Threats and vulnerabilities

Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.

Top Stories

News 18 Dec 2024
CISA issues mobile security guidance following China hacks

Following the Salt Typhoon attacks, CISA offers advice to 'highly targeted' individuals, such as using end-to-end encryption and moving away from purely SMS-based MFA. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tutorial 18 Dec 2024
How to use the Hydra password-cracking tool

Ethical hackers: Need help brute-forcing passwords? Get started by learning how to use the open source Hydra tool with this step-by-step tutorial and companion video. Continue Reading
By
- Ed Moyle, Drake Software

News 01 Mar 2022
Nvidia confirms breach, proprietary data leaked online

Nvidia has confirmed some of the claims from a little-known ransomware gang that allegedly broke into the network of the GPU giant and stole corporate data. Continue Reading
By
- Shaun Nichols
News 01 Mar 2022
HermeticWiper poses increasing cyber risk to Ukraine

While it has not been attributed to a specific threat group, ESET researchers observed another data-wiping malware that targeted a Ukrainian organization and warned it could extend to allies. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Feb 2022
Recorded Future: Russia may retaliate with cyber attacks

Recorded Future warned U.S. and European organizations could be hit by 'spillover attacks' or intentional retaliatory strikes from Russia following its invasion of Ukraine. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Feb 2022
Conti ransomware gang backs Russia, threatens U.S.

The Conti ransomware gang announced last week that they were in 'full support' of Russia and would retaliate if the West attacked Russian critical infrastructure. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 28 Feb 2022
Implement API rate limiting to reduce attack surfaces

Rate limiting can help developers prevent APIs from being overwhelmed with requests, thus preventing denial-of-service attacks. Learn how to implement rate limiting here. Continue Reading
By
- Kyle Johnson, Technology Editor
- Manning Publications Co.
Feature 28 Feb 2022
API security methods developers should use

Developers can reduce the attack surface by implementing security early in the API development process and knowing methods to secure older APIs that can't be deprecated. Continue Reading
By
- Kyle Johnson, Technology Editor
News 25 Feb 2022
Researchers find access brokers focused on US targets

Security vendors studied 'access broker' advertisements on the dark web, which provide ransomware groups with the network and system access required for data thefts. Continue Reading
By
- Shaun Nichols
News 24 Feb 2022
New data wiper malware hits Ukraine targets

HermeticWiper is similar to another data-wiping malware known as WhisperGate, which was used in cyber attacks against Ukraine last month. Both used ransomware as an apparent decoy. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 24 Feb 2022
Pave a path to cybersecurity and physical security convergence

Physical security doesn't get the attention cybersecurity does, but that gap poses significant risks. Find out what you can do to better protect your organization's assets. Continue Reading
By
- Johna Till Johnson, Nemertes Research
News 24 Feb 2022
New tech, same threats for Web 3.0

Emerging technologies are prone to old-school social engineering attacks and credential-swiping techniques, according to Cisco Talos researchers who analyzed the new platforms. Continue Reading
By
- Shaun Nichols
News 23 Feb 2022
US, UK attribute Cyclops Blink to Sandworm

The group known for its use of VPNFilter malware has retooled with what is being tracked as Cyclops Blink, but its impact appears limited to WatchGuard business customers for now. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Feb 2022
Dragos: Ransomware topped ICS and OT threats in 2021

Whether ICS and OT networks were intentionally targeted or not, ransomware was found to be the No. 1 compromise to industrial organizations last year. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Feb 2022
IBM: REvil dominated ransomware activity in 2021

IBM X-Force's Threat Intelligence Index report also found a 'triple extortion' ransomware tactic in 2021, where threat actors use DDoS attacks to put extra pressure on victims. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 22 Feb 2022
Top 6 critical infrastructure cyber-risks

Cyber attacks on critical infrastructure assets can cause enormous and life-threatening consequences. Discover the top cyber-risks to critical infrastructure here. Continue Reading
By
- Paul Rostick
News 17 Feb 2022
FBI: BEC attacks spreading to virtual meetings

Since the start of the COVID-19 pandemic, many workplaces have shifted to virtual meeting platforms, and the FBI warned that threat actors have taken note. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Opinion 17 Feb 2022
Shifting security left requires a GitOps approach

Shifting security left improves efficiency and minimizes risk in software development. Before successfully implementing this approach, however, key challenges must be addressed. Continue Reading
By
- Melinda Marks, Practice Director
News 17 Feb 2022
SonicWall: Ransomware attacks increased 105% in 2021

While 2021 represented a turning point for law enforcement and government action against ransomware, SonicWall still observed massive growth in attacks. Continue Reading
By
- Shaun Nichols
News 16 Feb 2022
Apache Cassandra vulnerability puts servers at risk

Certain non-default configurations of the Apache Cassandra database software could leave the door open for remote code execution attacks, according to JFrog researchers. Continue Reading
By
- Shaun Nichols
News 16 Feb 2022
Trickbot has infected 140,000-plus machines since late 2020

In October 2020, Microsoft reported that more than 90% of Trickbot's infrastructure had been disabled. The threat actor bounced back and began thriving soon after. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Feb 2022
Sophos discovers new attack targeting Exchange Servers

A new type of attack that utilizes the Squirrelwaffle malware and business email compromise may be an issue for organizations that have not patched their Exchange servers. Continue Reading
By
- Arielle Waldman, News Writer
Definition 15 Feb 2022
proxy hacking

Proxy hacking is a cyber attack technique designed to supplant an authentic webpage in a search engine's index and search results pages to drive traffic to an imitation site. Continue Reading
By
- Gavin Wright
News 15 Feb 2022
CrowdStrike: Attackers are moving faster, harder to detect

The CrowdStrike '2022 Global Threat Report' said attackers are getting better at exploiting vulnerabilities and moving through compromised networks before defenders can spot them. Continue Reading
By
- Shaun Nichols
News 15 Feb 2022
Ransomware tied to attacks on critical infrastructure last year

While recent law enforcement action may be altering the ransomware landscape, BlackBerry researchers observed high-profile attacks on critical infrastructure last year. Continue Reading
By
- Arielle Waldman, News Writer
News 14 Feb 2022
Fallout from REvil arrests shakes up ransomware landscape

Russian authorities recently announced more than a dozen arrests of alleged REvil members, heightening concern among ransomware affiliates on the dark web. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Feb 2022
FBI seized Colonial Pipeline ransom from DarkSide affiliate

New research from Chainalysis claims the DarkSide ransomware affiliate involved in last year's Colonial Pipeline attack also had ties to the NetWalker ransomware operation. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 09 Feb 2022
Ransomware groups shift from big game hunting

A joint cybersecurity advisory documented top ransomware trends for 2021 and addressed ways for organizations to improve security. Continue Reading
By
- Arielle Waldman, News Writer
Tip 09 Feb 2022
How to successfully scale software bills of materials usage

Companies must plan properly when implementing software bills of materials at scale. Accomplish these three goals to keep SBOMs updated, accurate and actionable, despite complexity. Continue Reading
By
- Ed Moyle, Drake Software
News 08 Feb 2022
Russia continues cybercrime offensive with SkyFraud takedown

Officials in Russia have knocked the SkyFraud credit card fraud operation offline in the latest of a string of police actions against cybercriminals in the region. Continue Reading
By
- Shaun Nichols
News 08 Feb 2022
Microsoft disables VBA macros by default

Microsoft's change in the default settings of five Office applications aims to shut down a widely used and longstanding threat vector to enterprises. Continue Reading
By
- Arielle Waldman, News Writer
Feature 08 Feb 2022
Pros and cons of manual vs. automated penetration testing

Automated penetration testing capabilities continue to improve, but how do they compare to manual pen testing? Get help finding which is a better fit for your organization. Continue Reading
By
- Kyle Johnson, Technology Editor
News 07 Feb 2022
Metaverse rollout brings new security risks, challenges

When companies and users decide to adapt the technologies of the coming metaverse, they will also expose themselves to a new class of security risks and vulnerabilities. Continue Reading
By
- Shaun Nichols
News 07 Feb 2022
Wormhole offers $10M to Ethereum thieves

Wormhole also offered $10 million to anyone who provided 'information leading to the arrest and conviction of those responsible' for last week's heist. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 Feb 2022
Cryptocurrency platform Wormhole loses $320M after attack

After a threat actor made off with 120,000 wrapped Ethereum, Wormhole said the stolen cryptocurrency had been 'restored,' but what that means remains in question. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 Feb 2022
DHS forms first-ever Cyber Safety Review Board

The new initiative is one in a string of many by the Biden administration to push public and private collaboration in addressing cyber threats such as Log4j vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 03 Feb 2022
The importance of a policy-driven threat modeling approach

An expanding threat landscape, combined with increasing cloud use and a cybersecurity skill shortage, is driving the need for a policy-driven threat modeling approach. Continue Reading
By
- Altaz Valani
Feature 02 Feb 2022
A day in the life of a cybersecurity manager

The role of a cybersecurity leader is often misunderstood. Experience a day in the life of a cybersecurity manager with this breakdown of a security leader's typical schedule. Continue Reading
By
- Isabella Harford, TechTarget
- O'Reilly Media
Feature 02 Feb 2022
Top cybersecurity leadership challenges and how to solve them

Security isn't always a top business priority. This creates challenges for the cybersecurity managers and teams that hope to integrate security into their company's agenda. Continue Reading
By
- Isabella Harford, TechTarget
News 02 Feb 2022
SolarMarker malware spread through advanced SEO poisoning

Sophos discovered SolarMarker malware was being distributed through fake SEO-focused topics in Google Groups, as well as malicious PDF files. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Feb 2022
More than 1,000 malware packages found in NPM repository

Researchers with WhiteSource were able to find some 1,300 examples of malware hiding under the guise of legitimate JavaScript packages on the NPM repository. Continue Reading
By
- Shaun Nichols
News 01 Feb 2022
Iranian hacking groups pick up the pace with new attacks

Two security vendors are reporting a fresh wave of targeted attacks and malware outbreaks believed to be the work of Iranian state-sponsored threat groups. Continue Reading
By
- Shaun Nichols
News 01 Feb 2022
Ransomware attacks continue to plague public services

Ransomware this year has picked up right where 2021 left off, with several local governments, schools and health services across the U.S. suffering attacks. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Feature 31 Jan 2022
How to prepare for malicious insider threats

Stopping malicious insider threats is just as important as preventing external ones. Uncover what to look for and strategies to prevent insider threats before they cause damage. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 31 Jan 2022
Include defensive security in your cybersecurity strategy

Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
By
- Kyle Johnson, Technology Editor
News 31 Jan 2022
Emsisoft releases DeadBolt ransomware decryption tool

Emsisoft's DeadBolt ransomware decryption tool fixes broken decryptor keys issued by threat actors, and works only if the victim has paid the ransom and received a key. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 28 Jan 2022
Protect APIs against attacks with this security testing guide

API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them. Continue Reading
By
- Michael Cobb
Podcast 28 Jan 2022
Risk & Repeat: The complicated world of Monero

This Risk & Repeat podcast episode looks at the state of Monero, a privacy-focused cryptocurrency, as well as recent cyber attacks against crypto exchanges. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 27 Jan 2022
SolarWinds hackers still active, using new techniques

CrowdStrike has tracked the latest threat activity and novel techniques from the SolarWinds hackers, a Russian state-sponsored group known as Cozy Bear. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 27 Jan 2022
How AI can help security teams detect threats

AI and machine learning are reshaping modern threat detection. Learn how they help security teams efficiently and accurately detect malicious actors. Continue Reading
By
- Rohit Dhamankar
News 27 Jan 2022
Apple security update fixes zero-day vulnerability

Apple released a series of security updates for bugs that included a critical zero-day vulnerability in iOS and macOS that is being actively exploited in the wild. Continue Reading
By
- Shaun Nichols
News 26 Jan 2022
DeadBolt ransomware targeting QNAP NAS storage devices

In addition to DeadBolt, QNAP NAS users have had to deal with multiple types of ransomware in recent months, including Qlocker and eCh0raix. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 26 Jan 2022
New vulnerability rating framework aims to fill in CVSS gaps

The CVSS vulnerability scale doesn't always give a clear picture of the risk of a vulnerability, but experts hope the emerging standard called EPSS will provide more clarity. Continue Reading
By
- Shaun Nichols
Tip 25 Jan 2022
Protect your data center from ransomware attacks

Consider how best to protect your data center from ransomware attackers: Keep safe, air-gapped backups; consolidate your infrastructure and prioritize critical assets. Continue Reading
By
- Alan R. Earls
News 25 Jan 2022
Sophos: Log4Shell impact limited, threat remains

Sophos threat researcher Chet Wisniewski detailed the unexpectedly limited impact Log4Shell had on organizations but warned of future exploitation and risks. Continue Reading
By
- Arielle Waldman, News Writer
Feature 24 Jan 2022
Enterprises reluctant to report cyber attacks to authorities

Despite some successful law enforcement operations, including the seizure of a ransom payment, infosec experts say many enterprises are still unlikely to report cyber attacks. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 21 Jan 2022
5 infosec predictions for 2022

If the predictions are correct, 2022 will be another groundbreaking year for information security. Have a look at the security forecast for the next 12 months. Continue Reading
By
- Kevin Hanes
Tip 20 Jan 2022
Introduction to automated penetration testing

Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation? Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 20 Jan 2022
Cisco: Patching bugs is about more than CVSS numbers

Cisco's Kenna Security advised enterprises to consider more than just CVSS scores and update advisories when deciding when and how to address security vulnerabilities. Continue Reading
By
- Shaun Nichols
News 18 Jan 2022
Cryptocurrency exchange Crypto.com hit by cyber attack

The cryptocurrency exchange said it detected unauthorized activity on some user accounts over the weekend, but questions remain on the severity of the attacks. Continue Reading
By
- Arielle Waldman, News Writer
News 18 Jan 2022
Ukraine hit with destructive malware attacks amidst turmoil

A new type of destructive malware was discovered by Microsoft after public and private organizations in Ukraine endured a series of cyber attacks as tensions with Russia grow. Continue Reading
By
- Shaun Nichols
Tip 18 Jan 2022
4 software supply chain security best practices

The increasing complexity of software supply chains makes it difficult for companies to understand all its components. Learn how to find vulnerabilities before attackers. Continue Reading
By
- Ed Moyle, Drake Software
News 18 Jan 2022
Ransomware actors increasingly demand payment in Monero

Though Bitcoin is still the cryptocurrency standard in ransomware payment demands, Monero has gained prominence due to its more private, less traceable technology. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jan 2022
Police seize VPN host allegedly facilitating ransomware

VPNLab is accused of facilitating cybercrime including ransomware and malware distribution, and its services were allegedly advertised on the dark web. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Jan 2022
Ukrainian police bust unnamed ransomware gang

A law enforcement raid in Ukraine resulted in the arrest of five suspects accused of deploying ransomware through phishing emails and making more than $1 million. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 13 Jan 2022
Is ransomware as a service going out of style?

Increased government pressure has backed many ransomware gangs into a corner, in turn forcing attackers to replace the ransomware-as-a-service model with a smash-and-grab approach. Continue Reading
By
- Mike Behrmann
Definition 13 Jan 2022
click fraud (pay-per-click fraud)

Click fraud -- sometimes called 'pay-per-click fraud' -- is a type of fraud that artificially inflates traffic statistics for online advertisements. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 11 Jan 2022
Microsoft: China-based ransomware actor exploiting Log4Shell

According to Microsoft, a threat actor tracked as DEV-0401 is utilizing Night Sky ransomware in its Log4j attacks, a variant first reported Jan. 1 that targets large enterprises. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 11 Jan 2022
SonicWall SMA 100 appliances beset by multiple vulnerabilities

SonicWall's security appliances can be compromised by several attacks on five vulnerabilities, including one remote code execution bug, according to Rapid7. Continue Reading
By
- Shaun Nichols
News 11 Jan 2022
NetUSB flaw could impact millions of routers

SentinelOne researcher Max Van Amerongen said the only way to fix the high-severity vulnerability is to update the router firmware, which can be a difficult process. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Jan 2022
Chainalysis: Cryptocurrency crime reaches all-time high

While illicit activity peaked at $14 billion in 2021, Chainalysis said it's a drop in the bucket compared with overall transactions amid 'roaring adoption' of cryptocurrency. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Jan 2022
VMware ESXi 7 users vulnerable to hypervisor takeover bug

A recent security update addressed a hypervisor takeover vulnerability in several VMware products, but the patch omitted one key server platform in ESXi 7. Continue Reading
By
- Shaun Nichols
Definition 10 Jan 2022
honeynet

A honeynet is a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers. Continue Reading
By
- Andrew Zola
Definition 10 Jan 2022
trusted computing base (TCB)

A trusted computing base (TCB) is everything in a computing system that provides a secure environment for operations. Continue Reading
By
- Rahul Awati
News 05 Jan 2022

NY AG's credential stuffing probe finds 1M exposed accounts

The threat of credential stuffing attacks prompted an investigation by the New York Attorney General, which found stolen passwords for customer accounts across 17 companies. Continue Reading
Feature 04 Jan 2022
Is quantum computing ready to disrupt cybersecurity?

Quantum computing isn't here yet, but now is the time for companies to start considering how it may affect their business -- both negatively and positively -- in the next decade. Continue Reading
By
- Kyle Johnson, Technology Editor
News 30 Dec 2021
Threat actors target HPE iLO hardware with rootkit attack

Integrated Lights Out, HPE's remote server management platform, has been compromised by intruders who are using it to install a hard-to-detect rootkit in the wild. Continue Reading
By
- Shaun Nichols
Feature 29 Dec 2021
Editor's picks: Top cybersecurity articles of 2021

As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
By
- Isabella Harford, TechTarget
Feature 29 Dec 2021
Everything you need to know about ProxyShell vulnerabilities

Organizations need to patch their Exchange Servers to protect against the ProxyShell exploit. Learn how to do that and more here. Continue Reading
By
- Brien Posey
Feature 28 Dec 2021
Top infosec best practices, challenges and pain points

Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management. Continue Reading
By
- Isabella Harford, TechTarget
News 23 Dec 2021
ManageEngine attacks draw warning from FBI

The FBI said a vulnerability in the ManageEngine Desktop Central IT management tool is being used by APT actors in targeted network attacks dating back to October. Continue Reading
By
- Shaun Nichols
Tip 21 Dec 2021
How to mitigate Log4Shell, the Log4j vulnerability

The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat. Continue Reading
By
- Michael Cobb
News 20 Dec 2021
Log4j 2.17.0 fixes newly discovered exploit

The Log4j 2.17.0 update is the third of its kind since Log4Shell was disclosed and the mass exploitation began. Versions 2.15.0 and 2.16.0 patched remote code execution bugs. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 Dec 2021
Critical bugs could go unpatched amid Log4j concern

Many organizations are focused on finding and patching Log4Shell, but there are other vulnerabilities, including Patch Tuesday bugs, already under active exploitation. Continue Reading
By
- Shaun Nichols
Podcast 17 Dec 2021
Risk & Repeat: Log4Shell shakes infosec industry

This Risk & Repeat podcast episode looks at the latest developments with Log4Shell and the efforts to mitigate the critical remote code executive vulnerability. Continue Reading
By
- Rob Wright, Senior News Director
Definition 16 Dec 2021
stealth virus

A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. Continue Reading
By
- Rahul Awati
Tip 16 Dec 2021
5 tips for primary storage ransomware protection

Explore the steps storage administrators can take to safeguard against ransomware. Dive deep into tips on access control, vulnerabilities and storage monitoring. Continue Reading
By
- Robert Sheldon
News 15 Dec 2021
Log4j gets a second update as security woes pile up

Administrators who were already scrambling to patch up the Log4Shell flaw are now being advised to update to Log4j version 2.16.0 following the discovery of issues in 2.15.0. Continue Reading
By
- Shaun Nichols
News 15 Dec 2021
Nation-state threat groups are exploiting Log4Shell

Multiple nation-state actors are taking advantage of the critical log4j 2 vulnerability, making mitigation even more urgent for some enterprises and government agencies. Continue Reading
By
- Arielle Waldman, News Writer
News 15 Dec 2021
'Insane' spread of Log4j exploits won't abate anytime soon

Experts say that the explosion in exploits for CVE-2021-44228 is only the early phase of what will be a long and tedious road to remediation for the critical vulnerability. Continue Reading
By
- Shaun Nichols
Definition 15 Dec 2021
spam filter

A spam filter is a program used to detect unsolicited, unwanted and virus-infected emails and prevent those messages from getting to a user's inbox. Continue Reading
By
- Andrew Zola
News 14 Dec 2021
Hive ransomware claims hundreds of victims in 6-month span

Group-IB research has revealed that Hive ransomware-as-a-service operations are back and busier than ever, with a rapidly growing victim list over a short amount of time. Continue Reading
By
- Arielle Waldman, News Writer
News 14 Dec 2021
Log4Shell: Experts warn of bug's severity, reach

Check Point Research said in a blog post 'anyone can make a Log4Shell exploit,' as it only requires a single string of malicious code. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Dec 2021
Cyberattack on Kronos payroll triggers backup plans

Some users of Kronos payroll say they have backup and contingency plans ready to deal with the ransomware attack on the HR system's firm. Continue Reading
By
- Patrick Thibodeau, Editor at Large
Tip 14 Dec 2021
4 API authentication methods to better protect data in transit

The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Definition 14 Dec 2021
Chernobyl virus

The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed. Continue Reading
By
- Katie Terrell Hanna
News 13 Dec 2021
Fixes for Log4j flaw arise as attacks soar

Exploits against the Log4j security vulnerability are already commonplace just days after its disclosure, but some vendors are already offering mitigations and detection tools. Continue Reading
By
- Shaun Nichols
News 13 Dec 2021
Critical Log4j flaw exploited a week before disclosure

The Apache Software Foundation first found out about the Log4j 2 vulnerability in late November, but Cisco and Cloudflare detected exploitation in the wild shortly after. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Dec 2021
Dark web posts shed light on Panasonic breach

A network breach at Japanese electronics giant Panasonic was possibly set up as far back as January, according to researchers who were monitoring dark web forums. Continue Reading
By
- Shaun Nichols
News 10 Dec 2021
Critical Apache Log4j 2 bug under attack; mitigate now

The Log4j 2 flaw has a base CVSS score of 10 and enables remote code execution against applications, cloud services and PC games with vulnerable configurations. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 09 Dec 2021
17 Discord malware packages found in NPM repository

These latest reports of Discord malware follow a trend of threat actors using open source software repositories to host malware, two JFrog researchers said. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 09 Dec 2021
Threat actors targeting MikroTik routers, devices

Eclypsium researchers found vulnerable MikroTik devices have become a popular target for threat actors, who are exploiting known flaws that remain unpatched. Continue Reading
By
- Arielle Waldman, News Writer