to prevent ransomware: 6 key steps to safeguard assets
Ransomware can cost companies billions in damage. Incorporate these ransomware prevention best practices to keep attackers out. Continue Reading
-
News
22 Sep 2021
Turla deploying 'secondary' backdoor in state-sponsored attacks
Cisco Talos said hackers connected to the Russian APT Turla are using a new piece of malware to get persistent access on infected networks in the U.S., Germany and Afghanistan. Continue Reading
-
News
22 Sep 2021
Marcus & Millichap hit with possible BlackMatter ransomware
The real estate firm confirmed in a SEC filing this week that it had suffered a recent cyber attack but claimed there was no 'material disruption' to its business. Continue Reading
-
News
21 Sep 2021
Treasury Department sanctions cryptocurrency exchange Suex
In the ongoing battle against ransomware attacks, the Treasury Department sanctioned Suex, a cryptocurrency exchange accused of laundering ransom payments. Continue Reading
-
News
20 Sep 2021
Italian Mafia implicated in massive cybercrime network
A recent spate of phishing attacks and SMS fraud scams in Spain is being blamed on cybercriminals who were operating from the Canary Islands with backing from the Italian mob. Continue Reading
-
Tip
20 Sep 2021
Should companies pay after ransomware attacks? Is it illegal?
It's not a question of whether a company will fall prey to ransomware, but when. Executives should focus on deciding to pay or not pay the ransom and on any legal fallout. Continue Reading
-
News
16 Sep 2021
Bitdefender releases REvil universal ransomware decryptor
The REvil decryptor key helps victims recover their encrypted files, as long as the attacks were made before July 13, which is when REvil went off the grid for two months. Continue Reading
-
News
16 Sep 2021
ExpressVPN stands behind CIO named in UAE hacking scandal
ExpressVPN said it will not cut ties with CIO Daniel Gericke, who was implicated by the DOJ in state-sponsored hacking on behalf of the United Arab Emirates government. Continue Reading
-
News
15 Sep 2021
McAfee discovers Chinese APT campaign 'Operation Harvest'
McAfee Enterprise found the threat actors had not only breached a company's network, but had spent 'multiple years' siphoning data from the victim before getting caught. Continue Reading
-
News
14 Sep 2021
Apple patches zero-day, zero-click NSO Group exploit
The Citizen Lab said that it found the Apple zero-day vulnerability when it was 'analyzing the phone of a Saudi activist infected with NSO Group's Pegasus spyware.' Continue Reading
-
News
13 Sep 2021
Hackers port Cobalt Strike attack tool to Linux
An unknown group of cybercriminals has created a version of the Windows-only Cobalt Strike Beacon tool that works against Linux machines, which has been used in recent attacks. Continue Reading
-
Feature
10 Sep 2021
17 ransomware removal tools to protect enterprise networks
Check out this list of ransomware removal platforms to detect possible security threats, block attacks, and erase any malware lingering on devices and enterprise networks. Continue Reading
-
Tip
09 Sep 2021
How to remove ransomware, step by step
Prevention is key when it comes to ransomware infections. But there are ways to recover data if a device is compromised. Uncover four key steps to ransomware removal. Continue Reading
-
Tip
08 Sep 2021
Top 3 ransomware attack vectors and how to avoid them
Adversaries use three common entryways to infect systems with ransomware. Learn how to prevent your organization from falling victim to an attack. Continue Reading
-
Feature
07 Sep 2021
3 ransomware detection techniques to catch an attack
It's not enough to protect a company's system from ransomware. Reduce damage from attacks with these three ransomware detection methods. Continue Reading
-
News
02 Sep 2021
Autodesk targeted in SolarWinds hack
Autodesk said in its 10-Q filing released Wednesday that it believes 'no customer operations or Autodesk products were disrupted' in the SolarWinds supply chain attack. Continue Reading
-
Feature
30 Aug 2021
Malware analysis for beginners: Getting started
With the cybersecurity industry struggling to fill open positions, now is the time to start in the field. Infosec expert Dylan Barker shares what you should know to be a malware analyst. Continue Reading
-
Feature
30 Aug 2021
Top static malware analysis techniques for beginners
Malware will eventually get onto an endpoint, server or network. Using static analysis can help find known malware variants before they cause damage. Continue Reading
-
News
26 Aug 2021
Private sectors pledge big for cyberdefense
Tech giants have invested billions to address cybersecurity threats such as supply chain security and attacks on critical infrastructures. Continue Reading
-
News
24 Aug 2021
4 emerging ransomware groups take center stage
Four ransomware operations -- AvosLocker, Hive, HelloKitty and LockBit 2.0 -- have popped up on the radar of researchers with Palo Alto Network's Unit 42 team. Continue Reading
-
News
11 Aug 2021
Hackers selling access to breached networks for $10,000
Network access is a closely-guarded commodity in underground hacker forums, with some sellers not even revealing the names of their victims until money has changed hands. Continue Reading
-
News
04 Aug 2021
Matt Tait warns of 'stolen' zero-day vulnerabilities
During Black Hat 2021, the COO of Corellium discussed three main threats that have ramped up: stolen zero days, zero days being exploited in the wild and supply chain attacks. Continue Reading
-
News
04 Aug 2021
Supply chain attacks, IoT threats on tap for Black Hat 2021
Industry analysts say that evolving threats, real-world impacts and supply chain attacks will be among their hot topics at this year's Black Hat 2021 conference. Continue Reading
-
News
02 Aug 2021
Hospitals at risk from security flaws in pneumatic tube systems
Researchers at IoT security vendor Armis said the nine critical vulnerabilities affect the pneumatic tube systems used by many hospitals in North America. Continue Reading
-
News
29 Jul 2021
Kaspersky tracks Windows zero days to 'Moses' exploit author
In its second-quarter threat report, Kaspersky Lab found a rise in the use of exploits and zero-day vulnerabilities, several of which were traced to a single threat actor. Continue Reading
-
News
28 Jul 2021
New 'BlackMatter' ransomware gang has echoes of REvil
Although connections are being made between ransomware groups REvil and BlackMatter, the jury is still out on whether they have threat actors in common. Continue Reading
-
News
26 Jul 2021
Coveware: Median ransomware payment down 40% in Q2 2021
Coveware CEO Bill Siegel said that the efficacy of using data leak threats to obtain ransomware payments has gone down because 'you don't get anything in return when you pay.' Continue Reading
-
Guest Post
19 Jul 2021
Balancing the benefits with the risks of emerging technology
Emerging technologies enable companies to maintain a competitive edge through their various benefits but can come with high risks. A balancing act is required. Continue Reading
-
News
19 Jul 2021
US charges members of APT40, Chinese state-sponsored group
The Department of Justice accused four Chinese nationals of hacking into a variety of businesses between 2011 and 2018 to steal trade secrets and other valuable data. Continue Reading
-
News
19 Jul 2021
US government formally names China in Exchange Server hack
Beyond the Exchange Server hack, the White House's statement condemned China for its malicious cyber behavior and accused the country of government-affiliated ransomware attacks. Continue Reading
-
News
15 Jul 2021
SonicWall warns of 'imminent' SMA 100/SRA ransomware attacks
SonicWall said that those who fail to update or disconnect their vulnerable SMA 100 and SRA devices are 'at imminent risk of a targeted ransomware attack.' Continue Reading
-
Podcast
14 Jul 2021
Risk & Repeat: Breaking down the Kaseya ransomware attacks
Nearly two weeks after REvil ransomware hit hundreds of companies, Kaseya and its managed service providers are still assessing the damage from the supply chain attack. Continue Reading
-
News
14 Jul 2021
Microsoft: Chinese threat actor exploited SolarWinds zero-day
Microsoft has observed DEV-0322, the threat actor exploiting the SolarWinds Serv-U zero-day, 'targeting entities in the U.S. Defense Industrial Base Sector and software companies.' Continue Reading
-
News
07 Jul 2021
Microsoft posts emergency 'PrintNightmare' patch
The out-of-band patch release addresses a critical flaw that allowed threat actors to gain remote code execution on vulnerable Windows and Windows Server systems. Continue Reading
-
News
06 Jul 2021
Kaseya ransomware attacks: What we know so far
REvil ransomware threat actors exploited a zero-day vulnerability to issue ransomware payloads disguised as legitimate software updates from Kaseya. Continue Reading
-
News
06 Jul 2021
Kaseya: 1,500 organizations affected by REvil attacks
Approximately 50 managed service providers and up to 1,500 of their customers were compromised via a devastating supply chain attack on Kaseya by REvil ransomware actors. Continue Reading
-
News
02 Jul 2021
Russia using Kubernetes cluster for brute-force attacks
The NSA warned that Russian state-sponsored hackers launched a new container-based campaign aimed at breaching networks and stealing essential data from multiple industries. Continue Reading
-
News
30 Jun 2021
European police lay siege to hacker haven DoubleVPN
An international law enforcement operation shut down DoubleVPN, a Dutch-hosted service that had provided low-cost, underground anonymizing services to cybercriminals. Continue Reading
-
News
29 Jun 2021
End users in the dark about latest cyberthreats, attacks
A study from IoT security vendor Armis shows many outside the IT community are unaware of growing threats, leaving a major gap in knowledge of basic security practices. Continue Reading
-
News
28 Jun 2021
SolarWinds hackers compromised Microsoft support agent
After placing information-stealing malware on a customer support agent's system, the Nobelium threat actors gained access to three Microsoft clients. Continue Reading
-
News
28 Jun 2021
DarkSide ransomware funded by cybercriminal 'investors'
New ransomware gangs, such as DarkSide, are receiving cryptocurrency investments from their peers and are poised to make life difficult for enterprises and law enforcement alike. Continue Reading
-
News
24 Jun 2021
Namecheap refines strategy to fight malicious domains
Security researchers this month noted drastic improvements in the domain registrar's effort to respond to and mitigate reports of malicious and fraudulent sites. Continue Reading
-
Podcast
23 Jun 2021
Risk & Repeat: US opens door for hacking back
This episode of the Risk & Repeat podcast discusses the growing pressure on the U.S. to respond to cyber attacks and if hacking back will be part of the plan. Continue Reading
-
News
22 Jun 2021
COVID, gift cards and phony acquisitions top BEC attack trends
New research from Cisco Talos shows cybercriminals are still using the COVID-19 pandemic for BEC attacks to steal millions, but in slightly different ways. Continue Reading
-
News
16 Jun 2021
Repeat ransomware attacks hit 80% of victims who paid ransoms
New research from Cybereason offers troubling findings for organizations that pay ransoms, from repeat attacks to corrupted data and faulty decryption tools. Continue Reading
-
News
11 Jun 2021
Slilpp marketplace goes dark following government takedown
Slilpp, a massive dark web emporium for buying and selling stolen credentials, has been pulled offline by an international law enforcement takedown. Continue Reading
-
News
11 Jun 2021
Cisco Talos: Exchange Server flaws accounted for 35% of attacks
More than one third of incidents recorded by Cisco Talos in the past three months were related to four Microsoft Exchange Server zero-days first revealed in March. Continue Reading
-
News
03 Jun 2021
White House issues ransomware directive for businesses
The Biden administration aims to stem parade of ransomware infections, data thefts and massive payouts to cybercriminal groups with a list of security best practices. Continue Reading
-
Feature
28 May 2021
Network reconnaissance techniques for beginners
In this excerpt of 'How Cybersecurity Really Works,' author Sam Grubb breaks down common network reconnaissance techniques used by adversaries to attack wired networks. Continue Reading
-
Guest Post
27 May 2021
3 steps to zero-day threat protection
Don't let a zero-day threat bring down your networks. Follow these three steps to prepare for the unknown and minimize potential damage. Continue Reading
-
News
26 May 2021
Rowhammer reach extended for new attack method
Google researchers discovered a bit-flipping hardware trick can now be carried out across extra rows of transistors, circumventing protections against the attack technique. Continue Reading
-
News
25 May 2021
Operational technology is the new low-hanging fruit for hackers
FireEye researchers say exposed and poorly guarded industrial systems are being increasingly compromised by low-skill hackers using entry-level exploit techniques. Continue Reading
-
News
20 May 2021
U.S. officials discuss 2020 election security, misinformation
During an RSA Conference 2021 panel, the CISO for Maricopa County, Ariz., said misinformation posed a bigger challenge for election officials than actual cyberattacks. Continue Reading
-
News
20 May 2021
Infosec experts: Threat landscape is worst in 60 years
Between an increasing sophistication seen in nation-state groups and a rise in ransomware that's affecting everyone, the threat landscape may be reaching a historic peak. Continue Reading
-
News
19 May 2021
SentinelOne: More supply chain attacks are coming
At RSA Conference 2021, SentinelOne threat researcher Marco Figueroa discussed the implications of the SolarWinds attacks, which he called one of the biggest hacks ever. Continue Reading
-
News
19 May 2021
SolarWinds CEO: Supply chain attack began in January 2019
SolarWinds CEO Sudhakar Ramakrishna clarified earlier remarks from the company and said the massive supply chain attack was not the result of an intern's mistake. Continue Reading
-
News
17 May 2021
Hackers turn Comcast voice remotes into eavesdropping tool
Guardicore researchers at RSA Conference 2021 manipulated the Xfinity XR11 voice controller to covertly record household conversations, raising concerns about IoT devices. Continue Reading
-
News
12 May 2021
Hacker makes short work of Apple AirTag jailbreak
A security researcher discovered a jailbreaking method for Apple's new mobile locating tracking devices, which were introduced just last month. Continue Reading
-
News
12 May 2021
Senate hearing raises questions about SolarWinds backdoors
U.S. Department of Commerce CISO Ryan Higgins said in a Senate committee hearing Tuesday that his department was one of first agencies to detect the systemic compromise. Continue Reading
-
News
12 May 2021
DarkSide: The ransomware gang that took down a pipeline
DarkSide may be best known for the Colonial Pipeline ransomware attack, but the gang has hit dozens of organizations since last summer, presenting itself as a Robin Hood-type group. Continue Reading
-
News
10 May 2021
Colonial Pipeline runs dry following ransomware attack
A vital U.S. oil supply was shut down to prevent a ransomware infection from spreading from corporate IT systems to more crucial operational technology systems. Continue Reading
-
News
06 May 2021
US defense contractor BlueForce apparently hit by ransomware
The Conti ransomware operators demanded nearly $1 million in bitcoin during ransomware negotiations and threatened to publish the defense contractor's data on its leak site. Continue Reading