Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
News
11 Oct 2024
Zero-day flaw behind Rackspace breach still a mystery
More than two weeks after threat actors exploited a zero-day vulnerability in a third-party utility to breach Rackspace, the details about the flaw and the utility remain unknown. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 Oct 2024
OpenAI details how threat actors are abusing ChatGPT
While threat actors are using generative AI tools like ChatGPT to run election influence operations and develop malware, OpenAI says the efforts are rarely successful. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
08 Aug 2022
10 top open source security testing tools
From Kali Linux to Mimikatz to Metasploit, learn about 10 open source penetration testing tools organizations can use to determine how secure their network is. Continue Reading
By- Ed Moyle, Drake Software
-
Feature
05 Aug 2022
Importance of enterprise endpoint security during a pandemic
Enterprises often focus greatly on communications security and less on endpoint security. Review the importance of enterprise endpoint security and best practices to implement it. Continue Reading
By- Kyle Johnson, Taylor & Francis
-
Feature
05 Aug 2022
Cybersecurity lessons learned from COVID-19 pandemic
Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
02 Aug 2022
July another down month in ransomware attack disclosures
July saw a similar number of ransomware attack disclosures as June, previously the sparsest month for disclosures this year, according to SearchSecurity's data. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
29 Jul 2022
Coveware: Median ransom payments dropped 51% in Q2
Coveware hypothesized that large enterprises are making themselves more expensive targets for ransomware gangs and refusing to give into high demands. Continue Reading
By- Arielle Waldman, News Writer
-
News
28 Jul 2022
Microsoft: Austrian company DSIRF selling Subzero malware
Microsoft said Austrian penetration testing firm DSIRF exploited multiple zero-day vulnerabilities, including the recently patched CVE-2022-22047. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
28 Jul 2022
How to prevent a data breach: 10 best practices and tactics
When it comes to data breach prevention, the stakes are high. While it's impossible to eliminate the risk, organizations can minimize it by following these best practices. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
28 Jul 2022
AWS adds anti-malware and PII visibility to storage
New tools unveiled by AWS at re:Inforce 2022 add new anti-malware capabilities to AWS block storage and a way to find personally identifiable information with S3 object storage. Continue Reading
By- Tim McCarthy, News Writer
-
News
27 Jul 2022
Deepfake technology risky but intriguing for enterprises
Enterprises can generate synthetic data sets with the technology. It is useful in broadcast and for advertising. However, its privacy and political implications can be dangerous. Continue Reading
By- Esther Ajao, News Writer
-
Feature
27 Jul 2022
NFT wash trading explained
NFT popularity grew with the rise of cryptocurrency. But scams -- such as wash trading -- also increased, presenting new problems for businesses and consumers. Continue Reading
By- Amanda Hetler, Senior Editor
-
Definition
27 Jul 2022
data breach
A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion. Continue Reading
By- Andrew Froehlich, West Gate Networks
- Katie Terrell Hanna
- Kevin Ferguson
-
Definition
22 Jul 2022
insider threat
An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets. Continue Reading
By- Andrew Froehlich, West Gate Networks
- Katie Terrell Hanna
- Brien Posey
-
News
21 Jul 2022
NCC Group observes a drop in ransomware attacks -- for now
Changes in top ransomware-as-a-service groups like LockBit 2.0 and Conti accounted for the decline in activity, though NCC Group anticipates attacks will ramp back up. Continue Reading
By- Arielle Waldman, News Writer
-
News
21 Jul 2022
Atlassian Confluence plugin contains hardcoded password
A flaw in Questions for Confluence, a first-party application in Atlassian Confluence, contains a hardcoded password enabling access into any vulnerable instance. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
21 Jul 2022
SynSaber: Only 41% of ICS vulnerabilities require attention
The industrial cybersecurity vendor analyzed 681 ICS vulnerabilities that were disclosed this year and found many had a low probability of exploitation. Continue Reading
By- Arielle Waldman, News Writer
-
News
20 Jul 2022
DOJ report warns of escalating cybercrime, 'blended' threats
The Department of Justice's cyber review report warned that the lines between conventional cybercriminal activity and national security threats have all but disappeared. Continue Reading
-
Feature
20 Jul 2022
VMDR: Inside vulnerability management, detection and response
VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool? Continue Reading
By- Kyle Johnson, Technology Editor
-
Feature
19 Jul 2022
Cyber-war game case study: Preparing for a ransomware attack
In this real-world cyber-war game case study, an exercise on ransomware preparedness helped a company discover shortcomings in its incident response plan. Continue Reading
By- Johna Till Johnson, Nemertes Research
-
News
12 Jul 2022
4 critical flaws among 84 fixes in July Patch Tuesday
Microsoft's Patch Tuesday release for July brought dozens of fixes for security flaws in Windows, an Azure disaster recovery tool and the problematic Print Spooler service. Continue Reading
-
Definition
12 Jul 2022
software bill of materials (SBOM)
A software bill of materials (SBOM) is an inventory of all constituent components and software dependencies involved in the development and delivery of an application. Continue Reading
-
Tip
07 Jul 2022
How to create a critical infrastructure incident response plan
Does your organization have an incident response plan for disruptions to critical infrastructure? Learn how to write a successful plan for your company. Continue Reading
By -
News
06 Jul 2022
HackerOne incident raises concerns for insider threats
While the threat actor's motivation appears to be financial, it shows just how damaging an insider threat could be for vulnerability disclosure and bug bounty systems. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
06 Jul 2022
blended threat
A blended threat is an exploit that combines elements of multiple types of malware and usually employs various attack vectors to increase the severity of damage and the speed of contagion. Continue Reading
By- Kinza Yasar, Technical Writer
-
Feature
29 Jun 2022
A guide to MSP patch management best practices
As software patch management challenges mount, industry experts offer advice to MSPs on prioritizing system risk levels, selecting proper tools and testing patches internally. Continue Reading
By -
News
28 Jun 2022
Ransomware gangs using Log4Shell to attack VMware instances
Ransomware groups are exploiting the Log4Shell flaw in VMware Horizon and using DLL sideloading techniques to exfiltrate and encrypt data, according to Trend Micro. Continue Reading
-
News
28 Jun 2022
Wiz launches open database to track cloud vulnerabilities
Wiz researchers Alon Schindel and Amitai Cohen and Scott Piper, cloud security engineer at Block, launched a database to list all known cloud vulnerabilities and security issues. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
27 Jun 2022
How to determine out-of-scope bug bounty assets
What happens when a security researcher discovers a bug in an out-of-scope asset? Learn how to handle bug bounty scope in this excerpt from 'Corporate Cybersecurity.' Continue Reading
By- Kyle Johnson, Technology Editor
- Wiley Publishing
-
Feature
27 Jun 2022
An enterprise bug bounty program vs. VDP: Which is better?
Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
24 Jun 2022
Researchers criticize Oracle's vulnerability disclosure process
While the critical flaws were reported in April, it took the vendor nearly half a year to issue patches, exceeding the standard responsible coordinated disclosure policy. Continue Reading
By- Arielle Waldman, News Writer
-
News
23 Jun 2022
Chinese HUI Loader malware ups the ante on espionage attacks
A state-sponsored piece of malware may become a favorite weapon for Beijing-backed hacking crews looking to lift intellectual property from foreign firms. Continue Reading
-
Guest Post
23 Jun 2022
3 threats dirty data poses to the enterprise
The Information Security Forum predicted dirty data will pose three threats to the enterprise. Learn about these threats, and get tips on how to protect your organization from them. Continue Reading
By- Steve Durbin
-
News
22 Jun 2022
Kaspersky unveils unknown APT actor 'ToddyCat'
The origin of 'ToddyCat' is unknown. However, Kaspersky said the APT actor carries similarities with a number of Chinese-speaking threat groups. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
22 Jun 2022
Publicly disclosed U.S. ransomware attacks database
Each day SearchSecurity looks for every publicly available instance of a ransomware attack in the U.S. and compiles this data into a list to keep readers updated on recent threats. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
News
22 Jun 2022
Proofpoint: Social engineering attacks slipping past users
Executives, administrators and network defenders overlook the severity of many of the most effective social engineering tools, Proofpoint cautions. Continue Reading
-
News
21 Jun 2022
Forescout discloses 'OT:Icefall,' 56 flaws from 10 vendors
The OT:Icefall vulnerabilities come from 10 operational technology vendors that make hardware for critical infrastructure, including Emerson, Honeywell, Motorola and more. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
16 Jun 2022
Risk & Repeat: Recapping RSA Conference 2022
This Risk & Repeat episode discusses RSA Conference 2022 and major themes, such as the evolving ransomware landscape and the government's strategy to address nation-state threats. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
16 Jun 2022
How hackers use AI and machine learning to target enterprises
AI benefits security teams and cybercriminals alike. Learn how hackers use AI and machine learning to target enterprises, and get tips on preventing AI-focused cyber attacks. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
15 Jun 2022
Alphv ransomware gang ups pressure with new extortion scheme
The ransomware operators this week launched a website for victims' employees and customers to search for any stolen personal information following an attack. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
15 Jun 2022
directory traversal
Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory. Continue Reading
By- Ben Lutkevich, Site Editor
-
News
14 Jun 2022
Critical Atlassian Confluence flaw remains under attack
Researchers say a critical flaw in the Atlassian Confluence Data Center and Server is now being used to spread ransomware in the wild, making updates a top priority. Continue Reading
-
News
13 Jun 2022
Tenable slams Microsoft over Azure vulnerabilities
Tenable expressed its frustration after working with Microsoft on the disclosure of two cloud flaws that researchers ranked as critical, which the company later silently patched. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 Jun 2022
Rob Joyce: China represents biggest long-term cyberthreat
NSA director of cybersecurity Rob Joyce spoke at RSA Conference 2022 about the cyberthreat landscape for nation-state attacks from Russia and China. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
News
09 Jun 2022
CrowdStrike demonstrates dangers of container escape attacks
CrowdStrike gave a live demonstration at RSA Conference 2022 of how an attacker can use a recently discovered Kubernetes flaw to obtain full control over a container's host system. Continue Reading
-
News
09 Jun 2022
Mandiant: Cyberextortion schemes increasing pressure to pay
At RSA Conference 2022, Mandiant executives discussed how attackers are pulling out all the stops to pressure victims to pay, from DDoS attacks to harassing victims' customers. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 Jun 2022
Cybereason: Paying ransoms leads to more ransomware attacks
Cybereason found that the majority of organizations that pay threat actors to decrypt data are attacked again -- usually within a month and at the hands of the same attackers. Continue Reading
By- Arielle Waldman, News Writer
-
News
06 Jun 2022
MacOS malware attacks slipping through the cracks
Apple security specialist Patrick Wardle told RSA Conference 2022 attendees that some of the worst security flaws in the macOS operating system come from overlooked bits of code. Continue Reading
-
News
03 Jun 2022
Critical Atlassian Confluence flaw exploited in the wild
No patch is currently available for the critical Atlassian bug, which affects Confluence Server and Data Center products, though one is expected by end of day Friday. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
02 Jun 2022
Conti ransomware group targeted Intel firmware tools
A pair of Intel firmware management platforms were targeted by the notorious Conti ransomware group to create new attack techniques, according to Eclypsium researchers. Continue Reading
-
Feature
01 Jun 2022
How ransomware kill chains help detect attacks
Reconstructing cyber attacks is a key step in incident response. Learn how ransomware kill chains can help security teams detect and mitigate the consequences of an attack. Continue Reading
By- Isabella Harford, TechTarget
-
Feature
01 Jun 2022
How to improve cyber attack detection using social media
Social media has cybersecurity pros and cons. One benefit is that it can help improve cyber attack detection. These four real-world examples show how. Continue Reading
By- Isabella Harford, TechTarget
- Packt Publishing
-
News
01 Jun 2022
Forescout proof-of-concept ransomware attack affects IoT, OT
Forescout's proof of concept showed how an attacker could use an IoT camera to gain access to an enterprise's IT network and then shut down operational technology hardware. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
31 May 2022
Microsoft zero day exploited in the wild, workarounds released
A zero-day flaw in the Microsoft Support Diagnostic Tool has already been exploited in the wild. No patch is available yet, but Microsoft released temporary mitigations. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
26 May 2022
Top 4 source code security best practices
Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Feature
26 May 2022
8 ways to avoid NFT scams
People and businesses are turning to NFTs to make money, trade collectibles and use as promotions. But scams are also trying to trick people and businesses out of money. Continue Reading
By- Amanda Hetler, Senior Editor
-
News
26 May 2022
'Pantsdown' BMC vulnerability still present in Quanta servers
Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks. Continue Reading
-
News
25 May 2022
Verizon DBIR: Stolen credentials led to nearly 50% of attacks
The Verizon 2022 Data Breach Investigations Report revealed enterprises' ongoing struggle with securing credentials and avoiding common mistakes such as misconfigurations. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
25 May 2022
Prepare for deepfake phishing attacks in the enterprise
Deepfake phishing has already cost at least one company $243,000. Learn how cybersecurity leaders can train users to recognize this emerging attack vector. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
News
24 May 2022
Verizon DBIR: Ransomware dominated threat landscape in 2021
Though ransomware became an increasingly large threat to enterprises last year, Verizon's Data Breach Investigations Report found the model may not be as profitable as expected. Continue Reading
By- Arielle Waldman, News Writer
-
News
23 May 2022
Veeam data protection aids users with secure restores
From 'nothing worked' to 'it just worked': How Veeam Software helped a Florida city out of a troublesome predicament with its legacy data backup platform. Continue Reading
By- Paul Crocetti, Executive Editor
-
News
23 May 2022
AdvIntel: Conti rebranding as several new ransomware groups
According to AdvIntel's research, the Conti ransomware group's attack on the Costa Rican government was part of a rebranding effort, as the gang's ransom payments had dried up. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
20 May 2022
How to counter insider threats in the software supply chain
Insider threats extend beyond employees within your company to include people working at partners and third parties. Learn about these insider threats in the software supply chain. Continue Reading
By -
News
19 May 2022
QNAP devices hit by DeadBolt ransomware again
DeadBolt ransomware is once again targeting QNAP's NAS devices, and the vendor is urging customers to patch immediately. Continue Reading
By- Arielle Waldman, News Writer
-
News
19 May 2022
VMware vulnerabilities under attack, CISA urges action
Administrators are grappling with four VMware vulnerabilities -- two older flaws that are under active exploitation and two new bugs that CISA believes will be exploited soon. Continue Reading
-
Tip
19 May 2022
How to conduct a cyber-war gaming exercise
A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed. Continue Reading
By- Johna Till Johnson, Nemertes Research
-
News
19 May 2022
VeeamON 2022: Backup and security union emerges as top trend
Veeam has seized an opportunity to make its products more secure amid the prevalence of cyber attacks. The vendor is also looking to expand its reach, potentially through acquisitions. Continue Reading
By- Paul Crocetti, Executive Editor
-
News
18 May 2022
Axie Infinity hack highlights DPRK cryptocurrency heists
The $620 million hack of developer Sky Mavis earlier this year is only the latest in a long line of cryptocurrency platform attacks conducted by North Korean nation-state actors. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
17 May 2022
man in the browser (MitB)
Man in the browser (MitB) is a security attack where the perpetrator installs a Trojan horse on the victim's computer that is capable of modifying that user's web transactions. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
Guest Post
16 May 2022
How cryptocurrencies enable attackers and defenders
Threat actors use cryptocurrencies for their anonymity, but they're not as impenetrable as once thought. Discover how cryptocurrencies can help attackers and defenders alike. Continue Reading
By- Josh Davies
-
News
16 May 2022
Critical bug in Zyxel firewalls, VPNs exploited in the wild
Initially discovered by Rapid7, the vulnerability poses a critical risk to enterprise networks and could allow attackers to gain remote access to Zyxel security products. Continue Reading
By- Arielle Waldman, News Writer
-
News
16 May 2022
Kasten backup adds Kubernetes ransomware detection, security
As ransomware becomes a bigger concern for container admins, updates to the Kasten backup and disaster recovery platform for Kubernetes take a proactive security stance. Continue Reading
By- Paul Crocetti, Executive Editor
-
Answer
12 May 2022
Zero trust vs. zero-knowledge proof: What's the difference?
Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure networks. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
11 May 2022
Critical F5 vulnerability under exploitation in the wild
A remote code vulnerability in F5 BIG-IP network appliances is now being scanned for by threat actors, and some experts have observed exploitation in the wild. Continue Reading
-
News
10 May 2022
New clues point to REvil ransomware gang's return
New research from Secureworks' Counter Threat Unit provides further evidence that the REvil ransomware group, once thought to be defunct, is indeed back on the scene. Continue Reading
-
News
05 May 2022
Hackers exploit vulnerable Adminer for AWS database thefts
Mandiant researchers spotted a threat group using an exploit for older versions of Adminer to get their hands on metadata that included secret keys for AWS accounts. Continue Reading
-
News
05 May 2022
SentinelOne finds high-severity flaws in Avast, AVG
The Avast and AVG vulnerabilities, which have been patched, went undiscovered for 10 years and potentially impact millions of devices, according to SentinelOne. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
04 May 2022
SYN flood attack
A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server. Continue Reading
By- Ben Lutkevich, Site Editor
-
News
04 May 2022
Winnti threat group rides again with IP theft campaign
A Chinese cyberespionage campaign, dubbed 'Operation CuckooBees' by Cybereason, went unnoticed for years as spies siphoned off intellectual property from companies. Continue Reading
-
News
03 May 2022
RCE vulnerabilities found in Avaya, Aruba network switches
Armis told SearchSecurity that depending on device model, it was 'not too hard to develop an exploit' for the Avaya and Aruba flaws, heightening concern for administrators. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
03 May 2022
April ransomware attacks slam US universities
April's ransomware attacks were highlighted by several universities and colleges in the U.S. reporting attacks, plus a possible data breach at one of the world's largest beverage companies. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
Guest Post
02 May 2022
Russia-Ukraine war prompts security best practices refresher
The Russia-Ukraine war hasn't led to major cyber attacks affecting MSPs, but IT services providers should review cybersecurity best practices, including hardening and response. Continue Reading
By- Dave Sobel, MAXfocus Partners
-
Definition
28 Apr 2022
Sender Policy Framework (SPF)
Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Feature
28 Apr 2022
Case study: Why it's difficult to attribute nation-state attacks
If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware. Continue Reading
By- Isabella Harford, TechTarget
- No Starch Press
-
Feature
28 Apr 2022
Tips for using a threat profile to prevent nation-state attacks
Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile. Continue Reading
By- Isabella Harford, TechTarget
-
News
27 Apr 2022
Five Eyes reveals 15 most exploited vulnerabilities of 2021
Law enforcement agencies from five countries share the top flaws they've observed being exploited this year, some of which were disclosed as early as 2018. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
27 Apr 2022
Why companies should focus on preventing privilege escalation
If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them. Continue Reading
By- Kyle Johnson, Technology Editor
-
Tip
27 Apr 2022
Best practices for creating an insider threat program
A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
News
26 Apr 2022
Cisco Talos observes 'novel increase' in APT activity in Q1
The security vendor uncovered new trends during Q1, including increased APT attacks, 'democratized' ransomware threats and significant exploitation of Log4j bugs. Continue Reading
By- Arielle Waldman, News Writer
-
News
25 Apr 2022
T-Mobile breached in apparent Lapsus$ attack
Lapsus$'s alleged theft of T-Mobile source code is in line with its previous activity; the cybercrime group previously stole code from Microsoft and Samsung. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
22 Apr 2022
An introduction to binary diffing for ethical hackers
Binary diffing is a useful tool in the ethical hacker's arsenal. This excerpt teaches aspiring penetration testers and red teamers how to get started. Continue Reading
By- Alissa Irei, Senior Site Editor
- McGraw Hill Education
-
News
21 Apr 2022
Zero-day vulnerability exploitation soaring, experts say
Researchers with Mandiant and Google Project Zero say they observed significant increases in exploitation of zero-day vulnerabilities over the past year. Continue Reading
-
News
21 Apr 2022
Cryptocurrency theft leaves Beanstalk Farms' future in doubt
Beanstalk Farms' founders confirmed they found many aspects of activity during the attack 'strange' but saw no reason for concern. Now, the company's future is uncertain. Continue Reading
By- Arielle Waldman, News Writer
-
News
21 Apr 2022
FBI warns of 'timed' ransomware attacks on agriculture sector
In a recent alert, the FBI warned that food and agriculture businesses could become a target of ransomware attacks at the sector's busiest times of the year. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
Tip
21 Apr 2022
7 best practices for Web3 security risk mitigation
Tech builders and businesses evaluating decentralized technologies should keep these seven Web3 security best practices in mind to help mitigate traditional and novel cyber threats. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
News
20 Apr 2022
U.S. warns of 'increased' threats from Russian hacking groups
The U.S. government and its Five Eyes intelligence partners issued a joint advisory warning of the dangers posed by both state-sponsored hackers and cybercriminal crews in Russia. Continue Reading
-
Tip
20 Apr 2022
Traditional IT vs. critical infrastructure cyber-risk assessments
When it comes to critical infrastructure cybersecurity, the stakes are uniquely high. Assessing associated cyber-risk, in turn, is uniquely challenging. Continue Reading
By -
News
20 Apr 2022
Kaspersky releases decryptor for Yanluowang ransomware
Kaspersky is offering users and admins a tool to decrypt data that had been locked away by the emerging Yanluowang ransomware gang, which was first revealed in December. Continue Reading
-
News
20 Apr 2022
BlackCat emerges as one of the top ransomware threats
After several notable ransomware attacks against major enterprises, the BlackCat gang is drawing the attention of security researchers who have connected it to other groups. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
News
20 Apr 2022
AWS Log4Shell hot patch vulnerable to privilege escalation
Amazon's initial Log4Shell fix had 'severe security issues,' a Palo Alto Networks security researcher said. Amazon released new patches to fix those issues Tuesday. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
18 Apr 2022
Stolen OAuth tokens lead to 'dozens' of breached GitHub repos
Stolen OAuth tokens issued to Heroku and Travis CI were used to download data from the private repositories of 'dozens of organizations,' including GitHub subsidiary npm. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
15 Apr 2022
mail bomb
A mail bomb is a form of a denial-of-service (DoS) attack designed to overwhelm an inbox or inhibit a server by sending a massive number of emails to a specific person or system. Continue Reading
By