Threat detection and response

Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.

Top Stories

News 19 Nov 2024
2 Palo Alto Networks zero-day vulnerabilities under attack

CVE-2024-9474 marks the second zero-day vulnerability in Palo Alto Networks' PAN-OS firewall management interface to come under attack in the last week. Continue Reading
By
- Arielle Waldman, News Writer
News 15 Nov 2024
Palo Alto Networks PAN-OS management interfaces under attack

Palo Alto Networks confirmed that threat actors are exploiting a vulnerability in PAN-OS firewall management interfaces after warning customers to secure them for nearly a week. Continue Reading
By
- Alexander Culafi, Senior News Writer

Answer 26 Jun 2024
SPF, DKIM and DMARC: What are they and how do they work together?

Internet protocols for email authentication -- SPF, DKIM and DMARC -- coordinate defense against spammers, phishing and other spoofed email problems. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 25 Jun 2024
CISA discloses breach of Chemical Security Assessment Tool

The breach, which CISA first disclosed in March, stemmed from Ivanti zero-day vulnerabilities that a Chinese nation-state threat actor first exploited in January. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 25 Jun 2024
What is security information and event management (SIEM)?

Security information and event management (SIEM) is an approach to security management that combines security information management (SIM) and security event management (SEM) functions into one security management system. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
Video 21 Jun 2024
Benefits of dark web monitoring

Dark web monitoring helps organizations stay ahead of cybersecurity threats by detecting proprietary data breaches, securing accounts and ensuring compliance. Continue Reading
By
- Sabrina Polin, Managing Editor
News 20 Jun 2024
SolarWinds Serv-U vulnerability under attack

The Centre for Cybersecurity Belgium observed exploitation against CVE-2024-28995, a high-severity vulnerability in SolarWind's Serv-U file transfer product. Continue Reading
By
- Arielle Waldman, News Writer
Answer 20 Jun 2024
Port scan attacks: What they are and how to prevent them

Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and defend against port scan attacks. Continue Reading
By
- Michael Cobb
News 12 Jun 2024
Black Basta might have exploited Microsoft flaw as zero-day

While investigating a ransomware attack, Symantec found evidence that suggests Black Basta threat actors exploited a Microsoft vulnerability as a zero-day. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Jun 2024
Acronis XDR expands endpoint security capabilities for MSPs

Extended detection and response capabilities for the Acronis platform can automatically lock accounts and generate incident summaries for MSPs looking for additional security. Continue Reading
By
- Tim McCarthy, News Writer
Definition 10 Jun 2024
communications intelligence (COMINT)

Communications intelligence (COMINT) is information gathered from the communications between individuals or groups of individuals, including telephone conversations, text messages, email conversations, radio calls and online interactions. Continue Reading
By
- Rahul Awati
Definition 07 Jun 2024
electronic intelligence (ELINT)

Electronic intelligence (ELINT) is intelligence gathered using electronic sensors, usually used in military applications. Continue Reading
By
- Rahul Awati
Tip 07 Jun 2024
How to conduct an API risk assessment and improve security

APIs are essential, but hackers find them attractive targets. A comprehensive API risk assessment strategy helps you identify potential vulnerabilities. Continue Reading
By
- Paul Kirvan
News 06 Jun 2024
Critical Progress Telerik vulnerability under attack

Threat actors are targeting vulnerable Progress Telerik Report Server systems just days after a proof of concept was published detailing a vulnerability exploit chain. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Jun 2024
Mandiant: Ransomware investigations up 20% in 2023

The cybersecurity company observed a sharp rise in activity on data leak sites in 2023 as well as an increase in ransomware actors using legitimate commercial tools during attacks. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Jun 2024
Hugging Face tokens exposed, attack scope unknown

After detecting unauthorized access on its Spaces platform, Hugging Face disclosed that customer secrets might have been exposed and began revoking access tokens. Continue Reading
By
- Arielle Waldman, News Writer
Tip 03 Jun 2024
Using ChatGPT as a SAST tool to find coding errors

ChatGPT is lauded for its ability to generate code for developers, raising questions about the security of that code and the tool's ability to test code security. Continue Reading
By
- Matthew Smith, Seemless Transition LLC
News 30 May 2024
Law enforcement conducts 'largest ever' botnet takedown

An international law enforcement effort called 'Operation Endgame' disrupted several infamous malware loaders and botnets used by ransomware gangs and other cybercriminals. Continue Reading
By
- Arielle Waldman, News Writer
News 23 May 2024
93% of vulnerabilities unanalyzed by NVD since February

New research from VulnCheck shows the NIST's National Vulnerability Database has struggled to manage a growing number of reported vulnerabilities this year. Continue Reading
By
- Arielle Waldman, News Writer
Tip 21 May 2024
5 Mitre ATT&CK framework use cases

The Mitre ATT&CK framework helps security teams better protect their organizations. Read up on five Mitre ATT&CK use cases to consider adopting, from red teaming to SOC maturity. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
News 21 May 2024
Rapid7 warns of alarming zero-day vulnerability trends

The cybersecurity vendor tracked vulnerabilities that were used by threat actors in mass compromise events and found more than half were exploited as zero days. Continue Reading
By
- Arielle Waldman, News Writer
Definition 20 May 2024
ATM jackpotting

ATM jackpotting is the exploitation of physical and software vulnerabilities in automated banking machines that result in the machines dispensing cash. Continue Reading
By
- Rahul Awati
News 16 May 2024
What LockBitSupp charges mean for ransomware investigations

At RSA Conference 2024, Recorded Future's Allan Liska discussed evolving ransomware trends and how authorities recently exposed the LockBit ransomware group ringleader. Continue Reading
By
- Arielle Waldman, News Writer
Feature 15 May 2024
Lessons learned from high-profile data breaches

Equifax. Colonial Pipeline. Sony. Target. All are high-profile data breaches, and all offer key lessons to learn that prevent your organization from falling victim to an attack. Continue Reading
By
- Sharon Shea, Executive Editor
Definition 15 May 2024
Common Vulnerability Scoring System (CVSS)

The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity and characteristics of security vulnerabilities in information systems. Continue Reading
By
- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
- Madelyn Bacon, TechTarget
Definition 14 May 2024
cloud-native application protection platform (CNAPP)

Cloud-native application protection platform, or CNAPP, is a software product that bundles multiple cloud security tools into one package, thereby delivering a holistic approach for securing an organization's cloud infrastructure, its cloud-native applications and its cloud workloads. Continue Reading
By
- Mary K. Pratt
News 14 May 2024
Google discloses 2 zero-day vulnerabilities in less than a week

Google released fixed versions to address the two vulnerabilities in its Chrome web browser, but the updates will roll out in stages with no specific dates available. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 14 May 2024
5 key takeaways from RSA Conference 2024

At RSA Conference 2024, the infosec industry showed their efforts to push forward in AI and to fill gaps that should help security practitioners do their jobs more effectively. Continue Reading
By
- John Grady, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 09 May 2024
threat actor

A threat actor, also called a malicious actor or bad actor, is an entity that is partially or wholly responsible for an incident that affects -- or has the potential to affect -- an organization's security. Continue Reading
By
- Rahul Awati
- Ivy Wigmore
News 08 May 2024
Experts highlight progress, challenges for election security

Infosec professionals at RSA Conference 2024 discuss digital and physical security challenges for election cycles across the globe in a post-COVID-19 landscape. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 May 2024
SentinelOne: Ransomware actors are adapting to EDR

At RSA Conference 2024, SentinelOne's Alex Stamos discussed ongoing global threats such as ransomware and how threat actors are changing their techniques. Continue Reading
By
- Arielle Waldman, News Writer
News 07 May 2024
Authorities identify, sanction LockBit ransomware ringleader

After weeks of waiting, authorities in the U.S., the U.K. and Australia publicly identified 'LockBitSupp,' the mysterious operator behind the prolific LockBit ransomware gang. Continue Reading
By
- Rob Wright, Senior News Director
News 07 May 2024
U.S. agencies continue to observe Volt Typhoon intrusions

A panel of experts at RSA Conference 2024 discussed Volt Typhoon and warned the Chinese nation-state threat group is still targeting and compromising U.S. organizations. Continue Reading
By
- Arielle Waldman, News Writer
Tip 07 May 2024
How to detect deepfakes manually and using AI

Deepfakes rely on AI to generate realistic but counterfeit content. A variety of automated tools and manual hints can help organizations pinpoint deepfake videos and images. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 06 May 2024
Recorded Future observes 'concerning' hacktivism shift

At RSA Conference 2024, Recorded Future detailed alarming trends as nation-state attackers operate under the guise of hacktivism to cover real threats to organizations. Continue Reading
By
- Arielle Waldman, News Writer
News 06 May 2024
Splunk details Sqrrl 'screw-ups' that hampered threat hunting

At RSA Conference 2024, Splunk's David Bianco emphasizes that enterprises need revamped threat hunting frameworks to help with threat detection and response challenges. Continue Reading
By
- Arielle Waldman, News Writer
Definition 06 May 2024
social engineering penetration testing

Social engineering penetration testing is the practice of deliberately conducting typical social engineering scams on employees to ascertain the organization's level of vulnerability to this type of exploit. Continue Reading
By
- Rahul Awati
Definition 06 May 2024
cloud infrastructure entitlement management (CIEM)

Cloud infrastructure entitlement management (CIEM) is a discipline for managing identities and privileges in cloud environments. Continue Reading
By
- Mary K. Pratt
Tip 06 May 2024
What to know about hybrid data center security strategies

Cybersecurity is critical to protect data and systems. Admins of hybrid data centers must understand the risks of a hybrid model and how specific cyberattacks can be prevented. Continue Reading
By
- Julia Borgini, Spacebarpress Media
News 02 May 2024
Dropbox discloses data breach involving Dropbox Sign

A threat actor accessed Dropbox Sign customer names, emails, hashed passwords, API keys, OAuth tokens, multifactor authentication information and other data. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 01 May 2024
U.S. warns of pro-Russian hacktivist attacks against OT systems

CISA calls on OT device manufacturers to implement more effective security protocols as attacks against critical infrastructure organizations continue. Continue Reading
By
- Arielle Waldman, News Writer
Conference Coverage 01 May 2024
RSA Conference 2024 focuses on collaboration, resilience

Follow TechTarget Security's RSAC 2024 guide for pre-conference insights and the most pressing presentations and breaking news at the world's biggest infosec event. Continue Reading
By
- Sharon Shea, Executive Editor
News 30 Apr 2024
Change Healthcare breached via Citrix portal with no MFA

UnitedHealth Group CEO Andrew Witty's opening statement for Wednesday's congressional hearing shed more light on the ransomware attack against Change Healthcare. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 30 Apr 2024
Security updates from Google Cloud Next '24 center on GenAI

Google has infused Gemini into its security tools and while GenAI isn’t going to solve every security problem right away, its assistive capabilities save much needed time. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Opinion 29 Apr 2024
RSAC 2024: Real-world cybersecurity uses for GenAI

Security pros can expect a lot of buzz around GenAI at RSA 2024, where vendors and experts will share how the latest generative AI tools can enhance cybersecurity. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 25 Apr 2024
Dymium scares ransomware attacks with honeypot specters

Dymium, a security startup that recently emerged from stealth, offers ransomware defense for data stores with a network of honeypot traps for spoofing attackers. Continue Reading
By
- Tim McCarthy, News Writer
News 25 Apr 2024
Cisco zero-day flaws in ASA, FTD software under attack

Cisco revealed that a nation-state threat campaign dubbed 'ArcaneDoor' exploited two zero-day vulnerabilities in its Adaptive Security Appliance and Firepower Threat Defense products. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 Apr 2024
Critical CrushFTP zero-day vulnerability under attack

While a patch is now available, a critical CrushFTP vulnerability came under attack as a zero-day and could allow attackers to exfiltrate all files on the server. Continue Reading
By
- Arielle Waldman, News Writer
News 24 Apr 2024
GitHub vulnerability leaks sensitive security reports

The vulnerability is triggered when GitHub users correct code or other mistakes they discover on repositories. But GitHub does not believe it warrants a fix. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Apr 2024
Mandiant: Attacker dwell time down, ransomware up in 2023

Mandiant's 'M-Trends' 2024 report offered positive signs for global cybersecurity but warned that threat actors are shifting to zero-day exploitation and evasion techniques. Continue Reading
By
- Rob Wright, Senior News Director
News 19 Apr 2024
CISA: Akira ransomware extorted $42M from 250+ victims

The Akira ransomware gang, which utilizes sophisticated hybrid encryption techniques and multiple ransomware variants, targeted vulnerable Cisco VPNs in a campaign last year. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Apr 2024
Cisco discloses high-severity vulnerability, PoC available

The security vendor released fixes for a vulnerability that affects Cisco Integrated Management Controller, which is used by devices including routers and servers. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Apr 2024
Mandiant upgrades Sandworm to APT44 due to increasing threat

Over the past decade, Sandworm has been responsible for high-severity attacks that highlight the group's persistence, evasion techniques and threat to government bodies. Continue Reading
By
- Arielle Waldman, News Writer
Tip 12 Apr 2024
Pros and cons of 7 breach and attack simulation tools

Breach and attack simulation software can significantly beef up an organization's network defense strategy. But not all tools are made equally. Continue Reading
By
- Paul Kirvan
News 12 Apr 2024
Palo Alto Networks discloses RCE zero-day vulnerability

Threat actors have exploited the remote code injection flaw, which affects the GlobalProtect gateway in Palo Alto Networks' PAN-OS software, in a 'limited' number of attacks. Continue Reading
By
- Rob Wright, Senior News Director
News 11 Apr 2024
CISA discloses Sisense breach, customer data compromised

CISA is investigating a breach of data analytics vendor Sisense that may have exposed customers' credentials and secrets and could impact critical infrastructure organizations. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Apr 2024
Supply chain attack abuses GitHub features to spread malware

Checkmarx warned developers to be cautious when choosing which repositories to use, as attackers are manipulating GitHub features to boost malicious code. Continue Reading
By
- Arielle Waldman, News Writer
Definition 10 Apr 2024
fraud detection

Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Feature 09 Apr 2024
Why the Keitaro TDS keeps causing security headaches

Keitaro insists it is on the side of the law, but threat actors continue to flock to the software company's traffic distribution system to redirect users to malicious domains. Continue Reading
By
- Rob Wright, Senior News Director
News 03 Apr 2024
Sophos: Ransomware present in 70% of IR investigations

Sophos' Active Adversary Report said securing remote desktop protocols and Active Directories and hardening credentials can help limit the influx of successful ransomware attacks. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Apr 2024
Cyber Safety Review Board slams Microsoft security failures

The Department of Homeland Security's Cyber Safety Review Board said a 'cascade' of errors at Microsoft allowed nation-state hackers to access U.S. government emails last year. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Apr 2024
Microsoft Copilot for Security brings GenAI to SOC teams

Microsoft's latest AI-powered tool, now generally available, has been beneficial for security teams regarding efficiency, but infosec experts see some room for improvements. Continue Reading
By
- Arielle Waldman, News Writer
News 27 Mar 2024
Spyware vendors behind 75% of zero-days targeting Google

Google observed 97 zero-day vulnerabilities exploited in the wild last year, which was more than a 50% increase over the 62 exploited zero-day vulnerabilities tracked in 2022. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 27 Mar 2024
Unpatched flaw in Anyscale's Ray AI framework under attack

Oligo Security researchers say thousands of Ray servers have been compromised through the flaw, but Anyscale said it has received no reports of exploitation. Continue Reading
By
- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
News 27 Mar 2024
Flashpoint observes 84% surge in ransomware attacks in 2023

The threat intelligence vendor anticipates that enterprises will continue to face increases in ransomware activity and data breaches in 2024, with some silver linings ahead. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Mar 2024
SQL injection vulnerability in Fortinet software under attack

Fortinet and CISA confirmed CVE-2023-48788 is being actively exploited. But the Shadowserver Foundation found that many vulnerable instances remain online. Continue Reading
By
- Arielle Waldman, News Writer
Tutorial 22 Mar 2024
Fuzzy about fuzz testing? This fuzzing tutorial will help

Organizations are searching for ways to automate and improve their application security processes. Fuzz testing is one way to fill in some of the gaps. Continue Reading
By
- Ed Moyle, Drake Software
Tip 21 Mar 2024
10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
By
- Mary K. Pratt
News 20 Mar 2024
CISA urges defensive actions against Volt Typhoon threats

The U.S. cybersecurity agency advised critical infrastructure leaders to adopt several best practices and defensive measures to protect against Chinese state-sponsored attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 19 Mar 2024
Risk & Repeat: Microsoft's Midnight Blizzard mess

This podcast episode discusses the latest disclosure from Microsoft regarding Midnight Blizzard, which accessed internal systems, source code and some cryptographic secrets. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Mar 2024
Exploitation activity increasing on Fortinet vulnerability

The Shadowserver Foundation recently saw an increase in exploitation activity for CVE-2024-21762, two days after a proof-of-concept exploit was published. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Mar 2024
Sophos: Remote ransomware attacks on SMBs increasing

According to new research from Sophos, small businesses are seeing a rise in threats such as remotely executed ransomware attacks, malvertising, driver abuse and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Mar 2024
Midnight Blizzard accessed Microsoft systems, source code

Microsoft said Midnight Blizzard used data stolen from a breach of its corporate email system to access other parts of the company's network, including source code repositories. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 08 Mar 2024
The Change Healthcare attack: Explaining how it happened

Change Healthcare was hit with a ransomware attack from BlackCat/ALPHV after its systems were disrupted. Keep reading to learn more about this attack and how others are affected. Continue Reading
By
- Sean Michael Kerner
News 07 Mar 2024
Former Google engineer charged with stealing AI trade secrets

Linwei Ding, a Chinese national, allegedly evaded Google's data loss prevention systems and stole confidential information to start his own China-based AI company. Continue Reading
By
- Arielle Waldman, News Writer
News 05 Mar 2024
Critical JetBrains TeamCity vulnerabilities under attack

Exploitation activity has started against two vulnerabilities in JetBrains TeamCity, which has been targeted previously by nation-state threat actors such as Russia's Cozy Bear. Continue Reading
By
- Arielle Waldman, News Writer
News 05 Mar 2024
Inside an Alphv/BlackCat ransomware attack

Sygnia researchers investigated an intrusion in a client's network and discovered an Alphv/BlackCat ransomware actor had been lurking in the environment for weeks. Continue Reading
By
- Rob Wright, Senior News Director
Feature 04 Mar 2024
Infosec pros weigh in on proposed ransomware payment bans

Whether for or against a payment ban, security professionals are concerned regulations could negatively affect victims and result in fewer incident disclosures. Continue Reading
By
- Arielle Waldman, News Writer
News 29 Feb 2024
CISA warns Ivanti ICT ineffective for detecting compromises

CISA observed ongoing exploitation against four Ivanti vulnerabilities and found problems with the vendor's Integrity Checker Tool, which is designed to detect compromises. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Feb 2024
Alphv/BlackCat attacking hospitals following FBI takedown

The ransomware attacks against hospitals and the healthcare sector come after law enforcement agencies, led by the FBI, disrupted Alphv/BlackCat's network in December. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 27 Feb 2024
Threat intelligence programs need updating -- and CISOs know it

Most enterprise threat intelligence programs are in dire need of updating. Security executives need to formalize programs, automate processes and seek help from managed services. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 27 Feb 2024
computer forensics (cyber forensics)

Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Continue Reading
By
- Rahul Awati
- Ben Lutkevich, Site Editor
News 26 Feb 2024
CISA: APT29 targeting cloud accounts for initial access

U.K. and U.S. government agencies have observed the Russian nation-state group increasingly target dormant and inactive cloud service accounts to gain initial access. Continue Reading
By
- Arielle Waldman, News Writer
News 22 Feb 2024
ConnectWise ScreenConnect flaws under attack, patch now

Huntress said in a blog post this week that the ConnectWise ScreenConnect flaws, which have come under attack, were 'trivial and embarrassingly easy' for a threat actor to exploit. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 22 Feb 2024
Use cloud threat intelligence to protect critical data and assets

Cloud threat intelligence helps identify and analyze cloud-based threats, enabling security teams to better understand attacks and more proactively defend against them. Continue Reading
By
- Dave Shackleford, Voodoo Security
Definition 22 Feb 2024
cybersecurity

Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats. Continue Reading
By
- Sharon Shea, Executive Editor
- Alexander S. Gillis, Technical Writer and Editor
Opinion 20 Feb 2024
Why companies need attack surface management in 2024

The attack surface is in a constant state of change and growth -- which is bad news for cyber-risk management. This vulnerability needs to be addressed. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 20 Feb 2024
Operation Cronos dismantles LockBit ransomware gang

An international law enforcement operation led by the U.K.'s National Crime Agency seizes LockBit's websites, servers, source code and decryption keys. Continue Reading
By
- Rob Wright, Senior News Director
Definition 15 Feb 2024
firewall as a service (FWaaS)

Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis capabilities to customers as part of an overall cybersecurity program. Continue Reading
By
- Paul Kirvan
- Mike Chapple, University of Notre Dame
News 15 Feb 2024
Eclypsium: Ivanti firmware has 'plethora' of security issues

In its firmware analysis, Eclypsium found that the Ivanti Pulse Secure appliance used a version of Linux that was more than a decade old and several years past end of life. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Feb 2024
Microsoft, OpenAI warn nation-state hackers are abusing LLMs

Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks. Continue Reading
By
- Arielle Waldman, News Writer
Tip 13 Feb 2024
How to conduct a social engineering penetration test

Social engineering attacks are becoming more sophisticated and more damaging. Penetration testing is one of the best ways to learn how to safeguard your systems against attack. Continue Reading
By
- Paul Kirvan
News 13 Feb 2024
Proofpoint: 'Hundreds' of Azure accounts compromised

Proofpoint researchers found that the attackers manipulated the MFA of compromised accounts, registering their own methods to maintain persistent access. Continue Reading
By
- Rob Wright, Senior News Director
Guest Post 13 Feb 2024
How passwordless helps guard against AI-enhanced attacks

With all the potential of generative AI comes a major downfall: malicious actors using it in attacks. Shifting from password-based authentication can help solve the challenge. Continue Reading
By
- Andrew Shikiar
Feature 13 Feb 2024
Ransomware preparedness kicks off 2024 summit series

BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here. Continue Reading
By
- Alicia Landsberg, Senior managing Editor
News 12 Feb 2024
CISA warns Fortinet zero-day vulnerability under attack

CISA alerted federal agencies that a critical zero-day vulnerability in FortiOS is being actively exploited, though Fortinet has yet to confirm reports. Continue Reading
By
- Arielle Waldman, News Writer
Definition 09 Feb 2024
cyberterrorism

Cyberterrorism is usually defined as any premeditated, politically motivated attack against information systems, programs, and data that threatens violence or results in violence. Continue Reading
By
News 07 Feb 2024
CISA: Volt Typhoon had access to some U.S. targets for 5 years

A joint cybersecurity advisory expanded on the Volt Typhoon threat Wednesday, confirming attackers maintained prolonged persistent access to critical infrastructure targets. Continue Reading
By
- Arielle Waldman, News Writer
Tip 06 Feb 2024
Close security gaps with attack path analysis and management

Traditional cybersecurity approaches alone can fall short. Comprehensive attack path analysis and management map out vulnerabilities and help organizations protect key assets. Continue Reading
By
- Michael Cobb
Definition 05 Feb 2024
SOAR (security orchestration, automation and response)

SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance. Continue Reading
By
- Sharon Shea, Executive Editor
News 02 Feb 2024
Cloudflare discloses breach related to stolen Okta data

Cloudflare initially believed it contained an attempted cyberattack last October by a threat actor using an access token stolen in a breach of Okta's customer support system. Continue Reading
By
- Rob Wright, Senior News Director
News 31 Jan 2024
Ivanti discloses new zero-day flaw, releases delayed patches

While Ivanti customers can start patching two previously disclosed vulnerabilities, they must also address two new flaws for the same product. Continue Reading
By
- Arielle Waldman, News Writer