Threat detection and response
Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.
Top Stories
-
News
02 Dec 2024
AWS launches automated service for incident response
AWS Security Incident Response, which launched ahead of the re:Invent 2024 conference this week, can automatically triage and remediate events detected in Amazon GuardDuty. Continue Reading
-
Tip
27 Nov 2024
How AI is reshaping threat intelligence
As promising as AI technology is for threat intelligence, organizations grapple with a long learning curve and other challenges that could impede successful adoption. Continue Reading
-
News
12 Jan 2023
Windows zero day patched but exploitation activity unclear
Avast threat researchers detected exploitation of a Windows zero-day flaw in the wild, and organizations are being urged to patch the flaw immediately. Continue Reading
-
News
11 Jan 2023
Vulnerable software, low incident reporting raises risks
Beneath the buzz around tech innovations at CES were discussions about cybersecurity and how to prevent the next generation of tech from being just as vulnerable as the last. Continue Reading
-
News
10 Jan 2023
BitSight, Schneider Electric partner to quantify OT risk
The new partnership aims to provide organizations with increased visibility and risk detection capabilities for operational technology environments and critical infrastructure. Continue Reading
-
Podcast
10 Jan 2023
Risk & Repeat: Analyzing the Rackspace ransomware attack
This Risk & Repeat podcast episode discusses new details of the Rackspace ransomware attack, as well as the questions remaining following the company's final status update. Continue Reading
-
News
06 Jan 2023
Rackspace: Ransomware actor accessed 27 customers' data
Rackspace said Personal Storage Tables of 27 customers were accessed in the attack last month, but added there was no evidence threat actors viewed, obtained or misused the data. Continue Reading
-
Guest Post
28 Dec 2022
Understanding current XDR elements and options
What do existing extended detection and response products provide? Learn about EDR+, SIEM+ and Comprehensive options, which all provide varying levels of XDR. Continue Reading
-
Tip
27 Dec 2022
How to prevent and mitigate process injection
Process injection is a defense evasion technique that helps attackers hide from enterprise security systems. Learn how it works and how to mitigate it. Continue Reading
-
News
21 Dec 2022
Play ransomware actors bypass ProxyNotShell mitigations
CrowdStrike is urging organizations to apply the latest Microsoft Exchange updates after investigations revealed attackers developed a bypass for ProxyNotShell mitigations. Continue Reading
-
Tip
21 Dec 2022
How to use Microsoft Sentinel with Office 365 to find risks
The security product attempts to ferret out threats that originate from apps and services then assists the enterprise with an automatic response to head off trouble. Continue Reading
-
News
20 Dec 2022
NCC Group: Ransomware attacks increased 41% in November
In addition to a month full of unexpected trends in both threat group activity and targeted sectors, NCC Group warned organizations to be aware of an increase in DDoS attacks. Continue Reading
-
Feature
19 Dec 2022
11 cybersecurity predictions for 2023
Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
-
News
09 Dec 2022
Claroty unveils web application firewall bypassing technique
Claroty's attack technique bypasses web application firewalls, or WAFs, by tricking those that can't detect JSON as part of their SQL injection detection process. Continue Reading
-
News
07 Dec 2022
Vice Society ransomware 'persistent threat' to education sector
New research from Palo Alto Networks supports recent government warnings that Vice Society poses an increased risk to K-12 schools and higher education. Continue Reading
-
Opinion
02 Dec 2022
XDR definitions don't matter, outcomes do
Despite remaining confusion about what XDR is, security teams need to improve threat detection and response. ESG research revealed plans for increased XDR spending in 2023. Continue Reading
-
Opinion
02 Dec 2022
7 steps to implementing a successful XDR strategy
There's still confusion around what extended detection and response is, but it will play a key role in enterprise security. To successfully implement XDR, follow these steps. Continue Reading
-
News
01 Dec 2022
Archive files become preferred format for malware delivery
The team at HP Wolf Security found that cybercriminals are using archive files as the preferred method for spreading malware, beating Microsoft Office for the first time. Continue Reading
-
News
30 Nov 2022
Lockbit 3.0 has BlackMatter ransomware code, wormable traits
LockBit 3.0 or 'LockBit Black' includes anti-debugging capabilities, the ability to delete Volume Shadow Copy files and the potential ability to self-spread via legitimate tools. Continue Reading
-
News
22 Nov 2022
Google's new YARA rules fight malicious Cobalt Strike use
Google's YARA rules detect cracked versions of Cobalt Strike's older releases so that legitimate instances of the red teaming tool, which use the latest version, aren't targeted. Continue Reading
-
News
17 Nov 2022
Magecart malware menaces Magento merchants
Sansec researchers say as many as 38% of commercial customers running the Adobe Commerce and Magento platforms could be infected with Magecart's TrojanOrders malware. Continue Reading
-
Tip
17 Nov 2022
Industrial control system security needs ICS threat intelligence
Threat actors and nation-states constantly try to find ways to attack all-important industrial control systems. Organizations need specialized ICS threat intelligence to fight back. Continue Reading
-
News
17 Nov 2022
CISA: Iranian APT actors compromised federal network
CISA said Iranian nation-state actors exploited Log4Shell flaws on an unpatched VMware Horizon server before deploying a cryptominer and attempting to gain persistent access. Continue Reading
-
Tip
17 Nov 2022
Top Kali Linux tools and how to use them
Learning to use Kali Linux is a journey, the first step of which is discovering which of the hundreds of cybersecurity tools included are most relevant to the task at hand. Continue Reading
-
News
17 Nov 2022
LockBit ransomware activity nose-dived in October
LockBit, the most prolific ransomware group in 2022, had itself a down month as GuidePoint Security researchers reported a 49% decrease in its infections for October. Continue Reading
-
Tip
16 Nov 2022
How Wireshark OUI lookup boosts network security
Learn why using Wireshark OUI lookup for tracking devices by their network interface's organizationally unique identifier is such an important tool for security pros. Continue Reading
-
News
14 Nov 2022
Moreno Valley school system shores up ransomware defenses
Moreno Valley Unified School District officials discuss the steps they've taken to better protect sensitive data and critical applications against the growing threat of ransomware. Continue Reading
-
News
10 Nov 2022
DOJ charges accused Lockbit ransomware actor
The U.S. Department of Justice filed criminal charges against a Canadian man with dual Russian citizenship who is accused of being part of the LockBit ransomware crew. Continue Reading
-
News
07 Nov 2022
Microsoft: Nation-state threats, zero-day attacks increasing
Microsoft's Digital Defense Report 2022 pointed the finger at China, which enacted a new vulnerability disclosure law last year, as the source of many zero-day attacks. Continue Reading
-
News
04 Nov 2022
Yanluowang ransomware gang goes dark after leaks
The Yanluowang ransomware operation appears to have shut down for the time being after an anonymous individual published a series of internal code and chat leaks. Continue Reading
-
News
02 Nov 2022
U.S. Treasury: Ransomware attacks increased in 2021
A new report from the U.S. Treasury's Financial Crimes Enforcement Network showed an increase in businesses reporting ransomware attacks in the second half of 2021. Continue Reading
-
Tip
01 Nov 2022
Where do business continuity plans fit in a ransomware attack?
Recovery isn't the only priority when ransomware hits. Careful planning, training and coordination among IT teams are critical to maintain business continuity during an attack. Continue Reading
-
Tip
31 Oct 2022
Why and how to use container malware scanning software
Malware is on the rise, and containers are potential attack vectors. Learn why it's crucial to check containers for vulnerabilities and compare container malware scanning tools. Continue Reading
-
News
26 Oct 2022
Ukraine: Russian cyber attacks aimless and opportunistic
Victor Zhora, a key Ukrainian cybersecurity official, says Russia is acting with "no particular strategy" in its cyber attacks on his country as their military invasion drags on. Continue Reading
-
News
26 Oct 2022
Cisco, CISA warn 2 AnyConnect flaws are under attack
CISA added two Cisco AnyConnect flaws to its Known Exploited Vulnerabilities catalog, which signals active exploitation and an urgency to patch. Continue Reading
-
News
24 Oct 2022
CISA warns of ransomware attacks on healthcare providers
A new CISA advisory warned administrators at hospitals and healthcare providers about newly discovered ransomware variant, dubbed Daixin Team, that poses a particular threat. Continue Reading
-
News
21 Oct 2022
BlackByte ransomware using custom data exfiltration tool
Symantec researchers say BlackByte ransomware may be poised to move into the elite ransomware ranks, as the group has begun developing its own custom malware tools. Continue Reading
-
News
20 Oct 2022
Brazil arrests alleged Lapsus$ hacker
Federal police in Brazil arrested a person accused of being a key member of the Lapsus$ hacking group on charges related to the takedown of government websites. Continue Reading
-
News
19 Oct 2022
Mandiant launches Breach Analytics for Google's Chronicle
Mandiant Breach Analytics for Google Cloud's Chronicle marks a new product launch from the security giant after its acquisition by Google was completed last month. Continue Reading
-
News
13 Oct 2022
Despite LockBit rebound, ransomware attacks down in 2022
LockBit cybercriminals are back in action with new ransomware attacks and publicity pushes. But many other new groups saw lower levels in activity in Q3, according to Cyberint. Continue Reading
-
Feature
13 Oct 2022
Why Kali Linux is the go-to distribution for penetration testing
Discover why penetration testers prefer to use the Kali Linux distribution for offensive security, from collecting useful tools together to being usable from multiple devices. Continue Reading
-
News
05 Oct 2022
APTs compromised defense contractor with Impacket tools
A CISA alert warned that APT actors compromised a defense contractor's Microsoft Exchange server and used Impacket, an open source Python toolkit, to move laterally in the network. Continue Reading
-
News
05 Oct 2022
Ransomware attacks ravage schools, municipal governments
Attacks disclosed in September revealed that K-12 schools, universities and local governments continued to suffer at the hands of gangs such as Vice Society and BlackCat/Alphv. Continue Reading
-
News
04 Oct 2022
Secureworks finds network intruders see little resistance
A report from Secureworks found that in many network intrusions, the attackers only need to employ basic, unsophisticated measures to evade detection. Continue Reading
-
News
03 Oct 2022
Intermittent encryption attacks: Who's at risk?
Threat analysts have observed some ransomware gangs using a new technique that only partially encrypts victims' files, which could evade some ransomware defenses. Continue Reading
-
News
29 Sep 2022
Cobalt Strike malware campaign targets job seekers
Cisco Talos researchers spotted a new wave of phishing attacks that target job seekers in the U.S. and New Zealand, infecting them with Cobalt Strike beacons. Continue Reading
-
News
29 Sep 2022
Mandiant spots new malware targeting VMware ESXi hypervisors
Mandiant researchers said the backdoors were installed with a novel technique that used malicious vSphere Installation Bundles, though it's unclear how initial access was achieved. Continue Reading
-
Tip
29 Sep 2022
The 5 principles of zero-trust security
Zero trust is a journey, not a destination. Ensure your corporate network is safe from internal and external threats by implementing these five principles of zero-trust security. Continue Reading
-
Tip
26 Sep 2022
Does AI-powered malware exist in the wild? Not yet
AI sending out malware attacks may invoke images of movielike, futuristic technology, but it may not be too far from reality. Read up on the future of AI-powered malware. Continue Reading
-
News
23 Sep 2022
Malicious NPM package discovered in supply chain attack
Threat actors are circulating a look-alike version of the Material Tailwind NPM package to infect developers for supply chain malware attacks, according to ReversingLabs. Continue Reading
-
Podcast
23 Sep 2022
Risk & Repeat: Uber and Rockstar Games hacked
This podcast episode discusses recent hacks against Uber and Rockstar Games, the techniques of the attackers and the possible connection to the Lapsus$ cybercrime group. Continue Reading
-
News
21 Sep 2022
Cybercriminals launching more MFA bypass attacks
New research from Okta shows that cybercrime groups have stepped up their attacks on multifactor authentication systems in an effort to thwart account security measures. Continue Reading
-
News
19 Sep 2022
Uber says Lapsus$ hackers behind network breach
Uber said a hacker from the Lapsus$ group used stolen credentials from a contractor to gain access to several important silos within its internal network. Continue Reading
-
Tip
16 Sep 2022
Discover the benefits and challenges of bug bounty programs
Bug bounty programs have a number of benefits and challenges. Before adopting such a program at your organization, read up on the pros and cons to decide if it would be a good fit. Continue Reading
-
News
16 Sep 2022
DOJ drops report on cryptocurrency crime efforts
The U.S. Department of Justice issued a report to President Biden on its various enforcement efforts around cybercrime and digital currency, as well as looming challenges. Continue Reading
-
Guest Post
16 Sep 2022
How SOCs can identify the threat actors behind the threats
Learn how SOC teams can track threat actors by understanding the factors that influence an attack, such as the type of infrastructure used or commonly targeted victims. Continue Reading
-
News
15 Sep 2022
Webworm retools old RATs for new cyberespionage threat
Symantec's Threat Hunter Team uncovered a new cyberespionage campaign run by a threat group named Webworm, which uses customized versions of old remote access Trojans. Continue Reading
-
News
14 Sep 2022
U.S. drops the hammer on Iranian ransomware outfit
The departments of Justice and the Treasury announced criminal charges and sanctions against a group of Iranian nationals accused of running an international ransomware operation. Continue Reading
-
News
08 Sep 2022
LockBit gang leads the way for ransomware
New research from Malwarebytes shows LockBit is far and away the most prolific ransomware gang, with hundreds of confirmed attacks across the globe in recent months. Continue Reading
-
News
08 Sep 2022
Cisco Talos traps new Lazarus Group RAT
The North Korean-backed Lazarus Group has deployed a new type of remote access Trojan that has already been turned against foreign government networks and private energy companies. Continue Reading
-
News
06 Sep 2022
Ransomware hits Los Angeles Unified School District
The second-largest public school system in the U.S. confirmed a ransomware attack caused districtwide disruption to various services over the holiday weekend. Continue Reading
-
Tip
01 Sep 2022
Cybersecurity budget breakdown and best practices
Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
-
News
25 Aug 2022
Ransomware defies seasonal trends with increase
The return and rebranding of major crews saw the volume of ransomware attacks in July jump 47%, defying seasonal trends, according to researchers at NCC Group. Continue Reading
-
Tutorial
25 Aug 2022
How to build a vulnerability scanner with PowerShell
What do you do if there's a zero-day threatening your organization? When you need to act fast, use PowerShell to uncover vulnerabilities hiding in your environment. Continue Reading
-
Tip
25 Aug 2022
How SPF records prevent email spoofing, phishing and spam
Forged email has long been used by hackers to break into protected systems. Learn how the Sender Policy Framework protocol helps stop spoofing, phishing and other malicious mail. Continue Reading
-
Tip
24 Aug 2022
5 key questions to evaluate cloud detection and response
Consider these five questions before deciding to invest in a specialized cloud detection and response product. Continue Reading
-
News
18 Aug 2022
Russian cyber attacks on Ukraine driven by government groups
Researchers with Trustwave say the cyber attacks against Ukraine are not the work of enlisted private hacking groups but Russian government intelligence agencies. Continue Reading
-
News
17 Aug 2022
Google patches yet another Chrome zero-day vulnerability
Google issued an update Wednesday to address a potentially serious security vulnerability in its Chrome browser, and the company urged users to patch their browsers immediately. Continue Reading
-
Podcast
17 Aug 2022
Risk & Repeat: Black Hat 2022 recap
This Risk & Repeat podcast episode discusses the Black Hat 2022 conference in Las Vegas and the notable sessions, major themes and hot topics from the show. Continue Reading
-
Tip
17 Aug 2022
How to create a threat profile, with template
Read five key steps on how to create a threat profile, and get started making them customized to your organization with our free template. Continue Reading
-
Definition
12 Aug 2022
What is Domain-based Message Authentication, Reporting and Conformance (DMARC)?
The Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol is one leg of the tripod of internet protocols that support email authentication methods. Continue Reading
-
News
11 Aug 2022
Google researchers dissect Android spyware, zero days
Researchers with Google's Threat Analysis Group say the ecosystem of surveillance vendors is far larger than just NSO Group, and some vendors are sharing or trading exploits. Continue Reading
-
Feature
11 Aug 2022
What is data security? The ultimate guide
Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
-
News
10 Aug 2022
Industroyer2: How Ukraine avoided another blackout attack
A Black Hat 2022 session explained how the latest attack on Ukraine's energy grid was thwarted this spring, thanks to quick responses and timely sharing of threat data. Continue Reading
-
News
08 Aug 2022
U.S. sanctions another cryptocurrency mixer in Tornado Cash
The U.S. Treasury Department issued sanctions against Tornado Cash, a cryptocurrency mixer accused of helping North Korea's Lazarus Group launder stolen funds. Continue Reading
-
News
08 Aug 2022
VMware: The threat of lateral movement is growing
The majority of incident response professionals surveyed for VMware's 'Global Incident Response Threat Report' observed lateral movement in at least some attacks in the past year. Continue Reading
-
News
04 Aug 2022
Amazon CSO Steve Schmidt talks prescriptive security for AWS
In part two of this Q&A, Amazon CSO Steve Schmidt discusses why AWS has taken a more prescriptive approach to customer security and how it influences areas like incident response. Continue Reading
-
News
02 Aug 2022
New Microsoft tools aim to protect expanding attack surface
New security concerns have arisen around initial attack vectors and visibility into a broader attack surface as companies have moved to the cloud, according to Microsoft. Continue Reading
-
Tip
01 Aug 2022
Top 10 UEBA enterprise use cases
The top user and entity behavior analytics use cases fall in cybersecurity, network and data center operations, management and business operations. Check out the risks. Continue Reading
-
News
29 Jul 2022
Coveware: Median ransom payments dropped 51% in Q2
Coveware hypothesized that large enterprises are making themselves more expensive targets for ransomware gangs and refusing to give into high demands. Continue Reading
-
News
28 Jul 2022
AWS adds Kubernetes security tie-ins amid SecOps tool sprawl
Amazon Detective pulls Kubernetes security data into a broader threat detection and CSPM context as IT pros at large orgs seek integrated multi-cloud security workflows. Continue Reading
-
Feature
28 Jul 2022
How to develop a data breach response plan: 5 steps
A data breach response plan outlines how a business will react to a breach. Follow these five steps, and use our free template to develop your organization's plan. Continue Reading
-
News
28 Jul 2022
How Zoom security incident response survived the pandemic
March 2020's influx of users meant the video conferencing company had to massively scale its incident response operation and the observability infrastructure that fed it, and fast. Continue Reading
-
Definition
27 Jul 2022
stack overflow
A stack overflow is a type of buffer overflow error that occurs when a computer program tries to use more memory space in the call stack than has been allocated to that stack. Continue Reading
-
Definition
27 Jul 2022
data breach
A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion. Continue Reading
-
News
26 Jul 2022
CrowdStrike launches cloud threat hunting service
Launched at AWS re:Inforce 2022, CrowdStrike's Falcon OverWatch Cloud Threat Hunting is a standalone threat hunting service built to stop advanced threats from within the cloud. Continue Reading
-
Definition
22 Jul 2022
insider threat
An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets. Continue Reading
-
News
21 Jul 2022
NCC Group observes a drop in ransomware attacks -- for now
Changes in top ransomware-as-a-service groups like LockBit 2.0 and Conti accounted for the decline in activity, though NCC Group anticipates attacks will ramp back up. Continue Reading
-
News
21 Jul 2022
SynSaber: Only 41% of ICS vulnerabilities require attention
The industrial cybersecurity vendor analyzed 681 ICS vulnerabilities that were disclosed this year and found many had a low probability of exploitation. Continue Reading
-
News
20 Jul 2022
DOJ report warns of escalating cybercrime, 'blended' threats
The Department of Justice's cyber review report warned that the lines between conventional cybercriminal activity and national security threats have all but disappeared. Continue Reading
-
Definition
20 Jul 2022
network packet
A network packet is a basic unit of data that's grouped together and transferred over a computer network, typically a packet-switched network, such as the internet. Continue Reading
-
Feature
20 Jul 2022
VMDR: Inside vulnerability management, detection and response
VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool? Continue Reading
-
News
20 Jul 2022
Sophos launches cross-operational task force X-Ops
The Sophos X-Ops team aims to create an AI-assisted security operations center using the cybersecurity vendor's research and threat response teams. Continue Reading
-
Feature
19 Jul 2022
Cyber-war game case study: Preparing for a ransomware attack
In this real-world cyber-war game case study, an exercise on ransomware preparedness helped a company discover shortcomings in its incident response plan. Continue Reading
-
News
15 Jul 2022
Cryptocurrency mixer activity reaches new heights in 2022
Chainalysis observed a stark uptick in April that led to a steady decline in May and June, but illicit addresses and DeFi platforms have kept mixers busy so far this year. Continue Reading
-
Podcast
15 Jul 2022
Risk & Repeat: Ransomware in 2022 so far
This podcast episode discusses ransomware in 2022, including an apparent decrease in attacks, the evolution of cybercrime operations and the lack of visibility into the threat. Continue Reading
-
Tip
15 Jul 2022
Pen testing vs. vulnerability scanning: What’s the difference?
Confused by the differences between pen tests and vulnerability scans? You're not alone. Learn the key differences between the two and when each should be used. Continue Reading
-
News
14 Jul 2022
Cryptocurrency crash triggers crisis for dark web exchanges
Cybersixgill says dark web exchanges that help cybercriminals launder their funds are facing a crisis as users are cashing out amid a cryptocurrency price crash. Continue Reading
-
News
14 Jul 2022
Catalogic adds to ransomware detection trend with GuardMode
Catalogic has joined the ranks of data backup vendors that are providing ransomware detection and recovery tools to the backup admin. Continue Reading
-
News
13 Jul 2022
Researcher develops Hive ransomware decryption tool
Despite being only a year old, Hive ransomware has grown into a prominent ransomware-as-a-service operator. The decryptor tackles Hive's newer, better-encrypted version. Continue Reading
-
News
13 Jul 2022
Supreme Court justices doxxed on dark web
Five conservative Supreme Court justices were reportedly doxxed by threat actors that claim to have obtained credit card numbers, addresses and other information. Continue Reading
-
News
07 Jul 2022
Early detection crucial in stopping BEC scams
Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails. Continue Reading