Network security
Enterprise cyberdefense strategies must include network security best practices. Get advice on essential network security topics such as remote access, VPNs, zero-trust security, NDR, endpoint management, IoT security, hybrid security, Secure Access Service Edge, mobile security and more.
Top Stories
-
Feature
20 Dec 2024
Identity and access management tools and features for 2025
The IAM tool marketplace is complex and ever-changing. Learn about key features and how to discern what your organization needs before approaching potential providers. Continue Reading
By- Ed Moyle, Drake Software
-
News
16 Dec 2024
ESET: RansomHub most active ransomware group in H2 2024
The antimalware vendor says law enforcement operations against the LockBit ransomware gang were successful, but a new prolific group has emerged in its place. Continue Reading
By- Arielle Waldman, News Writer
-
News
13 Oct 2022
Despite LockBit rebound, ransomware attacks down in 2022
LockBit cybercriminals are back in action with new ransomware attacks and publicity pushes. But many other new groups saw lower levels in activity in Q3, according to Cyberint. Continue Reading
-
Feature
13 Oct 2022
Why Kali Linux is the go-to distribution for penetration testing
Discover why penetration testers prefer to use the Kali Linux distribution for offensive security, from collecting useful tools together to being usable from multiple devices. Continue Reading
By- Kyle Johnson, Technology Editor
-
Feature
12 Oct 2022
The history and evolution of zero-trust security
Before zero-trust security, enterprise insiders were trusted and outsiders weren't. Learn about the history of zero trust and the public and private sector efforts to adopt it. Continue Reading
-
Tip
12 Oct 2022
An overview of the CISA Zero Trust Maturity Model
A zero-trust framework blocks all attempts to access internal infrastructure without authentication. The CISA Zero Trust Maturity Model is a roadmap to get there. Continue Reading
By -
Feature
12 Oct 2022
7 steps for implementing zero trust, with real-life examples
More than a decade since the term's inception, zero-trust security is still much easier said than done. Here's how to get started. Continue Reading
By- Alissa Irei, Senior Site Editor
- Johna Till Johnson, Nemertes Research
-
News
11 Oct 2022
BlackByte ransomware uses new EDR evasion technique
Attackers deploying the BlackByte ransomware strain are using vulnerable drivers to target a part of the operating system that many security products rely on for protection. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
11 Oct 2022
What is zero-trust network access? ZTNA basics explained
Zero-trust network access is touted as the solution to replace the VPN. As the potential future of network security, learn more about ZTNA, including its benefits and challenges. Continue Reading
By- John Burke, Nemertes Research
-
News
11 Oct 2022
Critical Fortinet vulnerability under active exploitation
Fortinet said the critical vulnerability affects three of its services -- FortiOS, FortiProxy and FortiSwitch Manager -- and urged customers to take immediate action. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
11 Oct 2022
How to choose the best ZTNA vendor for your organization
In a sea of options, finding the best ZTNA vendor for your organization can pose a major challenge. Weed through the marketing hype with advice from the experts. Continue Reading
By- Alissa Irei, Senior Site Editor
-
Tip
11 Oct 2022
Top 6 challenges of a zero-trust security model
Zero trust has a number of challenges, but because the model is highly beneficial, it's important for organizations to learn how to overcome them. Continue Reading
By- Sharon Shea, Dennis Turpitka
-
News
11 Oct 2022
Google launches new supply chain security offerings
Securing the software supply chain, especially open source libraries, was a major theme behind the new products released at the Google Cloud Next '22 conference. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
11 Oct 2022
How to conduct a cybersecurity audit based on zero trust
This checklist offers guidance on how to prepare for a zero-trust cybersecurity audit and helps document how well cybersecurity controls are performing based on CISA's ZTMM. Continue Reading
By -
Tip
07 Oct 2022
Perimeter security vs. zero trust: It's time to make the move
Perimeter security requires a border to protect enterprise data. With more and more users working outside that border, zero trust promises a better security option for the future. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
05 Oct 2022
APTs compromised defense contractor with Impacket tools
A CISA alert warned that APT actors compromised a defense contractor's Microsoft Exchange server and used Impacket, an open source Python toolkit, to move laterally in the network. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
05 Oct 2022
network security
Network security encompasses all the steps taken to protect the integrity of a computer network and the data within it. Continue Reading
By- Nick Barney, Technology Writer
- Ben Lutkevich, Site Editor
-
Tip
04 Oct 2022
How to build a zero-trust network in 4 steps
While network teams are responsible for deploying the elements of a zero-trust network, security teams should also be involved in developing the overall zero-trust framework. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
04 Oct 2022
Secureworks finds network intruders see little resistance
A report from Secureworks found that in many network intrusions, the attackers only need to employ basic, unsophisticated measures to evade detection. Continue Reading
-
Tip
04 Oct 2022
Top zero-trust use cases in the enterprise
Still hesitating to adopt zero trust? Learn about the main zero-trust use cases, as well as its benefits, myths and trends that are beginning to emerge. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
03 Oct 2022
Intermittent encryption attacks: Who's at risk?
Threat analysts have observed some ransomware gangs using a new technique that only partially encrypts victims' files, which could evade some ransomware defenses. Continue Reading
-
News
30 Sep 2022
Microsoft Exchange Server targeted with zero-day vulnerabilities
Microsoft warned that two unpatched zero-day vulnerabilities are being exploited against Exchange Server, a problem that's causing déjà vu for some researchers. Continue Reading
By- Arielle Waldman, News Writer
-
News
29 Sep 2022
Cobalt Strike malware campaign targets job seekers
Cisco Talos researchers spotted a new wave of phishing attacks that target job seekers in the U.S. and New Zealand, infecting them with Cobalt Strike beacons. Continue Reading
-
News
29 Sep 2022
Unit 42 finds polyglot files delivering IcedID malware
Palo Alto Networks' Unit 42 says attackers are using decoy Microsoft Compiled HTML Help files containing multiple file formats to infect systems with information-stealing malware. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
29 Sep 2022
The 5 principles of zero-trust security
Zero trust is a journey, not a destination. Ensure your corporate network is safe from internal and external threats by implementing these five principles of zero-trust security. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
28 Sep 2022
NCC Group: IceFire ransomware gang ramping up attacks
While the ransomware group was first observed in March, IceFire emerged on NCC Group's radar last month when attacks against English-speaking organizations soared. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
28 Sep 2022
Why zero trust requires microsegmentation
Microsegmentation is a key security technique that enables organizations to achieve a zero-trust model and helps ensure the security of workloads regardless of where they are located. Continue Reading
By- Andrew Froehlich, West Gate Networks
- Sharon Shea, Executive Editor
-
Answer
28 Sep 2022
Compare zero trust vs. the principle of least privilege
Zero trust and the principle of least privilege may appear to solve the same issue, but they have their differences. Read up on the two methodologies. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Definition
28 Sep 2022
microsegmentation
Microsegmentation is a security technique that splits a network into definable zones and uses policies to dictate how data and applications within those zones can be accessed and controlled. Continue Reading
By- Chuck Moozakis, Editor at Large
- Laura Fitzgibbons
-
News
26 Sep 2022
Critical Sophos Firewall bug under active exploitation
Sophos said the exploitation of the critical firewall vulnerability has, at this time, affected "an extremely small subset of organizations" predominantly located in South Asia. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
23 Sep 2022
Google dork query
A Google dork query, sometimes just referred to as a dork, is a search string or custom query that uses advanced search operators to find information not readily available on a website. Continue Reading
-
Opinion
21 Sep 2022
Planning the journey from SD-WAN to SASE
Enterprises need integrated security and networking frameworks to manage distributed IT environments and are looking to SD-WAN and security options like SASE to get the job done. Continue Reading
By- Bob Laliberte, Former Principal Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
21 Sep 2022
Cobalt Strike gets emergency patch
The developer of Cobalt Strike issued an out-of-band security update to address a cross-site scripting vulnerability in the popular penetration testing suite. Continue Reading
-
News
19 Sep 2022
Uber says Lapsus$ hackers behind network breach
Uber said a hacker from the Lapsus$ group used stolen credentials from a contractor to gain access to several important silos within its internal network. Continue Reading
-
Definition
19 Sep 2022
cryptojacking
Cryptojacking is a cybercrime in which another party's computing resources are hijacked to mine cryptocurrency. Continue Reading
By- Nick Barney, Technology Writer
-
News
15 Sep 2022
Webworm retools old RATs for new cyberespionage threat
Symantec's Threat Hunter Team uncovered a new cyberespionage campaign run by a threat group named Webworm, which uses customized versions of old remote access Trojans. Continue Reading
-
News
14 Sep 2022
U.S. drops the hammer on Iranian ransomware outfit
The departments of Justice and the Treasury announced criminal charges and sanctions against a group of Iranian nationals accused of running an international ransomware operation. Continue Reading
-
News
08 Sep 2022
LockBit gang leads the way for ransomware
New research from Malwarebytes shows LockBit is far and away the most prolific ransomware gang, with hundreds of confirmed attacks across the globe in recent months. Continue Reading
-
Tutorial
01 Sep 2022
How to create and add an SPF record for email authentication
Learn how to create Sender Policy Framework records to list authenticated mail servers for an email domain to fight spam, phishing, email forgery and other malicious email. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Opinion
01 Sep 2022
How to start developing a plan for SASE implementation
From prioritizing business problems to identifying future initiatives to assessing critical tool gaps, learn how to create a realistic SASE implementation roadmap. Continue Reading
By- John Grady, Principal Analyst
-
Tip
01 Sep 2022
Cybersecurity budget breakdown and best practices
Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
News
30 Aug 2022
VMware aims to improve security visibility with new services
Unveiled at VMware Explore, the company's new security services include Project Trinidad, Project Watch and Project Northstar. All three offer customer visibility enhancements. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
25 Aug 2022
Ransomware defies seasonal trends with increase
The return and rebranding of major crews saw the volume of ransomware attacks in July jump 47%, defying seasonal trends, according to researchers at NCC Group. Continue Reading
-
Tip
23 Aug 2022
7 guidelines to secure network storage
These practices, including firmware and VPN guidance, protect NAS devices. Use these steps as standalone procedures or incorporate them into your overall security process. Continue Reading
By- Julia Borgini, Spacebarpress Media
-
Tip
19 Aug 2022
8 secure file transfer services for the enterprise
With a plethora of options, finding the best secure file transfer service for your business can pose a challenge. Learn how to make an informed decision. Continue Reading
By- Paul Kirvan
- Karen Scarfone, Scarfone Cybersecurity
-
Tip
19 Aug 2022
How does SD-access work?
SD-access is a combination of two elements: SDN and the access edge. The result is a network with a centralized management system and improved security policies. Continue Reading
By- John Burke, Nemertes Research
-
News
18 Aug 2022
Russian cyber attacks on Ukraine driven by government groups
Researchers with Trustwave say the cyber attacks against Ukraine are not the work of enlisted private hacking groups but Russian government intelligence agencies. Continue Reading
-
News
16 Aug 2022
Mailchimp suffers second breach in 4 months
While the source of the breach has not been confirmed, an attacker got into Mailchimp and gained access to the customer account of cloud hosting provider DigitalOcean. Continue Reading
By- Arielle Waldman, News Writer
-
News
16 Aug 2022
For cyber insurance, some technology leads to higher premiums
Though cyber insurance demand is exceeding supply and companies might receive less coverage with higher premiums, experts say there are ways enterprises can reduce risk. Continue Reading
By- Arielle Waldman, News Writer
-
News
11 Aug 2022
Rapid7: Cisco ASA and ASDM flaws went unpatched for months
While several of the vulnerabilities were reported to Cisco in February, they remained unpatched until Thursday when Rapid7's Jake Baines discussed the flaws at Black Hat USA 2022. Continue Reading
By- Arielle Waldman, News Writer
-
News
11 Aug 2022
Cisco hacked by access broker with Lapsus$ ties
No Cisco employee or customer personal information was stolen in the hack, though some data did make it onto the dark web. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
11 Aug 2022
SentinelOne discusses the rise of data-wiping malware
During a Black Hat 2022 session, researchers showed how expectations of cyber war may differ from the reality. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
11 Aug 2022
What is data security? The ultimate guide
Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
By- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
-
News
10 Aug 2022
Industroyer2: How Ukraine avoided another blackout attack
A Black Hat 2022 session explained how the latest attack on Ukraine's energy grid was thwarted this spring, thanks to quick responses and timely sharing of threat data. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
08 Aug 2022
10 top open source security testing tools
From Kali Linux to Mimikatz to Metasploit, learn about 10 open source penetration testing tools organizations can use to determine how secure their network is. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
01 Aug 2022
Top 10 UEBA enterprise use cases
The top user and entity behavior analytics use cases fall in cybersecurity, network and data center operations, management and business operations. Check out the risks. Continue Reading
By- John Burke, Nemertes Research
-
Tip
29 Jul 2022
SSH key management best practices and implementation tips
SSH connects key systems and the people and processes necessary to keep them functioning. Learn how to use SSH key management best practices to protect your systems and network. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Tip
27 Jul 2022
SSH2 vs. SSH1 and why SSH versions still matter
The Secure Shell protocol, SSH, was redesigned and released as SSH2 in 2006. While SSH1 lingers for legacy uses, find out how the protocols differ and why it's important. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
- Mike Chapple, University of Notre Dame
-
News
21 Jul 2022
NCC Group observes a drop in ransomware attacks -- for now
Changes in top ransomware-as-a-service groups like LockBit 2.0 and Conti accounted for the decline in activity, though NCC Group anticipates attacks will ramp back up. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
15 Jul 2022
Pen testing vs. vulnerability scanning: What’s the difference?
Confused by the differences between pen tests and vulnerability scans? You're not alone. Learn the key differences between the two and when each should be used. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Tip
14 Jul 2022
3 steps for getting started with security service edge
Before getting started with security service edge (SSE), formulate a migration strategy. Check out these three expert tips for tackling SSE with maximum efficiency and ease. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Tutorial
11 Jul 2022
How to use SSH tunnels to cross network boundaries
The Secure Shell protocol authenticates and encrypts network connections. Find out how it's used to build tunnels while crossing private networks and even firewalls. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
News
06 Jul 2022
5G networks vulnerable to adversarial ML attacks
A team of academic researchers introduced an attack technique that could disrupt 5G networks, requiring new ways to protect against adversarial machine learning attacks. Continue Reading
-
News
06 Jul 2022
HackerOne incident raises concerns for insider threats
While the threat actor's motivation appears to be financial, it shows just how damaging an insider threat could be for vulnerability disclosure and bug bounty systems. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
29 Jun 2022
A guide to MSP patch management best practices
As software patch management challenges mount, industry experts offer advice to MSPs on prioritizing system risk levels, selecting proper tools and testing patches internally. Continue Reading
By -
Definition
28 Jun 2022
hardware security
Hardware security is vulnerability protection that comes in the form of a physical device rather than software that's installed on the hardware of a computer system. Continue Reading
By- Kinza Yasar, Technical Writer
-
Feature
27 Jun 2022
How to determine out-of-scope bug bounty assets
What happens when a security researcher discovers a bug in an out-of-scope asset? Learn how to handle bug bounty scope in this excerpt from 'Corporate Cybersecurity.' Continue Reading
By- Kyle Johnson, Technology Editor
- Wiley Publishing
-
Feature
27 Jun 2022
An enterprise bug bounty program vs. VDP: Which is better?
Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground. Continue Reading
By- Kyle Johnson, Technology Editor
-
Tutorial
23 Jun 2022
Use ssh-keygen to create SSH key pairs and more
Learn how to use ssh-keygen to create new key pairs, copy host keys, use a single login key pair for multiple hosts, retrieve key fingerprints and more in this tutorial. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
News
23 Jun 2022
Access management issues may create security holes
Employees who aren't credentialed to access corporate systems to do their jobs find ways around the red tape that could lead to security breaches. Continue Reading
-
News
22 Jun 2022
Ongoing PowerShell security threats prompt a call to action
Although PowerShell poses an ongoing risk to enterprise security as a post-exploitation tool, authorities strongly advise against disabling it completely. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
22 Jun 2022
What's driving converged endpoint management and security?
Security and IT teams face challenges in managing and securing a growing number of endpoints, which is driving organizations to look for converged capabilities, according to ESG. Continue Reading
By- Mark Bowker, Senior Analyst
-
News
20 Jun 2022
Paige Thompson found guilty in 2019 Capital One data breach
The former Amazon engineer who hacked AWS and gained access to sensitive data belonging to Capital One customers has been convicted. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
15 Jun 2022
How to evaluate security service edge products
As organizations become more cloud-centric and adapt to remote work, a new technique known as security service edge is gaining traction. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
13 Jun 2022
11 open source automated penetration testing tools
From Nmap to Wireshark to Jok3r, these open source automated pen testing tools help companies determine how successful their security strategies are at protecting their networks. Continue Reading
By -
News
13 Jun 2022
Skyhigh Security CEO, VP talk life after McAfee
Gee Rittenhouse discusses the process of building Skyhigh Security, a new company created by Symphony Technology Group as a rebirth of McAfee's enterprise cloud security portfolio. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
10 Jun 2022
3 types of PKI certificates and their use cases
Public key infrastructure helps authenticate senders via cryptography and digital certificates. Learn about three types of PKI certificates and their use cases. Continue Reading
By- Isabella Harford, TechTarget
-
News
09 Jun 2022
Mandiant: Cyberextortion schemes increasing pressure to pay
At RSA Conference 2022, Mandiant executives discussed how attackers are pulling out all the stops to pressure victims to pay, from DDoS attacks to harassing victims' customers. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
07 Jun 2022
Using SSH tunneling for good and evil
Secure Shell tunneling takes the secure application protocol to the next level for bypassing firewalls and creating secure connections everywhere. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
News
07 Jun 2022
Microsoft details zero-trust transition, challenges
Over the past three years, Microsoft has moved to a zero-trust framework. Security engineers outlined the transition and its challenges during a session at RSA Conference 2022. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 Jun 2022
Cybereason: Paying ransoms leads to more ransomware attacks
Cybereason found that the majority of organizations that pay threat actors to decrypt data are attacked again -- usually within a month and at the hands of the same attackers. Continue Reading
By- Arielle Waldman, News Writer
-
News
06 Jun 2022
Major DDoS attacks increasing after invasion of Ukraine
DDoS attacks are a growing threat to both government and commercial entities across the globe, as Russia's invasion of Ukraine has increased the rate of attacks in 2022. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
Tip
01 Jun 2022
How zero trust unifies network virtualization
The combination of zero trust and network virtualization creates opportunities to strengthen security policies, increase cross-domain collaboration and improve overall visibility. Continue Reading
By- John Burke, Nemertes Research
-
Feature
01 Jun 2022
How to design architecture for enterprise wireless security
Learn about a five-phase design methodology that will help your company plan for and create an enterprise wireless security architecture. Continue Reading
By- Kyle Johnson, Technology Editor
- Wiley Publishing
-
Feature
01 Jun 2022
Implementing wireless security in the enterprise
Learn how to properly secure your enterprise wireless network while considering UX, zero trust and commonly overlooked architectural mistakes. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
25 May 2022
Verizon DBIR: Stolen credentials led to nearly 50% of attacks
The Verizon 2022 Data Breach Investigations Report revealed enterprises' ongoing struggle with securing credentials and avoiding common mistakes such as misconfigurations. Continue Reading
By- Arielle Waldman, News Writer
-
News
24 May 2022
Verizon DBIR: Ransomware dominated threat landscape in 2021
Though ransomware became an increasingly large threat to enterprises last year, Verizon's Data Breach Investigations Report found the model may not be as profitable as expected. Continue Reading
By- Arielle Waldman, News Writer
-
News
18 May 2022
CISA calls out security misconfigurations, common mistakes
Poor security practices and misconfigured controls are allowing threat actors to compromise enterprise networks. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
17 May 2022
man in the browser (MitB)
Man in the browser (MitB) is a security attack where the perpetrator installs a Trojan horse on the victim's computer that is capable of modifying that user's web transactions. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
News
16 May 2022
Critical bug in Zyxel firewalls, VPNs exploited in the wild
Initially discovered by Rapid7, the vulnerability poses a critical risk to enterprise networks and could allow attackers to gain remote access to Zyxel security products. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
16 May 2022
SWIFT FIN message
SWIFT FIN is a message type (MT) that transmits financial information from one financial institution to another. Continue Reading
-
Answer
12 May 2022
Zero trust vs. zero-knowledge proof: What's the difference?
Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure networks. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
11 May 2022
Critical F5 vulnerability under exploitation in the wild
A remote code vulnerability in F5 BIG-IP network appliances is now being scanned for by threat actors, and some experts have observed exploitation in the wild. Continue Reading
-
News
11 May 2022
US, allies warn of nation-state attacks against MSPs
The joint advisory did not name any specific nation-states, though co-sponsor agencies expect threat actors to 'step up their targeting' of managed service providers (MSPs). Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 May 2022
US, EU attribute Viasat hack to Russia
The U.S. and U.K. governments, along with the EU, confirmed the suspicions around the attack that disrupted satellite services for customers in Ukraine as Russia invaded the country. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
04 May 2022
SYN flood attack
A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server. Continue Reading
By- Ben Lutkevich, Site Editor
-
News
03 May 2022
Trend Micro discovers AvosLocker can disable antivirus software
AvosLocker operators are using legitimate tools and previously disclosed vulnerabilities to disable antivirus software and evade detection on infected machines. Continue Reading
By- Arielle Waldman, News Writer
-
News
03 May 2022
RCE vulnerabilities found in Avaya, Aruba network switches
Armis told SearchSecurity that depending on device model, it was 'not too hard to develop an exploit' for the Avaya and Aruba flaws, heightening concern for administrators. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
02 May 2022
Cyberespionage group exploiting network and IoT blind spots
Researchers with Mandiant have uncovered a new espionage-focused hacking operation that takes advantage of IoT and networking gear that security tools don't cover. Continue Reading
-
Definition
28 Apr 2022
Sender Policy Framework (SPF)
Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
News
27 Apr 2022
REvil ransomware attacks resume, but operators are unknown
The notorious REvil ransomware gang appears to be up and running once more, as new attacks and malware samples have been observed, but it's unclear who is behind the operation. Continue Reading
-
News
26 Apr 2022
Cisco Talos observes 'novel increase' in APT activity in Q1
The security vendor uncovered new trends during Q1, including increased APT attacks, 'democratized' ransomware threats and significant exploitation of Log4j bugs. Continue Reading
By- Arielle Waldman, News Writer