Threat detection and response

Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.

Top Stories

Guest Post 19 Dec 2024
Add gamification learning to your pen testing training playbook

Organizations that embrace gamification in their pen testing training are better positioned to build and maintain the skilled security teams needed to address evolving threats. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
News 16 Dec 2024
Blackberry sells Cylance to Arctic Wolf for $160M

After exiting the mobile device market, Blackberry acquired Cylance for $1.4 billion in 2018 to expand its presence in enterprise security. Continue Reading
By
- Arielle Waldman, News Writer

News 20 Sep 2023
Cyber insurance report shows surge in ransomware claims

Coalition's H1 2023 report shows ransomware activity increased and severity reached "historic" highs as businesses lost an average of more than $365,000 following an attack. Continue Reading
By
- Arielle Waldman, News Writer
News 14 Sep 2023
Caesars Entertainment breached in social engineering attack

Caesars said it took steps after the breach to "ensure that the stolen data is deleted by the unauthorized actor," suggesting it paid a ransom to the attackers. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Sep 2023
Browser companies patch critical zero-day vulnerability

While attack details remain unknown, Chrome, Edge and Firefox users are being urged to update their browsers as an exploit for CVE-2023-4863 lurks in the wild. Continue Reading
By
- Arielle Waldman, News Writer
Definition 13 Sep 2023
double extortion ransomware

Double extortion ransomware is a novel form of malware that combines ransomware with elements of extortionware to maximize the victim's potential payout. Continue Reading
By
- Sean Michael Kerner
Tip 08 Sep 2023
10 antimalware tools for ransomware protection and removal

Businesses face billions of malware and ransomware threats each year. Antimalware tools can help enterprises protect their networks and limit any damages that may occur. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 07 Sep 2023
How Storm-0558 hackers stole an MSA key from Microsoft

Microsoft detailed a series of errors that led to a consumer account signing key accidentally being included in a crash dump that was later accessed by Storm-0558 actors. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Sep 2023
Okta: 4 customers compromised in social engineering attacks

Okta said a threat actor convinced IT personnel at several customers to reset MFA factors for highly privileged users, though it's unclear how they accomplished that task. Continue Reading
By
- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
Tutorial 05 Sep 2023
Use Angry IP Scanner to audit the network

Angry IP Scanner provides a network scanner alternative to Nmap that is simple, user-friendly and versatile across OSes. Scan types include ping scans, UDP scans and TCP scans. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Tip 31 Aug 2023
How to recover from a ransomware attack

With a ransomware recovery plan, organizations can act quickly to prevent data loss without descending into chaos. Learn the six steps to incorporate into your plan. Continue Reading
By
- John Burke, Nemertes Research
News 30 Aug 2023
FBI, Justice Department dismantle Qakbot malware

The FBI operation, one of the largest U.S.-led botnet disruption efforts ever, included international partners such as France, Germany, the Netherlands and the United Kingdom. Continue Reading
By
- Alexander Culafi, Senior News Writer
Guest Post 30 Aug 2023
SEC cyber attack regulations prompt 10 questions for CISOs

New SEC regulations governing the disclosure of cyber attacks by public companies lead to 10 questions board members should ask their CISOs about managing cyber-risk. Continue Reading
By
- Frank Kim, SANS Institute
Tip 28 Aug 2023
Enterprise dark web monitoring: Why it's worth the investment

Getting an early warning that your data has been compromised is a key benefit of dark web monitoring, but there are many more. By knowing your enemies, you can better protect your assets. Continue Reading
By
- Ed Moyle, Drake Software
Feature 28 Aug 2023
3 ransomware detection techniques to catch an attack

While prevention is key, it's not enough to protect a company's system from ransomware. Reduce damage from attacks with these three ransomware detection methods. Continue Reading
By
- Kyle Johnson, Technology Editor
News 23 Aug 2023
Sophos: RDP played a part in 95% of attacks in H1 2023

While Sophos observed increasing activity around Active Directory and Remote Desktop Protocol abuse, it recommended simple mitigation steps can limit the attack surface. Continue Reading
By
- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
News 22 Aug 2023
Ivanti issues fix for third zero-day flaw exploited in the wild

CVE-2023-38035 is the latest Ivanti zero-day vulnerability to be exploited in the wild. The vendor has released a series of remediation recommendations. Continue Reading
By
- Arielle Waldman, News Writer
Tip 14 Aug 2023
How to create a ransomware incident response plan

A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps, and download a free template to get started. Continue Reading
By
- Paul Kirvan
- Sharon Shea, Executive Editor
News 10 Aug 2023
Palo Alto: SugarCRM zero-day reveals growing cloud threats

Recent incident response investigations reveal that attackers are becoming more advanced when it comes to the cloud, but there are steps enterprises can take to mitigate risks. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Aug 2023
U.S., Ukraine cyber leaders talk resilience, collaboration

At Black Hat 2023, CISA's Jen Easterly and Ukraine's Victor Zhora discuss cyber resilience and security hardening in the face of destructive cyber campaigns. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Aug 2023
Researchers put LLMs to the test in phishing email experiment

A Black Hat USA 2023 session discussed an experiment that used large language models to see how effective the technology can be in both detecting and producing phishing emails. Continue Reading
By
- Rob Wright, Senior News Director
News 09 Aug 2023
Generative AI takes center stage at Black Hat USA 2023

About one year after generative AI launched into the spotlight, the technology is showing early signs of potential for security at Black Hat USA 2023 in Las Vegas. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Aug 2023
CrowdStrike observes massive spike in identity-based attacks

Identity-based attacks like Kerberoasting saw massive increases over the last 12 months as adversary breakout time fell, according to CrowdStrike's 2023 Threat Hunting Report. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 31 Jul 2023
CISA details backdoor malware used in Barracuda ESG attacks

CISA said Friday that 'Submarine' is a novel persistent backdoor used in attacks against Barracuda Email Security Gateway appliances vulnerable to CVE-2023-2868. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 31 Jul 2023
How honey tokens support cyber deception strategies

Learn how to flip the script on malicious hackers with honey tokens, which act like tripwires to reveal an attacker's presence. Continue Reading
By
- Rob Shapland
- Alissa Irei, Senior Site Editor
News 27 Jul 2023
Google: 41 zero-day vulnerabilities exploited in 2022

While attackers increasingly exploited zero-day flaws last year, one of the most notable findings from the report emphasized how inadequate patches led to new variants. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Jul 2023
Ivanti EPMM zero-day vulnerability exploited in wild

A zero-day authentication bypass vulnerability in Ivanti Endpoint Manager Mobile was exploited in a cyber attack against a Norwegian government agency. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 Jul 2023
Mandiant: JumpCloud breach led to supply chain attack

Mandiant researchers attribute the supply chain attack to a North Korean threat actor that abused JumpCloud's commands framework to gain access to a downstream customer. Continue Reading
By
- Rob Wright, Senior News Director
News 17 Jul 2023
Microsoft still investigating stolen MSA key from email attacks

While Microsoft provided additional attack details and techniques used by Storm-0558, it remains unclear how the Microsoft account signing key was acquired. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Jul 2023
JumpCloud breached by nation-state threat actor

JumpCloud's mandatory API key rotation earlier this month was triggered by a breach at the hands of a nation-state threat actor that gained access through spear phishing. Continue Reading
By
- Rob Wright, Senior News Director
News 12 Jul 2023
Chainalysis observes sharp rise in ransomware payments

The rise in total ransomware payments so far this year is a reversal of the decline Chainalysis saw in 2022, when payments fell sharply to $457 million from $766 million in 2021. Continue Reading
By
- Rob Wright, Senior News Director
News 12 Jul 2023
Threat actors forged Windows driver signatures via loophole

Threat actors bypassed Microsoft's driver signing policy using a technical loophole and signature timestamp forging tools commonly used in the video game cheat community. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 07 Jul 2023
network intrusion protection system (NIPS)

A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software systems that protect computer networks from unauthorized access and malicious activity. Continue Reading
By
- Paul Kirvan
News 06 Jul 2023
JumpCloud invalidates API keys in response to ongoing incident

The cloud provider did not give any details about the incident that prompted a mandatory API key rotation, which might have caused service disruptions for customers. Continue Reading
By
- Arielle Waldman, News Writer
Definition 05 Jul 2023
host intrusion prevention system (HIPS)

A host intrusion prevention system (HIPS) is an approach to security that relies on third-party software tools to identify and prevent malicious activities. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
Definition 05 Jul 2023
WannaCry ransomware

WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
Tip 23 Jun 2023
Top 10 threat modeling tools, plus features to look for

Automated threat modeling tools make identifying threats simpler, but the tools themselves can be fairly complex. Understanding where risks exist is only one part of the process. Continue Reading
By
- Paul Kirvan
News 22 Jun 2023
Apple patches zero days used in spyware attacks on Kaspersky

Two Apple zero days were used in the spyware campaign Kaspersky Lab named 'Operation Triangulation,' which was initially discovered on iOS devices of Kaspersky employees. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 21 Jun 2023
How AI benefits network detection and response

Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response. Continue Reading
By
- John Grady, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Podcast 15 Jun 2023
Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks

Barracuda Networks attempted to fix the critical ESG zero-day vulnerability, but a Chinese nation-state threat actor was able to maintain access on compromised devices. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jun 2023
Chinese nation-state actor behind Barracuda ESG attacks

Mandiant said the zero-day attacks on Barracuda Email Security Gateway appliances were part of a 'wide-ranging campaign in support of the People's Republic of China.' Continue Reading
By
- Arielle Waldman, News Writer
Tip 15 Jun 2023
Risk assessment vs. threat modeling: What's the difference?

Risk assessments and threat modeling each address potential risks. But they play distinct roles in how they help companies protect systems and data. Continue Reading
By
- Michael Cobb
News 13 Jun 2023
Fortinet warns critical VPN vulnerability 'may' be under attack

Fortinet said the heap buffer overflow flaw might have been exploited already and warned that Chinese nation-state threat group Volt Typhoon would likely attack the vulnerability. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Jun 2023
Cisco generative AI heads to Security Cloud, Webex

Cisco plans to release generative AI features in the Webex platform and Security Cloud this year. Together, the products tighten security for remote workers. Continue Reading
By
- Antone Gonsalves, News Director
News 06 Jun 2023
Verizon 2023 DBIR: Ransomware remains steady but complicated

Chris Novak, managing director of cybersecurity consulting at Verizon Business, said 2023 was a "retooling year" for ransomware threat actors adapted to improved defenses. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 05 Jun 2023
Ransomware actors exploiting MoveIt Transfer vulnerability

Microsoft said the recently disclosed zero-day flaw in Progress Software's managed file transfer product is being exploited by threat actors connected to the Clop ransomware gang. Continue Reading
By
- Rob Wright, Senior News Director
Feature 05 Jun 2023
Manage security posture with Microsoft Defender for Endpoint

Organizations need to implement security posture management to ensure their cybersecurity strategy can address malicious actions inside and out. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 30 May 2023
Vendors: Threat actor taxonomies are confusing but essential

Despite concern about the proliferation of naming taxonomies used to identify threat groups, vendors say they are crucial their understanding and visibility into threat activity. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 25 May 2023
Chinese hackers targeting U.S. critical infrastructure

Microsoft uncovered a Chinese nation-state threat group that is compromising Fortinet FortiGuard devices to gain access to critical infrastructure entities in the U.S. and Guam. Continue Reading
By
- Arielle Waldman, News Writer
Tip 25 May 2023
9 smart contract vulnerabilities and how to mitigate them

Smart contracts execute tasks automatically when specific events occur, and often handle large data and resource flows. This makes them particularly attractive to attackers. Continue Reading
By
- Michael Cobb
News 24 May 2023
Updated 'StopRansomware Guide' warns of shifting tactics

CISA's updates to the 'StopRansomware Guide' address shifts in the threat landscape as more threat actors skip the encryption step and focus on data theft and extortion. Continue Reading
By
- Arielle Waldman, News Writer
Tip 24 May 2023
Top breach and attack simulation use cases

While pen tests offer a point-in-time report on the security of an organization's security defenses, breach and attack simulations offer regular or even constant status checks. Continue Reading
By
- Michael Cobb
News 23 May 2023
Veeam ransomware protection highlighted in Kasten, detection

Veeam unveiled security updates to its Kubernetes backup product at VeeamON. In addition, IDrive released an object storage appliance for users of Veeam and other backup vendors. Continue Reading
By
- Paul Crocetti, Executive Editor
News 18 May 2023
Acronis adds EDR to endpoint security

Acronis EDR uses Intel threat detection technology to uncover sophisticated attacks, such as fileless malware, but it also has to compete in a crowded market. Continue Reading
By
- Nicole Laskowski, Senior News Director
News 12 May 2023
Experts question San Bernardino's $1.1M ransom payment

While no public safety services were compromised in the ransomware attack on San Bernardino County's Sheriff's Department, the government opted to $1.1 million to threat actors. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 10 May 2023
Dragos discloses blocked ransomware attack, extortion attempt

Dragos Inc. published a blog post that outlined a likely ransomware attack it stopped this week, though a threat actor obtained 'general use data' for new hires. Continue Reading
By
- Arielle Waldman, News Writer
News 10 May 2023
Akamai bypasses mitigation for critical Microsoft Outlook flaw

Enterprises might remain vulnerable to a critical Outlook flaw that Microsoft patched in March, as an Akamai researcher uncovered a way to bypass remediation efforts. Continue Reading
By
- Arielle Waldman, News Writer
News 04 May 2023
Ransomware attack disrupts Dallas police, city services

The city said less than 200 government devices were compromised by the Royal ransomware attack, though it's unclear if threat actors exfiltrated sensitive data. Continue Reading
By
- Alexis Zacharakos, Student Co-op
Feature 02 May 2023
Where climate change and cyber attacks intersect

One session at RSA Conference 2023 focused on climate change -- a topic that is not commonly featured during cybersecurity conversations, but should be. Continue Reading
By
- Sharon Shea, Executive Editor
News 27 Apr 2023
Secureworks CEO weighs in on XDR landscape, AI concerns

Secureworks CEO Wendy Thomas talks with TechTarget Editorial about the evolution of the threat detection and response market, as well as the risks posed by new AI technology. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 26 Apr 2023
CISA aims to reduce email threats with serial CDR prototype

CISA officials at RSA Conference 2023 showed off a prototype designed to measure the risk of suspicious files and remove them from email and web services. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Apr 2023
How ransomware victims can make the best of a bad situation

At RSA Conference 2023, Mandiant's Jibran Ilyas provided tips for ransomware victims that decide to pay, including a list of counterdemands to make to the threat actors. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 26 Apr 2023
CrowdStrike details new MFA bypass, credential theft attack

At RSA Conference 2023, CrowdStrike demonstrated an effective technique that a cybercrime group used in the wild to steal credentials and bypass MFA in Microsoft 365. Continue Reading
By
- Rob Wright, Senior News Director
News 25 Apr 2023
Rising AI tide sweeps over RSA Conference, cybersecurity

AI is everywhere at RSA Conference 2023, though experts have differing views about why the technology has become omnipresent and how it will best serve cybersecurity. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 25 Apr 2023
RSAC speaker offers ransomware victims unconventional advice

Triton Tech Consulting CEO Brandon Clark advised organizations to set aside the stigma of 'negotiating with terrorists' when deciding whether to pay a ransomware gang. Continue Reading
By
- Alexis Zacharakos, Student Co-op
Tip 20 Apr 2023
6 Mac antivirus options to improve internet security

Organizations with macOS desktops under their management need to ensure their security products can support Macs. Review these six antivirus products with macOS support. Continue Reading
By
- Robert Sheldon
Answer 19 Apr 2023
How to defend against TCP port 445 and other SMB exploits

Keeping TCP port 445 and other SMB ports open is necessary for resource sharing, yet this can create an easy target for attackers without the proper protections in place. Continue Reading
By
- Diana Kelley, SecurityCurve
Tip 17 Apr 2023
How to build a cybersecurity deception program

In 'The Art of War,' Sun Tzu declared, 'All warfare is based on deception.' Learn how to apply this principle in the enterprise by building a cybersecurity deception program. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Guest Post 14 Apr 2023
Pen testing amid the rise of AI-powered threat actors

The importance of pen testing continues to increase in the era of AI-powered attacks, along with red teaming, risk prioritization and well-defined goals for security teams. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
Tutorial 13 Apr 2023
How to use the John the Ripper password cracker

Password crackers are essential tools in any pen tester's toolbox. This step-by-step tutorial explains how to use John the Ripper, an open source offline password-cracking tool. Continue Reading
By
- Ed Moyle, Drake Software
Definition 13 Apr 2023
Microsoft Defender for Endpoint (formerly Windows Defender ATP)

Microsoft Defender for Endpoint -- formerly Microsoft Defender Advanced Threat Protection or Windows Defender ATP -- is an endpoint security platform designed to help enterprise-class organizations prevent, detect and respond to security threats. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Brien Posey
Tip 12 Apr 2023
How to use a CASB to manage shadow IT

Shadow IT can cost organizations time, money and security. One way to combat unauthorized use of applications is to deploy a CASB. Continue Reading
By
- Paul Kirvan
News 11 Apr 2023
Recorded Future launches OpenAI GPT model for threat intel

The new OpenAI GPT model was trained on Recorded Future's large data set and interprets evidence to help support enterprises struggling with cyberdefense. Continue Reading
By
- Arielle Waldman, News Writer
Definition 11 Apr 2023
intrusion prevention system (IPS)

An intrusion prevention system (IPS) is a cybersecurity tool that examines network traffic to identify potential threats and automatically take action against them. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 07 Apr 2023
Microsoft, Fortra get court order to disrupt Cobalt Strike

Microsoft, Fortra and the Health Information Sharing and Analysis center announced they obtained a court order in an effort to curb malicious Cobalt Strike use. Continue Reading
By
- Arielle Waldman, News Writer
News 30 Mar 2023
3CX desktop app compromised, abused in supply chain attack

3CX customers noticed that several threat detection platforms began flagging and blocking the UC vendor's desktop application last week due to malicious activity in the executable. Continue Reading
By
- Rob Wright, Senior News Director
News 29 Mar 2023
Google: Spyware vendors exploiting iOS, Android zero days

Recent campaigns observed by Google's Threat Analysis Group showed spyware vendors' use of zero days and known vulnerabilities pose an increasing threat. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Mar 2023
Microsoft launches AI-powered Security Copilot

Microsoft Security Copilot is an AI assistant for infosec professionals that combines OpenAI's GPT-4 technology with the software giant's own cybersecurity-trained model. Continue Reading
By
- Rob Wright, Senior News Director
Feature 28 Mar 2023
Publicly disclosed U.S. ransomware attacks in 2023

TechTarget Editorial's ransomware database collects public disclosures, notifications and confirmed reports of attacks against U.S. organizations each month. Continue Reading
By
- Rob Wright, Senior News Director
Tip 28 Mar 2023
Compare breach and attack simulation vs. penetration testing

A deep dive into breach and attack simulation vs. penetration testing shows both tools prevent perimeter and data breaches. Find out how they complement each other. Continue Reading
By
- Rob Shapland
Definition 23 Mar 2023
forensic image

A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders and unallocated, free and slack space. Continue Reading
By
- Paul Kirvan
News 22 Mar 2023
Cyber insurance carriers expanding role in incident response

While cyber insurance has its benefits, infosec professionals expressed concern that carriers have too much influence over incident response decisions, especially with ransomware. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Mar 2023
ZenGo finds transaction simulation flaw in Coinbase, others

Referred to as a 'red pill attack,' ZenGo researchers discovered a way to exploit smart contracts and bypass security features known as transaction simulation solutions. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 21 Mar 2023
4 ChatGPT cybersecurity benefits for the enterprise

As OpenAI technology matures, ChatGPT could help close cybersecurity's talent gap and alleviate its rampant burnout problem. Learn about these and other potential benefits. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Definition 20 Mar 2023
packet filtering

Packet filtering is the process of passing or blocking data packets at a network interface by a firewall based on source and destination addresses, ports or protocols. Continue Reading
By
- Gavin Wright
News 17 Mar 2023
Google warns users of Samsung Exynos zero-day vulnerabilities

To prevent threat actors from exploiting the unpatched attack vectors, Google Project Zero made an exception for four Exynos chipset flaws by extending its disclosure timeline. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 09 Mar 2023
Why enterprise SecOps strategies must include XDR and MDR

Adopting extended detection and response and employing managed detection and response services may be the missing pieces of the SOC modernization puzzle. Continue Reading
By
- Dave Gruber, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 09 Mar 2023
Flashpoint: Threat vectors converging, increasing damage

The threat intelligence vendor warned that threat actors are increasingly combining known vulnerabilities, stolen credentials and exposed data to wreak maximum damage. Continue Reading
By
- Arielle Waldman, News Writer
News 07 Mar 2023
Vishing attacks increasing, but AI's role still unclear

The volume of vishing attacks continues to rise. But threat researchers say it's difficult to attribute such threats to artificial intelligence tools and deepfake technology. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 06 Mar 2023
Police raids target 'core' DoppelPaymer ransomware members

A coordinated law enforcement effort last week resulted in raids and arrest warrants against 'core members' of the infamous DoppelPaymer ransomware group. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Feb 2023
Rapid7: Attackers exploiting vulnerabilities 'faster than ever'

Rapid7's 2022 Vulnerability Intelligence Report analyzed how attackers' increasing speed in deploying exploits affected an onset of widespread threats in 2022. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Feb 2023
Bitdefender releases decryptor for MortalKombat ransomware

MortalKombat ransomware was first spotted in January, but Bitdefender has already cracked the new variant and released a free decryptor to help victims recover data. Continue Reading
By
- Rob Wright, Senior News Director
News 22 Feb 2023
Exploitation attempts observed against Fortinet FortiNAC flaw

Hours after Horizon3.ai released a proof of concept exploit through GitHub, Shadowserver Foundation observed several IP addresses attempting to exploit the vulnerability. Continue Reading
By
- Arielle Waldman, News Writer
News 22 Feb 2023
IBM: Ransomware defenders showing signs of improvement

According to IBM X-Force's Threat Intelligence Index report, a smaller percentage of threat actors executed a ransomware attack after gaining access in 2022 than in 2021. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 16 Feb 2023
No relief in sight for ransomware attacks on hospitals

Despite being off limits for some hackers, hospitals continue to be lucrative targets for ransomware groups because of their valuable data and higher rate of paying ransoms. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 15 Feb 2023
Cisco Talos spots new MortalKombat ransomware attacks

Researchers discovered the threat campaign is also using a new GO version of malware called Laplas Clipper to steal cryptocurrency from individuals and businesses in the U.S. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Feb 2023
U.S., U.K. hit TrickBot cybercrime gang with sanctions

TrickBot malware has caused considerable damage to U.S. organizations, particularly in the healthcare industry, and was used in Conti and Ryuk ransomware attacks. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 08 Feb 2023
ESXiArgs ransomware campaign raises concerns, questions

This Risk & Repeat podcast looks at the widespread ESXiArgs ransomware attacks and the questions they've raised about the threat landscape, vulnerability patching and more. Continue Reading
By
- Rob Wright, Senior News Director
Definition 03 Feb 2023
passive reconnaissance

Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems. Continue Reading
By
- Robert Sheldon
Tutorial 01 Feb 2023
How to use BeEF, the Browser Exploitation Framework

The open source BeEF pen testing tool can be used by red and blue teams alike to hook web browsers and use them as beachheads to launch further attacks. Continue Reading
By
- Ed Moyle, Drake Software
Podcast 31 Jan 2023
Risk & Repeat: The FBI's Hive ransomware takedown

This podcast episode discusses the law enforcement operation that led to the infiltration and takedown of the Hive network and what it could mean for other ransomware gangs. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 30 Jan 2023
Schools don't pay, but ransomware attacks still increasing

Ransomware gangs have increasingly focused their attacks on the K-12 education sector, even though most school districts do not pay the ransom. But how long will that last? Continue Reading
By
- Alexis Zacharakos, Student Co-op