Threats and vulnerabilities

Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.

Top Stories

Podcast 05 Apr 2024
Risk & Repeat: Cyber Safety Review Board takes Microsoft to task

This podcast episode discusses the Cyber Safety Review Board's report on Microsoft and its conclusion that the software giant must overhaul its security culture. Continue Reading
News 04 Apr 2024
Ransomware attacks ravaged municipal governments in March

Many municipalities across the U.S. faced network outages, data breaches and large ransom demands following a flurry of ransomware attacks last month. Continue Reading

News 04 Apr 2024

Infosec professionals praise CSRB report on Microsoft breach

Security professionals and executives weigh in on how the Cyber Safety Review Board handled its investigation into Microsoft and what it could mean for the tech giant. Continue Reading
Tip 04 Apr 2024

5 top OT threats and security challenges

Securing operational technology is particularly critical but also especially challenging. Consider these top OT threats and how to manage them. Continue Reading
News 03 Apr 2024

Cyber Safety Review Board slams Microsoft security failures

The Department of Homeland Security's Cyber Safety Review Board said a 'cascade' of errors at Microsoft allowed nation-state hackers to access U.S. government emails last year. Continue Reading
News 03 Apr 2024

Trend Micro: LockBit ransomware gang's comeback is failing

LockBit is struggling to resume operations in part due to the name-and-shame aspect of the international law enforcement operation responsible for the gang's disruption. Continue Reading
Tip 02 Apr 2024

Cloud computing forensics techniques for evidence acquisition

With the proper tools and methodologies, security teams can provide analysts with the critical pieces required to complete cloud computing forensics investigations. Continue Reading
News 01 Apr 2024

XZ backdoor discovery reveals Linux supply chain attack

A maintainer for XZ, a popular open source compression library for Linux distributions, compromised the open source project over the course of two years. Continue Reading
News 29 Mar 2024

Typosquatting campaign, malicious packages slam PyPI

Threat actors used automated typosquatting attacks to lead victims to malicious python packages in yet another campaign targeting the open-source software supply chain. Continue Reading
Opinion 28 Mar 2024

5 areas to help secure your cyber-risk management program

To meet the challenges of managing cyber-risk, organizations need to have a cyber-risk management plan in place. Look at five areas to better secure your organization's assets. Continue Reading
Tip 28 Mar 2024

Microsoft Teams phishing attacks and how to prevent them

Users who think phishing happens only over email should think again. Learn about recent Microsoft Teams phishing attacks and how to defend against them. Continue Reading
News 27 Mar 2024

Spyware vendors behind 75% of zero-days targeting Google

Google observed 97 zero-day vulnerabilities exploited in the wild last year, which was more than a 50% increase over the 62 exploited zero-day vulnerabilities tracked in 2022. Continue Reading
News 27 Mar 2024

Unpatched flaw in Anyscale's Ray AI framework under attack

Oligo Security researchers say thousands of Ray servers have been compromised through the flaw, but Anyscale said it has received no reports of exploitation. Continue Reading
News 27 Mar 2024

Flashpoint observes 84% surge in ransomware attacks in 2023

The threat intelligence vendor anticipates that enterprises will continue to face increases in ransomware activity and data breaches in 2024, with some silver linings ahead. Continue Reading
News 26 Mar 2024

SQL injection vulnerability in Fortinet software under attack

Fortinet and CISA confirmed CVE-2023-48788 is being actively exploited. But the Shadowserver Foundation found that many vulnerable instances remain online. Continue Reading
News 26 Mar 2024

Top.gg supply chain attack highlights subtle risks

Threat actors used fake Python infrastructure and cookie stealing to poison multiple GitHub code repositories, putting another spotlight on supply chain risks. Continue Reading
Report 25 Mar 2024

35 cybersecurity statistics to lose sleep over in 2024

Here are 35 eye-opening cybersecurity stats from dozens of security experts -- on crime, jobs and trends -- to consider while developing your 2024 security plan. Continue Reading
News 22 Mar 2024

'GoFetch' attack spells trouble for Apple M-series chips

Academic researchers discovered a hardware optimization feature called 'data memory-dependent prefetcher' could be abused to extract secret encryption keys from vulnerable systems. Continue Reading
News 21 Mar 2024

AWS fixes 'FlowFixation' vulnerability for account hijacking

A Tenable researcher discovered a session fixation flaw in AWS Managed Workflows for Apache Airflow that, combined with a misconfiguration, could enable account hijacking. Continue Reading
News 21 Mar 2024

NCC Group: Ransomware attacks jump 73% in February

While NCC Group expected an increase in ransomware attacks from January to February, year-over-year data showed just how persistent the threat is to enterprises. Continue Reading
Tip 21 Mar 2024

10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
News 20 Mar 2024

CISA urges defensive actions against Volt Typhoon threats

The U.S. cybersecurity agency advised critical infrastructure leaders to adopt several best practices and defensive measures to protect against Chinese state-sponsored attacks. Continue Reading
Tip 20 Mar 2024

How to defend against phishing as a service and phishing kits

Phishing is a perennial thorn in the side of enterprise security. Thanks to phishing-as-a-service offerings and phishing kits, the problem will only get worse. Continue Reading
Tip 19 Mar 2024

EDR vs. antivirus: What's the difference?

Endpoint detection and response and antivirus tools both protect enterprise networks, and both have distinct advantages. Which is better for your organization? Continue Reading
News 18 Mar 2024

Exploitation activity increasing on Fortinet vulnerability

The Shadowserver Foundation recently saw an increase in exploitation activity for CVE-2024-21762, two days after a proof-of-concept exploit was published. Continue Reading
News 18 Mar 2024

GitOps users warned to patch 3 new Argo CD CVEs

Three recently identified vulnerabilities, one designated high severity, now have fixes following a lengthy disclosure process and disagreements about their real-world risk. Continue Reading
Definition 15 Mar 2024

virus (computer virus)

A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an infected system and it often propagates to other systems, much like a biological virus spreads from host to host. Continue Reading
Feature 14 Mar 2024

JetBrains, Rapid7 clash over vulnerability disclosure policies

In a blog post this week, JetBrains argued that attacks on TeamCity customers were the result of Rapid7 publishing the full technical details of two critical vulnerabilities. Continue Reading
Definition 14 Mar 2024

virus signature (virus definition)

A virus signature, also known as a 'virus definition,' is a piece of code with a unique binary pattern that identifies a computer virus or family of viruses. Continue Reading
Tip 14 Mar 2024

How to craft a generative AI security policy that works

The advent of generative AI threatens to poke additional holes in your cybersecurity strategy. Compiling a GenAI-based security policy to guide your responses can help. Continue Reading
Podcast 13 Mar 2024

Risk & Repeat: CISA hacked via Ivanti vulnerabilities

The compromise of two internal CISA systems comes on the heels of ongoing attacks and developments related to two zero-day vulnerabilities Ivanti disclosed in January. Continue Reading
Tip 13 Mar 2024

How data poisoning attacks work

Generative AI brings business opportunities to the enterprise but also security risks. Learn about an evolving attack vector called data poisoning and how it works. Continue Reading
News 13 Mar 2024

Researchers warn devs of vulnerabilities in ChatGPT plugins

OpenAI and two third-party providers fixed vulnerabilities in the experimental ChatGPT plugins framework, but Salt Security researchers caution devs that security risks persist. Continue Reading
Tip 13 Mar 2024

4 types of prompt injection attacks and how they work

Compromised LLMs can expose sensitive corporate data and put organizations' reputations at risk. Learn about four types of prompt injection attacks and how they work. Continue Reading
News 12 Mar 2024

LockBit attacks continue via ConnectWise ScreenConnect flaws

Coalition is latest company to confirm LockBit activity against vulnerable ScreenConnect instances. But the insurer found significant differences between previous LockBit attacks. Continue Reading
News 11 Mar 2024

CISA confirms compromise of its Ivanti systems

CISA said that approximately one month ago, it identified 'activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses.' Continue Reading
Podcast 07 Mar 2024

Risk & Repeat: Alphv/BlackCat's chaotic exit (scam)

This podcast episode discusses the possible exit scam of ransomware-as-a-service gang Alphv/BlackCat, as well as the chaotic months the gang had leading up to its closure. Continue Reading
News 06 Mar 2024

Apple discloses 2 iOS zero-day vulnerabilities

CVE-2024-23225 and CVE-2024-23296, which bypass kernel memory protections, mark the second and third zero-day vulnerabilities that Apple has disclosed and patched this year. Continue Reading
Definition 06 Mar 2024

robocall

Robocalls are automated telephone calls that deliver a recorded message. Continue Reading
Tip 06 Mar 2024

Explore mitigation strategies for 10 LLM vulnerabilities

As large language models enter more enterprise environments, it's essential for organizations to understand the associated security risks and how to mitigate them. Continue Reading
News 05 Mar 2024

Alphv/BlackCat leak site goes down in possible exit scam

An Alphv/BlackCat affiliate accused the ransomware gang of stealing a ransom payment worth more than $20 million that may have been obtained in the Change Healthcare attack. Continue Reading
News 05 Mar 2024

Critical JetBrains TeamCity vulnerabilities under attack

Exploitation activity has started against two vulnerabilities in JetBrains TeamCity, which has been targeted previously by nation-state threat actors such as Russia's Cozy Bear. Continue Reading
Tip 05 Mar 2024

DoS vs. DDoS: How they differ and the damage they cause

DoS and DDoS attacks may not be new, but that doesn't mean they are any less disruptive to organizations. Companies should understand what they are and how they work. Continue Reading
News 04 Mar 2024

LockBit, Alphv/BlackCat highlight February ransomware activity

With events surrounding the LockBit and Alphv/BlackCat gangs and the ConnectWise ScreenConnect flaws, ransomware activity continues this year after a surge in 2023. Continue Reading
Tip 01 Mar 2024

How dynamic malware analysis works

Security teams use dynamic malware analysis to uncover how malware works -- and thereby improve threat hunting and incident detection capabilities. Continue Reading
Definition 29 Feb 2024

phishing

Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person in an email or other form of communication. Continue Reading
Podcast 27 Feb 2024

Risk & Repeat: LockBit resurfaces after takedown

LockBit returns just days after an international law enforcement operation infiltrated the ransomware gang's network and seized infrastructure, source code and decryption keys. Continue Reading
News 27 Feb 2024

Ransomware gangs exploiting ConnectWise ScreenConnect flaws

Ransomware activity is ramping up against vulnerable ScreenConnect systems as Black Basta and Bl00dy threat actors were observed exploiting the vulnerabilities. Continue Reading
News 26 Feb 2024

LockBit restores servers following law enforcement takedown

Law enforcement agencies last week announced a takedown of the LockBit ransomware gang that involved the seizure of servers, websites and decryption keys, as well as two arrests. Continue Reading
News 23 Feb 2024

GitHub Copilot replicating vulnerabilities, insecure code

Research from Snyk shows that AI assistants such as GitHub Copilot, which offer code completion suggestions, often amplify existing bugs and security issues in a user's codebase. Continue Reading
News 22 Feb 2024

ConnectWise ScreenConnect flaws under attack, patch now

Huntress said in a blog post this week that the ConnectWise ScreenConnect flaws, which have come under attack, were 'trivial and embarrassingly easy' for a threat actor to exploit. Continue Reading
Definition 22 Feb 2024

cybersecurity

Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats. Continue Reading
News 21 Feb 2024

Coalition: Vulnerability scoring systems falling short

Coalition said enterprises faced more substantial fallout from attacks on Citrix Bleed and Progress Software's MoveIt Transfer due to inadequate vulnerability prioritization. Continue Reading
News 21 Feb 2024

CrowdStrike 'Global Threat Report': Cloud intrusions up 75%

This year's report covered cloud intrusions, data extortion attacks, and the ongoing conflict between Israel and Hamas. Continue Reading
News 15 Feb 2024

Ransomware disrupts utilities, infrastructure in January

Ransomware attacks last month caused outages and disruptions at public sector and critical infrastructure organizations as well as a major financial services firm. Continue Reading
Tip 14 Feb 2024

Improve AI security by red teaming large language models

Cyberattacks such as prompt injection pose significant security risks to LLMs, but implementing red teaming strategies can test models' resistance to various cyberthreats. Continue Reading
News 13 Feb 2024

Iranian cyberattacks targeting U.S. and Israeli entities

Google said Tuesday that state-backed Iranian actors targeted the U.S. and Israel consistently in the years prior to the start of the Israel-Hamas war as well as the months after. Continue Reading
Guest Post 13 Feb 2024

How passwordless helps guard against AI-enhanced attacks

With all the potential of generative AI comes a major downfall: malicious actors using it in attacks. Shifting from password-based authentication can help solve the challenge. Continue Reading
Feature 13 Feb 2024

Ransomware preparedness kicks off 2024 summit series

BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here. Continue Reading
News 12 Feb 2024

CISA warns Fortinet zero-day vulnerability under attack

CISA alerted federal agencies that a critical zero-day vulnerability in FortiOS is being actively exploited, though Fortinet has yet to confirm reports. Continue Reading
Definition 12 Feb 2024

password spraying

Password spraying is a cyberattack tactic that involves a hacker using a single password to try and break into multiple target accounts. Continue Reading
Tip 12 Feb 2024

Top metaverse cybersecurity challenges: How to address them

As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
Definition 09 Feb 2024

cyberterrorism

Cyberterrorism is usually defined as any premeditated, politically motivated attack against information systems, programs, and data that threatens violence or results in violence. Continue Reading
News 08 Feb 2024

NCC Group records the most ransomware victims ever in 2023

Enterprises faced an alarming number of ransomware attacks as gangs targeted supply chains and took advantage of zero-day vulnerabilities and organizations' patching struggles. Continue Reading
News 07 Feb 2024

Chainalysis: 2023 a 'watershed' year for ransomware

Chainalysis said ransomware payments ballooned to reach $1.1 billion in 2023, marking a complete reversal from the decline in ransomware payments seen the year prior. Continue Reading
Definition 07 Feb 2024

keylogger (keystroke logger or system monitor)

A keylogger, sometimes called a keystroke logger, is a type of surveillance technology used to monitor and record each keystroke on a specific device, such as a computer or smartphone. Continue Reading
News 06 Feb 2024

Google: Spyware vendors are driving zero-day exploitation

Google's Threat Analysis Group urged further government action against commercial surveillance vendors that let customers abuse spyware products with impunity. Continue Reading
News 06 Feb 2024

Linux group announces Post-Quantum Cryptography Alliance

The Post-Quantum Cryptography Alliance aims to 'drive the advancement and adoption of post-quantum cryptography' and respond to security threats introduced by the emerging tech. Continue Reading
Definition 06 Feb 2024

dictionary attack

A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary, or word list, as a password. Continue Reading
Guest Post 02 Feb 2024

GenAI development should follow secure-by-design principles

Every company wants a piece of the GenAI pie, but rushing to develop a product without incorporating secure-by-design principles could harm their business and customers. Continue Reading
News 01 Feb 2024

Critical infrastructure hacks raise alarms on Chinese threats

FBI Director Christopher Wray and CISA Director Jen Easterly warned that China was targeting critical infrastructure for possible destructive attacks in the event of a conflict with the United States. Continue Reading
News 31 Jan 2024

Ivanti discloses new zero-day flaw, releases delayed patches

While Ivanti customers can start patching two previously disclosed vulnerabilities, they must also address two new flaws for the same product. Continue Reading
Feature 31 Jan 2024

Top 13 ransomware targets in 2024 and beyond

Two in three organizations suffered ransomware attacks in a single year, according to recent research. And, while some sectors bear the brunt, no one is safe. Continue Reading
Feature 31 Jan 2024

9 secure email gateway options for 2024

Finding the best email security gateway is vital to protect companies from cyber attacks. Here's a look at some current market leaders and their standout features. Continue Reading
Tip 31 Jan 2024

Top 15 email security best practices for 2024

Attackers exploit email every day to break into corporate networks, but the risk can be reduced by adhering to these 15 email security best practices. Continue Reading
Definition 30 Jan 2024

data loss

Data loss is the intentional or unintentional destruction of information. Continue Reading
News 30 Jan 2024

Corvus: 2023 was a 'record-breaking' ransomware year

The insurance company analyzed claims data and ransomware gangs' data leak sites, which suggests as many as 7,600 organizations across the globe were attacked in 2023. Continue Reading
Feature 30 Jan 2024

Security executives slam Microsoft over latest breach

Criticisms about Microsoft's breach include the lack of multifactor authentication on the targeted account and the company's approach to disclosing information about the attack. Continue Reading
Tip 30 Jan 2024

16 common types of cyberattacks and how to prevent them

To stop cybercrime, companies must understand how they're being attacked. Here are the most damaging types of cyberattacks and what to do to prevent them. Continue Reading
Tip 29 Jan 2024

Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
News 26 Jan 2024

Microsoft: Legacy account hacked by Russian APT had no MFA

Microsoft has begun notifying other organizations that have been targeted in recent attacks by Midnight Blizzard, a Russian nation-state actor also known as Cozy Bear and APT29. Continue Reading
Definition 26 Jan 2024

digital forensics and incident response (DFIR)

Digital forensics and incident response (DFIR) is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events. Continue Reading
Feature 26 Jan 2024

The ultimate guide to cybersecurity planning for businesses

This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
News 25 Jan 2024

HPE breached by Russian APT behind Microsoft hack

HPE suspects that Cozy Bear, a Russian state-sponsored threat actor also known as Midnight Blizzard and Nobelium, breached its network twice in 2020. Continue Reading
Definition 25 Jan 2024

QR code phishing

QR code phishing, or 'quishing,' is a social engineering phishing attack that intentionally deceives its recipient into scanning a QR code, redirecting the person to a bogus website. Continue Reading
News 24 Jan 2024

NCSC says AI will increase ransomware, cyberthreats

While other threats are likely to increase as well, the U.K.'s National Cyber Security Centre warns that threat actors will use AI to continue the influx of ransomware attacks. Continue Reading
News 23 Jan 2024

Attacks begin on critical Atlassian Confluence vulnerability

Exploitation activity for CVE-2023-22527 marks the third time in four months that a critical Atlassian Confluence flaw has gained threat actors' attention. Continue Reading
Tip 23 Jan 2024

How to avoid malware on Linux systems

Malware attacks are devastating to companies, and there is no exception for Linux systems. Consider updating systems and assigning correct permissions. Continue Reading
Tip 23 Jan 2024

Building an incident response framework for your enterprise

Understanding incident response framework standards and how to build the best framework for your organization is essential to prevent threats and mitigate cyber incidents. Continue Reading
News 22 Jan 2024

Microsoft breached by Russian APT behind SolarWinds attack

Several email accounts belonging to Microsoft senior leadership were accessed as part of the breach, though Microsoft found 'no evidence' of customer environments being accessed. Continue Reading
News 19 Jan 2024

Chinese threat group exploited VMware vulnerability in 2021

After VMware confirmed that CVE-2023-34048 had been exploited, Mandiant attributed the activity to a China-nexus threat group and revealed that exploitation began in late 2021. Continue Reading
Definition 19 Jan 2024

security incident

A security incident is an event that could indicate that an organization's systems or data have been compromised or that security measures put in place to protect them have failed. Continue Reading
News 18 Jan 2024

CISA posts incident response guide for water utilities

In its guide, CISA urged water and wastewater sector utility operators to harden their security posture, increase information sharing and build incident response plans. Continue Reading
News 17 Jan 2024

New zero-days in Citrix NetScaler ADC, Gateway under attack

The new vulnerabilities come four months after a variety of threat actors exploited the 'Citrix Bleed' zero-day flaw in NetScaler ADC and Gateway products. Continue Reading
News 17 Jan 2024

Google, researchers in dispute over account hijacking attacks

Google disputes aspects of threat research that CloudSEK published last month claiming threat actors are maintaining persistence after hijacking Google user accounts. Continue Reading
News 16 Jan 2024

Ivanti zero-day flaws under 'widespread' exploitation

Volexity confirmed that multiple threat actors have exploited two critical Ivanti zero-day vulnerabilities, with 1,700 devices compromised so far. Continue Reading
News 11 Jan 2024

Ivanti confirms 2 zero-day vulnerabilities are under attack

Volexity reported the vulnerabilities to Ivanti after discovering that suspected Chinese nation-state threat actors created an exploit chain to achieve remote code execution. Continue Reading
Tip 11 Jan 2024

Cloud incident response: Frameworks and best practices

Cloud incident response, like it sounds, involves responding to incidents in the cloud. But there are nuances to be aware of and unique best practices to follow. Continue Reading
Definition 10 Jan 2024

vulnerability management

Vulnerability management is the process of identifying, assessing, remediating and mitigating security vulnerabilities in software and computer systems. Continue Reading
News 10 Jan 2024

China claims it cracked Apple's AirDrop, can track senders

The flaw used by Chinese researchers to crack Apple's AirDrop encryption was reported to the company in 2019 by researchers at German university TU Darmstadt. Continue Reading
News 09 Jan 2024

Account hijacking, cryptocurrency scams spread on X

One company that had its account stolen and used for cryptocurrency scams, CertiK, said it was hacked through a phishing attack from a journalist's compromised account. Continue Reading
Feature 09 Jan 2024

How to fix the top 5 cybersecurity vulnerabilities

Check out how to fix five top cybersecurity vulnerabilities to prevent data loss from poor endpoint security, ineffective network monitoring, weak authentication and other issues. Continue Reading