Threat detection and response

Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.

Top Stories

News 03 Apr 2024
Sophos: Ransomware present in 70% of IR investigations

Sophos' Active Adversary Report said securing remote desktop protocols and Active Directories and hardening credentials can help limit the influx of successful ransomware attacks. Continue Reading
News 03 Apr 2024
Cyber Safety Review Board slams Microsoft security failures

The Department of Homeland Security's Cyber Safety Review Board said a 'cascade' of errors at Microsoft allowed nation-state hackers to access U.S. government emails last year. Continue Reading

News 02 Apr 2024

Microsoft Copilot for Security brings GenAI to SOC teams

Microsoft's latest AI-powered tool, now generally available, has been beneficial for security teams regarding efficiency, but infosec experts see some room for improvements. Continue Reading
News 27 Mar 2024

Spyware vendors behind 75% of zero-days targeting Google

Google observed 97 zero-day vulnerabilities exploited in the wild last year, which was more than a 50% increase over the 62 exploited zero-day vulnerabilities tracked in 2022. Continue Reading
News 27 Mar 2024

Unpatched flaw in Anyscale's Ray AI framework under attack

Oligo Security researchers say thousands of Ray servers have been compromised through the flaw, but Anyscale said it has received no reports of exploitation. Continue Reading
News 27 Mar 2024

Flashpoint observes 84% surge in ransomware attacks in 2023

The threat intelligence vendor anticipates that enterprises will continue to face increases in ransomware activity and data breaches in 2024, with some silver linings ahead. Continue Reading
News 26 Mar 2024

SQL injection vulnerability in Fortinet software under attack

Fortinet and CISA confirmed CVE-2023-48788 is being actively exploited. But the Shadowserver Foundation found that many vulnerable instances remain online. Continue Reading
Tutorial 22 Mar 2024

Fuzzy about fuzz testing? This fuzzing tutorial will help

Organizations are searching for ways to automate and improve their application security processes. Fuzz testing is one way to fill in some of the gaps. Continue Reading
Tip 21 Mar 2024

10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
News 20 Mar 2024

CISA urges defensive actions against Volt Typhoon threats

The U.S. cybersecurity agency advised critical infrastructure leaders to adopt several best practices and defensive measures to protect against Chinese state-sponsored attacks. Continue Reading
Podcast 19 Mar 2024

Risk & Repeat: Microsoft's Midnight Blizzard mess

This podcast episode discusses the latest disclosure from Microsoft regarding Midnight Blizzard, which accessed internal systems, source code and some cryptographic secrets. Continue Reading
News 18 Mar 2024

Exploitation activity increasing on Fortinet vulnerability

The Shadowserver Foundation recently saw an increase in exploitation activity for CVE-2024-21762, two days after a proof-of-concept exploit was published. Continue Reading
News 12 Mar 2024

Sophos: Remote ransomware attacks on SMBs increasing

According to new research from Sophos, small businesses are seeing a rise in threats such as remotely executed ransomware attacks, malvertising, driver abuse and more. Continue Reading
News 08 Mar 2024

Midnight Blizzard accessed Microsoft systems, source code

Microsoft said Midnight Blizzard used data stolen from a breach of its corporate email system to access other parts of the company's network, including source code repositories. Continue Reading
Feature 08 Mar 2024

The Change Healthcare attack: Explaining how it happened

Change Healthcare was hit with a ransomware attack from BlackCat/ALPHV after its systems were disrupted. Keep reading to learn more about this attack and how others are affected. Continue Reading
News 07 Mar 2024

Former Google engineer charged with stealing AI trade secrets

Linwei Ding, a Chinese national, allegedly evaded Google's data loss prevention systems and stole confidential information to start his own China-based AI company. Continue Reading
News 05 Mar 2024

Critical JetBrains TeamCity vulnerabilities under attack

Exploitation activity has started against two vulnerabilities in JetBrains TeamCity, which has been targeted previously by nation-state threat actors such as Russia's Cozy Bear. Continue Reading
News 05 Mar 2024

Inside an Alphv/BlackCat ransomware attack

Sygnia researchers investigated an intrusion in a client's network and discovered an Alphv/BlackCat ransomware actor had been lurking in the environment for weeks. Continue Reading
Feature 04 Mar 2024

Infosec pros weigh in on proposed ransomware payment bans

Whether for or against a payment ban, security professionals are concerned regulations could negatively affect victims and result in fewer incident disclosures. Continue Reading
News 29 Feb 2024

CISA warns Ivanti ICT ineffective for detecting compromises

CISA observed ongoing exploitation against four Ivanti vulnerabilities and found problems with the vendor's Integrity Checker Tool, which is designed to detect compromises. Continue Reading
News 28 Feb 2024

Alphv/BlackCat attacking hospitals following FBI takedown

The ransomware attacks against hospitals and the healthcare sector come after law enforcement agencies, led by the FBI, disrupted Alphv/BlackCat's network in December. Continue Reading
Opinion 27 Feb 2024

Threat intelligence programs need updating -- and CISOs know it

Most enterprise threat intelligence programs are in dire need of updating. Security executives need to formalize programs, automate processes and seek help from managed services. Continue Reading
Definition 27 Feb 2024

computer forensics (cyber forensics)

Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Continue Reading
News 26 Feb 2024

CISA: APT29 targeting cloud accounts for initial access

U.K. and U.S. government agencies have observed the Russian nation-state group increasingly target dormant and inactive cloud service accounts to gain initial access. Continue Reading
News 22 Feb 2024

ConnectWise ScreenConnect flaws under attack, patch now

Huntress said in a blog post this week that the ConnectWise ScreenConnect flaws, which have come under attack, were 'trivial and embarrassingly easy' for a threat actor to exploit. Continue Reading
Tip 22 Feb 2024

Use cloud threat intelligence to protect critical data and assets

Cloud threat intelligence helps identify and analyze cloud-based threats, enabling security teams to better understand attacks and more proactively defend against them. Continue Reading
Definition 22 Feb 2024

cybersecurity

Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats. Continue Reading
Opinion 20 Feb 2024

Why companies need attack surface management in 2024

The attack surface is in a constant state of change and growth -- which is bad news for cyber-risk management. This vulnerability needs to be addressed. Continue Reading
News 20 Feb 2024

Operation Cronos dismantles LockBit ransomware gang

An international law enforcement operation led by the U.K.'s National Crime Agency seizes LockBit's websites, servers, source code and decryption keys. Continue Reading
Definition 15 Feb 2024

firewall as a service (FWaaS)

Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis capabilities to customers as part of an overall cybersecurity program. Continue Reading
News 15 Feb 2024

Eclypsium: Ivanti firmware has 'plethora' of security issues

In its firmware analysis, Eclypsium found that the Ivanti Pulse Secure appliance used a version of Linux that was more than a decade old and several years past end of life. Continue Reading
News 14 Feb 2024

Microsoft, OpenAI warn nation-state hackers are abusing LLMs

Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks. Continue Reading
Tip 13 Feb 2024

How to conduct a social engineering penetration test

Social engineering attacks are becoming more sophisticated and more damaging. Penetration testing is one of the best ways to learn how to safeguard your systems against attack. Continue Reading
News 13 Feb 2024

Proofpoint: 'Hundreds' of Azure accounts compromised

Proofpoint researchers found that the attackers manipulated the MFA of compromised accounts, registering their own methods to maintain persistent access. Continue Reading
Guest Post 13 Feb 2024

How passwordless helps guard against AI-enhanced attacks

With all the potential of generative AI comes a major downfall: malicious actors using it in attacks. Shifting from password-based authentication can help solve the challenge. Continue Reading
Feature 13 Feb 2024

Ransomware preparedness kicks off 2024 summit series

BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here. Continue Reading
News 12 Feb 2024

CISA warns Fortinet zero-day vulnerability under attack

CISA alerted federal agencies that a critical zero-day vulnerability in FortiOS is being actively exploited, though Fortinet has yet to confirm reports. Continue Reading
Definition 09 Feb 2024

cyberterrorism

Cyberterrorism is usually defined as any premeditated, politically motivated attack against information systems, programs, and data that threatens violence or results in violence. Continue Reading
News 07 Feb 2024

CISA: Volt Typhoon had access to some U.S. targets for 5 years

A joint cybersecurity advisory expanded on the Volt Typhoon threat Wednesday, confirming attackers maintained prolonged persistent access to critical infrastructure targets. Continue Reading
Tip 06 Feb 2024

Close security gaps with attack path analysis and management

Traditional cybersecurity approaches alone can fall short. Comprehensive attack path analysis and management map out vulnerabilities and help organizations protect key assets. Continue Reading
Definition 05 Feb 2024

SOAR (security orchestration, automation and response)

SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance. Continue Reading
News 02 Feb 2024

Cloudflare discloses breach related to stolen Okta data

Cloudflare initially believed it contained an attempted cyberattack last October by a threat actor using an access token stolen in a breach of Okta's customer support system. Continue Reading
News 31 Jan 2024

Ivanti discloses new zero-day flaw, releases delayed patches

While Ivanti customers can start patching two previously disclosed vulnerabilities, they must also address two new flaws for the same product. Continue Reading
Definition 31 Jan 2024

security operations center (SOC)

A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks. Continue Reading
Feature 31 Jan 2024

9 secure email gateway options for 2024

Finding the best email security gateway is vital to protect companies from cyber attacks. Here's a look at some current market leaders and their standout features. Continue Reading
Tip 30 Jan 2024

Why organizations need risk-based vulnerability management

As organizations become increasingly dispersed, they need a risk-based vulnerability management approach to achieve the best protection against cybersecurity threats. Continue Reading
Tip 30 Jan 2024

16 common types of cyberattacks and how to prevent them

To stop cybercrime, companies must understand how they're being attacked. Here are the most damaging types of cyberattacks and what to do to prevent them. Continue Reading
Definition 30 Jan 2024

What is incident response? A complete guide

Incident response is an organized, strategic approach to detecting and managing cyberattacks in ways that minimize damage, recovery time and total costs. Continue Reading
News 29 Jan 2024

Citizen Lab details ongoing battle against spyware vendors

At the SANS Cyber Threat Intelligence Summit, Citizen Lab researcher Bill Marczak discusses spyware proliferation from commercial vendors such as NSO Group, Cytrox and Quadream. Continue Reading
Definition 29 Jan 2024

indicators of compromise (IOC)

Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor. Continue Reading
Tip 29 Jan 2024

Top 4 incident response certifications to consider in 2024

Cybersecurity professionals pursuing an incident response track should consider the following certifications to bolster their knowledge and advance their career. Continue Reading
Tip 29 Jan 2024

Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
Tip 29 Jan 2024

How to rank and prioritize security vulnerabilities in 3 steps

Vulnerability management programs gather massive amounts of data on security weaknesses. Security teams should learn how to rank vulnerabilities to quickly fix the biggest issues. Continue Reading
News 26 Jan 2024

Microsoft: Legacy account hacked by Russian APT had no MFA

Microsoft has begun notifying other organizations that have been targeted in recent attacks by Midnight Blizzard, a Russian nation-state actor also known as Cozy Bear and APT29. Continue Reading
Definition 26 Jan 2024

digital forensics and incident response (DFIR)

Digital forensics and incident response (DFIR) is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events. Continue Reading
Feature 26 Jan 2024

The ultimate guide to cybersecurity planning for businesses

This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
News 25 Jan 2024

HPE breached by Russian APT behind Microsoft hack

HPE suspects that Cozy Bear, a Russian state-sponsored threat actor also known as Midnight Blizzard and Nobelium, breached its network twice in 2020. Continue Reading
Feature 25 Jan 2024

Top benefits and challenges of SOAR tools

To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success. Continue Reading
Tip 24 Jan 2024

The 9 best incident response metrics and how to use them

To solve a problem, one first has to know it exists. In incident response, that means knowing how long it takes to respond to and remediate threats, using these key metrics. Continue Reading
News 23 Jan 2024

Attacks begin on critical Atlassian Confluence vulnerability

Exploitation activity for CVE-2023-22527 marks the third time in four months that a critical Atlassian Confluence flaw has gained threat actors' attention. Continue Reading
News 22 Jan 2024

Microsoft breached by Russian APT behind SolarWinds attack

Several email accounts belonging to Microsoft senior leadership were accessed as part of the breach, though Microsoft found 'no evidence' of customer environments being accessed. Continue Reading
Feature 22 Jan 2024

How to build an incident response plan, with examples, template

With cyberthreats and security incidents growing by the day, every organization needs a solid incident response plan. Learn how to create one for your company. Continue Reading
News 19 Jan 2024

Chinese threat group exploited VMware vulnerability in 2021

After VMware confirmed that CVE-2023-34048 had been exploited, Mandiant attributed the activity to a China-nexus threat group and revealed that exploitation began in late 2021. Continue Reading
Guide 18 Jan 2024

SolarWinds breach news center

The massive SolarWinds supply chain attack continues to invade networks. Here's the latest news on the breach, how the malware infiltrates systems and the IT industry response. Continue Reading
Tip 17 Jan 2024

How to conduct incident response tabletop exercises

Have an incident response plan but aren't running incident response tabletop exercises? These simulations are key to knowing if your plan will work during an actual security event. Continue Reading
Feature 17 Jan 2024

How to create a CSIRT: 10 best practices

The time to organize and train a CSIRT is long before a security incident occurs. Certain steps should be followed to create an effective, cross-functional team. Continue Reading
Tip 17 Jan 2024

Incident management vs. incident response explained

While even many seasoned cybersecurity leaders use the terms 'incident management' and 'incident response' interchangeably, they aren't technically synonymous. Continue Reading
Tip 17 Jan 2024

Top 6 SOAR use cases to implement in enterprise SOCs

Automating basic SOC workflows with SOAR can improve an organization's security posture. Explore six SOAR use cases to streamline SOC processes and augment human analysts. Continue Reading
News 16 Jan 2024

Ivanti zero-day flaws under 'widespread' exploitation

Volexity confirmed that multiple threat actors have exploited two critical Ivanti zero-day vulnerabilities, with 1,700 devices compromised so far. Continue Reading
Tip 16 Jan 2024

13 incident response best practices for your organization

An incident response program ensures security events are addressed quickly and effectively as soon as they occur. These best practices can help get your organization on track fast. Continue Reading
News 11 Jan 2024

Ivanti confirms 2 zero-day vulnerabilities are under attack

Volexity reported the vulnerabilities to Ivanti after discovering that suspected Chinese nation-state threat actors created an exploit chain to achieve remote code execution. Continue Reading
News 10 Jan 2024

Ransomware prevention a focus for storage stewards in 2024

In 2024, generative AI and machine learning, along with employee education, are important tools to prevent the spread of ransomware throughout the enterprise. Continue Reading
Definition 10 Jan 2024

extended detection and response (XDR)

Extended detection and response (XDR) is a technology-driven cybersecurity process designed to help organizations detect and remediate security threats across their entire IT environment. Continue Reading
News 09 Jan 2024

Amsterdam arrest leads to Babuk Tortilla ransomware decryptor

A joint effort by Cisco Talos, Avast and Dutch law enforcement results in an all-encompassing Babuk ransomware recovery key and the arrest of a threat actor. Continue Reading
Definition 09 Jan 2024

sandbox

A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Continue Reading
Feature 09 Jan 2024

Top incident response tools: How to choose and use them

The OODA loop helps organizations throughout the incident response process, giving insight into the incident response tools needed to detect and respond to security events. Continue Reading
Tip 05 Jan 2024

How to create an incident response playbook

Using an incident response playbook can speed up an organization's responses to cyberattacks. Find out how to build repeatable playbooks to use for different types of incidents. Continue Reading
Feature 04 Jan 2024

10 of the biggest zero-day attacks of 2023

There were many zero-day vulnerabilities exploited in the wild in 2023. Here's a look at 10 of the most notable and damaging zero-day attacks last year. Continue Reading
News 27 Dec 2023

Another Barracuda ESG zero-day flaw exploited in the wild

On Christmas Eve, Barracuda disclosed that a China-nexus threat actor had resumed attacks against its Email Security Gateway appliance using a new zero-day vulnerability. Continue Reading
News 19 Dec 2023

FBI leads Alphv/BlackCat takedown, decrypts victims' data

The latest law enforcement effort to halt the surge of ransomware attacks was successful in disrupting one of the most active ransomware-as-a-service groups. Continue Reading
Definition 19 Dec 2023

CISO (chief information security officer)

The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. Continue Reading
News 18 Dec 2023

Akamai discloses zero-click exploit for Microsoft Outlook

During research into an older Microsoft Outlook privilege escalation vulnerability, Akamai discovered two new flaws that can be chained for a zero-click RCE exploit. Continue Reading
News 14 Dec 2023

Russian APT exploiting JetBrains TeamCity vulnerability

The Russian hackers behind the SolarWinds attacks are the latest nation-state group to exploit a critical TeamCity vulnerability to gain initial access to victims' servers. Continue Reading
News 14 Dec 2023

Splunk: AI isn't making spear phishing more effective

While new research shows AI tools won't make it easier for adversaries to conduct successful phishing attacks, social engineering awareness should remain a priority. Continue Reading
Definition 12 Dec 2023

cyber attack

A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
Tutorial 08 Dec 2023

Kali vs. ParrotOS: 2 versatile Linux distros for security pros

Network security doesn't always require expensive software. Two Linux distributions -- Kali Linux and ParrotOS -- can help enterprises fill in their security gaps. Continue Reading
Feature 06 Dec 2023

A primer on storage anomaly detection

Storage admins should continuously monitor systems to identify and act upon unusual behavior. Anomaly detection can proactively address issues before they become serious problems. Continue Reading
Definition 05 Dec 2023

offensive security

Offensive security is the practice of actively seeking out vulnerabilities in an organization's cybersecurity. Continue Reading
News 04 Dec 2023

Fancy Bear hackers still exploiting Microsoft Exchange flaw

Microsoft and Polish Cyber Command warned enterprises that Russian nation-state hackers are exploiting CVE-2023-23397 to gain privileged access to Exchange email accounts. Continue Reading
Feature 04 Dec 2023

The reality behind bypassing EDR attempts

Attackers have their work cut out for them when it comes to bypassing EDR. Learn about the difficulty of EDR evasion and how to ensure EDR tools catch all threats. Continue Reading
Feature 04 Dec 2023

How EDR systems detect malicious activity

Endpoint detection and response tools help SOCs separate benign events from malicious activity. Learn how this EDR function works. Continue Reading
News 30 Nov 2023

ScamClub spreads fake McAfee alerts to ESPN, AP, CBS sites

Malwarebytes said the malicious affiliate behind the fake virus alerts and other malvertising attacks has been flagged many times over the years, but McAfee has yet to take action. Continue Reading
News 28 Nov 2023

Europol, Ukraine police arrest alleged ransomware ringleader

Europol and Ukraine's National Police arrested the alleged leader of a ransomware gang last week, along with four accomplices, dismantling the cybercrime group. Continue Reading
News 27 Nov 2023

Threat actors targeting critical OwnCloud vulnerability

Researchers observed exploitation attempts against a vulnerability affecting OwnCloud's Graph API app, highlighting threat actors' continued focus on file-sharing products. Continue Reading
News 22 Nov 2023

CISA relaunches working group on cyber insurance, ransomware

Following a hiatus, the Cybersecurity Insurance and Data Analysis Working Group will relaunch in December to determine which security measures are most effective to reduce risk. Continue Reading
News 21 Nov 2023

CISA, FBI warn of LockBit attacks on Citrix Bleed

The latest advisory on exploitation of the Citrix Bleed vulnerability confirmed that the LockBit ransomware group perpetrated the attack on Boeing. Continue Reading
Tip 17 Nov 2023

An introduction to IoT penetration testing

IoT systems are complex, and that makes checking for vulnerabilities a challenge. Penetration testing is one way to ensure your IoT architecture is safe from cyber attacks. Continue Reading
Tip 17 Nov 2023

SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags

Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best. Continue Reading
News 16 Nov 2023

CISA, FBI issue alert for ongoing Scattered Spider activity

The government advisory follows several high-profile attacks attributed to Scattered Spider, which uses advanced social engineering techniques like SIM swapping. Continue Reading
News 15 Nov 2023

LockBit observed exploiting critical 'Citrix Bleed' flaw

The Financial Services Information Sharing and Analysis Center warned that LockBit ransomware actors are exploiting CVE-2023-4966, also known as Citrix Bleed. Continue Reading
News 09 Nov 2023

Lace Tempest exploits SysAid zero-day vulnerability

SysAid urged users to patch a zero-day vulnerability in its on-premises software, which is being exploited by the threat actor behind the MoveIt Transfer ransomware attacks. Continue Reading
Definition 09 Nov 2023

emergency communications plan (EC plan)

An emergency communications plan (EC plan) is a document that provides guidelines, contact information and procedures for how information should be shared during all phases of an unexpected occurrence that requires immediate action. Continue Reading