Threat detection and response
Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.
Top Stories
-
Guest Post
19 Dec 2024
Add gamification learning to your pen testing training playbook
Organizations that embrace gamification in their pen testing training are better positioned to build and maintain the skilled security teams needed to address evolving threats. Continue Reading
By- Ed Skoudis, SANS Technology Institute
-
News
16 Dec 2024
Blackberry sells Cylance to Arctic Wolf for $160M
After exiting the mobile device market, Blackberry acquired Cylance for $1.4 billion in 2018 to expand its presence in enterprise security. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
15 Jul 2024
What is an intrusion detection system (IDS)?
An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Ben Lutkevich, Site Editor
-
News
11 Jul 2024
Ransomware gangs increasingly exploiting vulnerabilities
New research from Cisco Talos highlighted three of the most popular known vulnerabilities that were exploited by ransomware gangs for initial access during 2023 and 2024. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 Jul 2024
Check Point sheds light on Windows MSHTML zero-day flaw
A Check Point Software Technologies researcher who discovered CVE-2024-38112 said the Windows spoofing vulnerability may have been exploited as far back at January 2023. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Opinion
09 Jul 2024
CISOs on how to improve cyberthreat intelligence programs
Organizations need to take a focused approach to gain visibility into targeted threats for cyber-risk mitigation and incident response. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
09 Jul 2024
Governments issue warning on China's APT40 attacks
Government agencies say APT40 continues to pose significant risk to organizations across the globe by exploiting vulnerabilities in public-facing applications. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
08 Jul 2024
How AI-driven SOC tech eased alert fatigue: Case study
Alert fatigue is real, and it can cause big problems in the SOC. Learn how generative AI can improve security outcomes and reduce analysts' frustration in this case study. Continue Reading
By- Alissa Irei, Senior Site Editor
-
Definition
05 Jul 2024
What is a cyber attack? How they work and how to stop them
A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Mary K. Pratt
-
Tip
05 Jul 2024
16 common types of cyberattacks and how to prevent them
To stop cybercrime, companies must understand how they're being attacked. Here are the most damaging types of cyberattacks and what to do to prevent them. Continue Reading
By -
News
01 Jul 2024
Critical OpenSSH vulnerability could affect millions of servers
Exploitation against CVE-2024-6387, which Qualys nicknamed 'regreSSHion,' could let attackers bypass security measures and gain root access to vulnerable servers. Continue Reading
By- Arielle Waldman, News Writer
-
News
28 Jun 2024
TeamViewer breached by Russian state actor Midnight Blizzard
TeamViewer says a Russian state-sponsored threat actor known as Midnight Blizzard gained accessed to the company's corporate network via compromised employee credentials. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tutorial
28 Jun 2024
How to use Social-Engineer Toolkit
Testing system components for vulnerabilities is just one part of the network security equation. What's the best way to measure users' resilience to social engineering threats? Continue Reading
By- Ed Moyle, Drake Software
-
News
26 Jun 2024
LockBit claim about hacking U.S. Federal Reserve fizzles
Evolve Bank & Trust confirmed that it was affected by a cybersecurity-related incident, but has not yet said whether the LockBit ransomware gang was responsible. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
26 Jun 2024
MoveIt Transfer vulnerability targeted amid disclosure drama
Progress Software's MoveIt Transfer is under attack again, just one year after a Clop ransomware actor exploited a different zero-day MoveIt flaw against thousands of customers. Continue Reading
By- Arielle Waldman, News Writer
-
Answer
26 Jun 2024
SPF, DKIM and DMARC: What are they and how do they work together?
Internet protocols for email authentication -- SPF, DKIM and DMARC -- coordinate defense against spammers, phishing and other spoofed email problems. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
News
25 Jun 2024
CISA discloses breach of Chemical Security Assessment Tool
The breach, which CISA first disclosed in March, stemmed from Ivanti zero-day vulnerabilities that a Chinese nation-state threat actor first exploited in January. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
25 Jun 2024
What is security information and event management (SIEM)?
Security information and event management (SIEM) is an approach to security management that combines security information management (SIM) and security event management (SEM) functions into one security management system. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
-
Video
21 Jun 2024
Benefits of dark web monitoring
Dark web monitoring helps organizations stay ahead of cybersecurity threats by detecting proprietary data breaches, securing accounts and ensuring compliance. Continue Reading
By- Sabrina Polin, Managing Editor
-
News
20 Jun 2024
SolarWinds Serv-U vulnerability under attack
The Centre for Cybersecurity Belgium observed exploitation against CVE-2024-28995, a high-severity vulnerability in SolarWind's Serv-U file transfer product. Continue Reading
By- Arielle Waldman, News Writer
-
Answer
20 Jun 2024
Port scan attacks: What they are and how to prevent them
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and defend against port scan attacks. Continue Reading
By -
News
12 Jun 2024
Black Basta might have exploited Microsoft flaw as zero-day
While investigating a ransomware attack, Symantec found evidence that suggests Black Basta threat actors exploited a Microsoft vulnerability as a zero-day. Continue Reading
By- Arielle Waldman, News Writer
-
News
12 Jun 2024
Acronis XDR expands endpoint security capabilities for MSPs
Extended detection and response capabilities for the Acronis platform can automatically lock accounts and generate incident summaries for MSPs looking for additional security. Continue Reading
By- Tim McCarthy, News Writer
-
Definition
10 Jun 2024
communications intelligence (COMINT)
Communications intelligence (COMINT) is information gathered from the communications between individuals or groups of individuals, including telephone conversations, text messages, email conversations, radio calls and online interactions. Continue Reading
By -
Definition
07 Jun 2024
electronic intelligence (ELINT)
Electronic intelligence (ELINT) is intelligence gathered using electronic sensors, usually used in military applications. Continue Reading
By -
Tip
07 Jun 2024
How to conduct an API risk assessment and improve security
APIs are essential, but hackers find them attractive targets. A comprehensive API risk assessment strategy helps you identify potential vulnerabilities. Continue Reading
By -
News
06 Jun 2024
Critical Progress Telerik vulnerability under attack
Threat actors are targeting vulnerable Progress Telerik Report Server systems just days after a proof of concept was published detailing a vulnerability exploit chain. Continue Reading
By- Arielle Waldman, News Writer
-
News
03 Jun 2024
Mandiant: Ransomware investigations up 20% in 2023
The cybersecurity company observed a sharp rise in activity on data leak sites in 2023 as well as an increase in ransomware actors using legitimate commercial tools during attacks. Continue Reading
By- Arielle Waldman, News Writer
-
News
03 Jun 2024
Hugging Face tokens exposed, attack scope unknown
After detecting unauthorized access on its Spaces platform, Hugging Face disclosed that customer secrets might have been exposed and began revoking access tokens. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
03 Jun 2024
Using ChatGPT as a SAST tool to find coding errors
ChatGPT is lauded for its ability to generate code for developers, raising questions about the security of that code and the tool's ability to test code security. Continue Reading
By- Matthew Smith, Seemless Transition LLC
-
News
30 May 2024
Law enforcement conducts 'largest ever' botnet takedown
An international law enforcement effort called 'Operation Endgame' disrupted several infamous malware loaders and botnets used by ransomware gangs and other cybercriminals. Continue Reading
By- Arielle Waldman, News Writer
-
News
23 May 2024
93% of vulnerabilities unanalyzed by NVD since February
New research from VulnCheck shows the NIST's National Vulnerability Database has struggled to manage a growing number of reported vulnerabilities this year. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
21 May 2024
5 Mitre ATT&CK framework use cases
The Mitre ATT&CK framework helps security teams better protect their organizations. Read up on five Mitre ATT&CK use cases to consider adopting, from red teaming to SOC maturity. Continue Reading
By- Amy Larsen DeCarlo, GlobalData
-
News
21 May 2024
Rapid7 warns of alarming zero-day vulnerability trends
The cybersecurity vendor tracked vulnerabilities that were used by threat actors in mass compromise events and found more than half were exploited as zero days. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
20 May 2024
ATM jackpotting
ATM jackpotting is the exploitation of physical and software vulnerabilities in automated banking machines that result in the machines dispensing cash. Continue Reading
By -
News
16 May 2024
What LockBitSupp charges mean for ransomware investigations
At RSA Conference 2024, Recorded Future's Allan Liska discussed evolving ransomware trends and how authorities recently exposed the LockBit ransomware group ringleader. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
15 May 2024
Lessons learned from high-profile data breaches
Equifax. Colonial Pipeline. Sony. Target. All are high-profile data breaches, and all offer key lessons to learn that prevent your organization from falling victim to an attack. Continue Reading
By- Sharon Shea, Executive Editor
-
Definition
15 May 2024
Common Vulnerability Scoring System (CVSS)
The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity and characteristics of security vulnerabilities in information systems. Continue Reading
By- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
- Madelyn Bacon, TechTarget
-
Definition
14 May 2024
cloud-native application protection platform (CNAPP)
Cloud-native application protection platform, or CNAPP, is a software product that bundles multiple cloud security tools into one package, thereby delivering a holistic approach for securing an organization's cloud infrastructure, its cloud-native applications and its cloud workloads. Continue Reading
-
News
14 May 2024
Google discloses 2 zero-day vulnerabilities in less than a week
Google released fixed versions to address the two vulnerabilities in its Chrome web browser, but the updates will roll out in stages with no specific dates available. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
14 May 2024
5 key takeaways from RSA Conference 2024
At RSA Conference 2024, the infosec industry showed their efforts to push forward in AI and to fill gaps that should help security practitioners do their jobs more effectively. Continue Reading
By- John Grady, Principal Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Definition
09 May 2024
threat actor
A threat actor, also called a malicious actor or bad actor, is an entity that is partially or wholly responsible for an incident that affects -- or has the potential to affect -- an organization's security. Continue Reading
-
News
08 May 2024
Experts highlight progress, challenges for election security
Infosec professionals at RSA Conference 2024 discuss digital and physical security challenges for election cycles across the globe in a post-COVID-19 landscape. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
07 May 2024
SentinelOne: Ransomware actors are adapting to EDR
At RSA Conference 2024, SentinelOne's Alex Stamos discussed ongoing global threats such as ransomware and how threat actors are changing their techniques. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 May 2024
Authorities identify, sanction LockBit ransomware ringleader
After weeks of waiting, authorities in the U.S., the U.K. and Australia publicly identified 'LockBitSupp,' the mysterious operator behind the prolific LockBit ransomware gang. Continue Reading
By- Rob Wright, Senior News Director
-
News
07 May 2024
U.S. agencies continue to observe Volt Typhoon intrusions
A panel of experts at RSA Conference 2024 discussed Volt Typhoon and warned the Chinese nation-state threat group is still targeting and compromising U.S. organizations. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
07 May 2024
How to detect deepfakes manually and using AI
Deepfakes rely on AI to generate realistic but counterfeit content. A variety of automated tools and manual hints can help organizations pinpoint deepfake videos and images. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
06 May 2024
Recorded Future observes 'concerning' hacktivism shift
At RSA Conference 2024, Recorded Future detailed alarming trends as nation-state attackers operate under the guise of hacktivism to cover real threats to organizations. Continue Reading
By- Arielle Waldman, News Writer
-
News
06 May 2024
Splunk details Sqrrl 'screw-ups' that hampered threat hunting
At RSA Conference 2024, Splunk's David Bianco emphasizes that enterprises need revamped threat hunting frameworks to help with threat detection and response challenges. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
06 May 2024
social engineering penetration testing
Social engineering penetration testing is the practice of deliberately conducting typical social engineering scams on employees to ascertain the organization's level of vulnerability to this type of exploit. Continue Reading
By -
Definition
06 May 2024
cloud infrastructure entitlement management (CIEM)
Cloud infrastructure entitlement management (CIEM) is a discipline for managing identities and privileges in cloud environments. Continue Reading
-
Tip
06 May 2024
What to know about hybrid data center security strategies
Cybersecurity is critical to protect data and systems. Admins of hybrid data centers must understand the risks of a hybrid model and how specific cyberattacks can be prevented. Continue Reading
By- Julia Borgini, Spacebarpress Media
-
News
02 May 2024
Dropbox discloses data breach involving Dropbox Sign
A threat actor accessed Dropbox Sign customer names, emails, hashed passwords, API keys, OAuth tokens, multifactor authentication information and other data. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
01 May 2024
U.S. warns of pro-Russian hacktivist attacks against OT systems
CISA calls on OT device manufacturers to implement more effective security protocols as attacks against critical infrastructure organizations continue. Continue Reading
By- Arielle Waldman, News Writer
-
Conference Coverage
01 May 2024
RSA Conference 2024 focuses on collaboration, resilience
Follow TechTarget Security's RSAC 2024 guide for pre-conference insights and the most pressing presentations and breaking news at the world's biggest infosec event. Continue Reading
By- Sharon Shea, Executive Editor
-
News
30 Apr 2024
Change Healthcare breached via Citrix portal with no MFA
UnitedHealth Group CEO Andrew Witty's opening statement for Wednesday's congressional hearing shed more light on the ransomware attack against Change Healthcare. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
30 Apr 2024
Security updates from Google Cloud Next '24 center on GenAI
Google has infused Gemini into its security tools and while GenAI isn’t going to solve every security problem right away, its assistive capabilities save much needed time. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Opinion
29 Apr 2024
RSAC 2024: Real-world cybersecurity uses for GenAI
Security pros can expect a lot of buzz around GenAI at RSA 2024, where vendors and experts will share how the latest generative AI tools can enhance cybersecurity. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
25 Apr 2024
Dymium scares ransomware attacks with honeypot specters
Dymium, a security startup that recently emerged from stealth, offers ransomware defense for data stores with a network of honeypot traps for spoofing attackers. Continue Reading
By- Tim McCarthy, News Writer
-
News
25 Apr 2024
Cisco zero-day flaws in ASA, FTD software under attack
Cisco revealed that a nation-state threat campaign dubbed 'ArcaneDoor' exploited two zero-day vulnerabilities in its Adaptive Security Appliance and Firepower Threat Defense products. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
24 Apr 2024
Critical CrushFTP zero-day vulnerability under attack
While a patch is now available, a critical CrushFTP vulnerability came under attack as a zero-day and could allow attackers to exfiltrate all files on the server. Continue Reading
By- Arielle Waldman, News Writer
-
News
24 Apr 2024
GitHub vulnerability leaks sensitive security reports
The vulnerability is triggered when GitHub users correct code or other mistakes they discover on repositories. But GitHub does not believe it warrants a fix. Continue Reading
By- Arielle Waldman, News Writer
-
News
23 Apr 2024
Mandiant: Attacker dwell time down, ransomware up in 2023
Mandiant's 'M-Trends' 2024 report offered positive signs for global cybersecurity but warned that threat actors are shifting to zero-day exploitation and evasion techniques. Continue Reading
By- Rob Wright, Senior News Director
-
News
19 Apr 2024
CISA: Akira ransomware extorted $42M from 250+ victims
The Akira ransomware gang, which utilizes sophisticated hybrid encryption techniques and multiple ransomware variants, targeted vulnerable Cisco VPNs in a campaign last year. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
18 Apr 2024
Cisco discloses high-severity vulnerability, PoC available
The security vendor released fixes for a vulnerability that affects Cisco Integrated Management Controller, which is used by devices including routers and servers. Continue Reading
By- Arielle Waldman, News Writer
-
News
17 Apr 2024
Mandiant upgrades Sandworm to APT44 due to increasing threat
Over the past decade, Sandworm has been responsible for high-severity attacks that highlight the group's persistence, evasion techniques and threat to government bodies. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
12 Apr 2024
Pros and cons of 7 breach and attack simulation tools
Breach and attack simulation software can significantly beef up an organization's network defense strategy. But not all tools are made equally. Continue Reading
By -
News
12 Apr 2024
Palo Alto Networks discloses RCE zero-day vulnerability
Threat actors have exploited the remote code injection flaw, which affects the GlobalProtect gateway in Palo Alto Networks' PAN-OS software, in a 'limited' number of attacks. Continue Reading
By- Rob Wright, Senior News Director
-
News
11 Apr 2024
CISA discloses Sisense breach, customer data compromised
CISA is investigating a breach of data analytics vendor Sisense that may have exposed customers' credentials and secrets and could impact critical infrastructure organizations. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 Apr 2024
Supply chain attack abuses GitHub features to spread malware
Checkmarx warned developers to be cautious when choosing which repositories to use, as attackers are manipulating GitHub features to boost malicious code. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
10 Apr 2024
fraud detection
Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
Feature
09 Apr 2024
Why the Keitaro TDS keeps causing security headaches
Keitaro insists it is on the side of the law, but threat actors continue to flock to the software company's traffic distribution system to redirect users to malicious domains. Continue Reading
By- Rob Wright, Senior News Director
-
News
03 Apr 2024
Sophos: Ransomware present in 70% of IR investigations
Sophos' Active Adversary Report said securing remote desktop protocols and Active Directories and hardening credentials can help limit the influx of successful ransomware attacks. Continue Reading
By- Arielle Waldman, News Writer
-
News
03 Apr 2024
Cyber Safety Review Board slams Microsoft security failures
The Department of Homeland Security's Cyber Safety Review Board said a 'cascade' of errors at Microsoft allowed nation-state hackers to access U.S. government emails last year. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
02 Apr 2024
Microsoft Copilot for Security brings GenAI to SOC teams
Microsoft's latest AI-powered tool, now generally available, has been beneficial for security teams regarding efficiency, but infosec experts see some room for improvements. Continue Reading
By- Arielle Waldman, News Writer
-
News
27 Mar 2024
Spyware vendors behind 75% of zero-days targeting Google
Google observed 97 zero-day vulnerabilities exploited in the wild last year, which was more than a 50% increase over the 62 exploited zero-day vulnerabilities tracked in 2022. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
27 Mar 2024
Unpatched flaw in Anyscale's Ray AI framework under attack
Oligo Security researchers say thousands of Ray servers have been compromised through the flaw, but Anyscale said it has received no reports of exploitation. Continue Reading
By- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
-
News
27 Mar 2024
Flashpoint observes 84% surge in ransomware attacks in 2023
The threat intelligence vendor anticipates that enterprises will continue to face increases in ransomware activity and data breaches in 2024, with some silver linings ahead. Continue Reading
By- Arielle Waldman, News Writer
-
News
26 Mar 2024
SQL injection vulnerability in Fortinet software under attack
Fortinet and CISA confirmed CVE-2023-48788 is being actively exploited. But the Shadowserver Foundation found that many vulnerable instances remain online. Continue Reading
By- Arielle Waldman, News Writer
-
Tutorial
22 Mar 2024
Fuzzy about fuzz testing? This fuzzing tutorial will help
Organizations are searching for ways to automate and improve their application security processes. Fuzz testing is one way to fill in some of the gaps. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
21 Mar 2024
10 remote work cybersecurity risks and how to prevent them
Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
-
News
20 Mar 2024
CISA urges defensive actions against Volt Typhoon threats
The U.S. cybersecurity agency advised critical infrastructure leaders to adopt several best practices and defensive measures to protect against Chinese state-sponsored attacks. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
19 Mar 2024
Risk & Repeat: Microsoft's Midnight Blizzard mess
This podcast episode discusses the latest disclosure from Microsoft regarding Midnight Blizzard, which accessed internal systems, source code and some cryptographic secrets. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
18 Mar 2024
Exploitation activity increasing on Fortinet vulnerability
The Shadowserver Foundation recently saw an increase in exploitation activity for CVE-2024-21762, two days after a proof-of-concept exploit was published. Continue Reading
By- Arielle Waldman, News Writer
-
News
12 Mar 2024
Sophos: Remote ransomware attacks on SMBs increasing
According to new research from Sophos, small businesses are seeing a rise in threats such as remotely executed ransomware attacks, malvertising, driver abuse and more. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 Mar 2024
Midnight Blizzard accessed Microsoft systems, source code
Microsoft said Midnight Blizzard used data stolen from a breach of its corporate email system to access other parts of the company's network, including source code repositories. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
08 Mar 2024
The Change Healthcare attack: Explaining how it happened
Change Healthcare was hit with a ransomware attack from BlackCat/ALPHV after its systems were disrupted. Keep reading to learn more about this attack and how others are affected. Continue Reading
-
News
07 Mar 2024
Former Google engineer charged with stealing AI trade secrets
Linwei Ding, a Chinese national, allegedly evaded Google's data loss prevention systems and stole confidential information to start his own China-based AI company. Continue Reading
By- Arielle Waldman, News Writer
-
News
05 Mar 2024
Critical JetBrains TeamCity vulnerabilities under attack
Exploitation activity has started against two vulnerabilities in JetBrains TeamCity, which has been targeted previously by nation-state threat actors such as Russia's Cozy Bear. Continue Reading
By- Arielle Waldman, News Writer
-
News
05 Mar 2024
Inside an Alphv/BlackCat ransomware attack
Sygnia researchers investigated an intrusion in a client's network and discovered an Alphv/BlackCat ransomware actor had been lurking in the environment for weeks. Continue Reading
By- Rob Wright, Senior News Director
-
Feature
04 Mar 2024
Infosec pros weigh in on proposed ransomware payment bans
Whether for or against a payment ban, security professionals are concerned regulations could negatively affect victims and result in fewer incident disclosures. Continue Reading
By- Arielle Waldman, News Writer
-
News
29 Feb 2024
CISA warns Ivanti ICT ineffective for detecting compromises
CISA observed ongoing exploitation against four Ivanti vulnerabilities and found problems with the vendor's Integrity Checker Tool, which is designed to detect compromises. Continue Reading
By- Arielle Waldman, News Writer
-
News
28 Feb 2024
Alphv/BlackCat attacking hospitals following FBI takedown
The ransomware attacks against hospitals and the healthcare sector come after law enforcement agencies, led by the FBI, disrupted Alphv/BlackCat's network in December. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Opinion
27 Feb 2024
Threat intelligence programs need updating -- and CISOs know it
Most enterprise threat intelligence programs are in dire need of updating. Security executives need to formalize programs, automate processes and seek help from managed services. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Definition
27 Feb 2024
computer forensics (cyber forensics)
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Continue Reading
By- Rahul Awati
- Ben Lutkevich, Site Editor
-
News
26 Feb 2024
CISA: APT29 targeting cloud accounts for initial access
U.K. and U.S. government agencies have observed the Russian nation-state group increasingly target dormant and inactive cloud service accounts to gain initial access. Continue Reading
By- Arielle Waldman, News Writer
-
News
22 Feb 2024
ConnectWise ScreenConnect flaws under attack, patch now
Huntress said in a blog post this week that the ConnectWise ScreenConnect flaws, which have come under attack, were 'trivial and embarrassingly easy' for a threat actor to exploit. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
22 Feb 2024
Use cloud threat intelligence to protect critical data and assets
Cloud threat intelligence helps identify and analyze cloud-based threats, enabling security teams to better understand attacks and more proactively defend against them. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Definition
22 Feb 2024
cybersecurity
Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats. Continue Reading
By- Sharon Shea, Executive Editor
- Alexander S. Gillis, Technical Writer and Editor
-
Opinion
20 Feb 2024
Why companies need attack surface management in 2024
The attack surface is in a constant state of change and growth -- which is bad news for cyber-risk management. This vulnerability needs to be addressed. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
20 Feb 2024
Operation Cronos dismantles LockBit ransomware gang
An international law enforcement operation led by the U.K.'s National Crime Agency seizes LockBit's websites, servers, source code and decryption keys. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
15 Feb 2024
firewall as a service (FWaaS)
Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis capabilities to customers as part of an overall cybersecurity program. Continue Reading
By- Paul Kirvan
- Mike Chapple, University of Notre Dame