Threats and vulnerabilities

Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.

Top Stories

News 19 Dec 2024
BeyondTrust SaaS instances breached in cyberattack

BeyondTrust, a privileged access management vendor, patched two vulnerabilities this week after attackers compromised SaaS instances for a 'limited number' of customers. Continue Reading
By
- Arielle Waldman, News Writer
Feature 19 Dec 2024
10 cybersecurity predictions for 2025

AI will still be a hot topic in 2025, but don't miss out on other trends, including initial access broker growth, the rise of vCISOs, tech rationalization and more. Continue Reading
By
- Kyle Johnson, Technology Editor

Podcast 17 Dec 2021
Risk & Repeat: Log4Shell shakes infosec industry

This Risk & Repeat podcast episode looks at the latest developments with Log4Shell and the efforts to mitigate the critical remote code executive vulnerability. Continue Reading
By
- Rob Wright, Senior News Director
Tip 16 Dec 2021
Shield endpoints with IoT device security best practices

IT administrators must implement best practices, including segmenting the network, encrypting data and shutting down unused devices to ensure the security of IoT devices. Continue Reading
By
- Dan Jones
Definition 16 Dec 2021
stealth virus

A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. Continue Reading
By
- Rahul Awati
Tip 16 Dec 2021
5 tips for primary storage ransomware protection

Explore the steps storage administrators can take to safeguard against ransomware. Dive deep into tips on access control, vulnerabilities and storage monitoring. Continue Reading
By
- Robert Sheldon
News 15 Dec 2021
Log4j gets a second update as security woes pile up

Administrators who were already scrambling to patch up the Log4Shell flaw are now being advised to update to Log4j version 2.16.0 following the discovery of issues in 2.15.0. Continue Reading
By
- Shaun Nichols
News 15 Dec 2021
Nation-state threat groups are exploiting Log4Shell

Multiple nation-state actors are taking advantage of the critical log4j 2 vulnerability, making mitigation even more urgent for some enterprises and government agencies. Continue Reading
By
- Arielle Waldman, News Writer
Tip 15 Dec 2021
6 IoT security layers to shape the ultimate defense strategy

IT administrators can divide and conquer their defense strategy with IoT security layers that ensure data protection from its generation in devices to its storage in the cloud. Continue Reading
By
- Kristen Gloss
News 15 Dec 2021
'Insane' spread of Log4j exploits won't abate anytime soon

Experts say that the explosion in exploits for CVE-2021-44228 is only the early phase of what will be a long and tedious road to remediation for the critical vulnerability. Continue Reading
By
- Shaun Nichols
Definition 15 Dec 2021
spam filter

A spam filter is a program used to detect unsolicited, unwanted and virus-infected emails and prevent those messages from getting to a user's inbox. Continue Reading
By
- Andrew Zola
News 14 Dec 2021
Hive ransomware claims hundreds of victims in 6-month span

Group-IB research has revealed that Hive ransomware-as-a-service operations are back and busier than ever, with a rapidly growing victim list over a short amount of time. Continue Reading
By
- Arielle Waldman, News Writer
News 14 Dec 2021
Log4Shell: Experts warn of bug's severity, reach

Check Point Research said in a blog post 'anyone can make a Log4Shell exploit,' as it only requires a single string of malicious code. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Dec 2021
Cyberattack on Kronos payroll triggers backup plans

Some users of Kronos payroll say they have backup and contingency plans ready to deal with the ransomware attack on the HR system's firm. Continue Reading
By
- Patrick Thibodeau, Editor at Large
Tip 14 Dec 2021
4 API authentication methods to better protect data in transit

The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Definition 14 Dec 2021
Chernobyl virus

The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed. Continue Reading
By
- Katie Terrell Hanna
News 13 Dec 2021
Fixes for Log4j flaw arise as attacks soar

Exploits against the Log4j security vulnerability are already commonplace just days after its disclosure, but some vendors are already offering mitigations and detection tools. Continue Reading
By
- Shaun Nichols
News 13 Dec 2021
Critical Log4j flaw exploited a week before disclosure

The Apache Software Foundation first found out about the Log4j 2 vulnerability in late November, but Cisco and Cloudflare detected exploitation in the wild shortly after. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 13 Dec 2021
Bolster physical defenses with IoT hardware security

IT admins must take IoT hardware security just as seriously as other protective measures in their network because attackers can also easily physically access remote devices. Continue Reading
By
- Mary K. Pratt
News 10 Dec 2021
Dark web posts shed light on Panasonic breach

A network breach at Japanese electronics giant Panasonic was possibly set up as far back as January, according to researchers who were monitoring dark web forums. Continue Reading
By
- Shaun Nichols
News 10 Dec 2021
Critical Apache Log4j 2 bug under attack; mitigate now

The Log4j 2 flaw has a base CVSS score of 10 and enables remote code execution against applications, cloud services and PC games with vulnerable configurations. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 10 Dec 2021
evil twin attack

An evil twin attack is a rogue Wi-Fi access point (AP) that masquerades as a legitimate one, enabling an attacker to gain access to sensitive information without the end user's knowledge. Continue Reading
By
- Katie Terrell Hanna
News 09 Dec 2021
17 Discord malware packages found in NPM repository

These latest reports of Discord malware follow a trend of threat actors using open source software repositories to host malware, two JFrog researchers said. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 09 Dec 2021
Threat actors targeting MikroTik routers, devices

Eclypsium researchers found vulnerable MikroTik devices have become a popular target for threat actors, who are exploiting known flaws that remain unpatched. Continue Reading
By
- Arielle Waldman, News Writer
Definition 08 Dec 2021
Elk Cloner

Elk Cloner is the first personal computer virus or self-replicating program known to have spread in the wild on a large scale. Continue Reading
By
- Rahul Awati
News 07 Dec 2021
USB-over-Ethernet bugs put cloud services at risk

SentinelOne says vulnerabilities in the Eltima SDK, which connects USB devices on virtual workstations, can put enterprises at risk of privilege escalation attacks. Continue Reading
By
- Shaun Nichols
News 07 Dec 2021
BadgerDAO users' cryptocurrency stolen in cyber attack

Following last week's attack, BadgerDAO sent the threat actor a message, offering to 'compensate' the individual for finding a vulnerability in the company's systems. Continue Reading
By
- Arielle Waldman, News Writer
News 07 Dec 2021
Google takes action against blockchain-based Glupteba botnet

In a legal complaint made public Tuesday, Google said that it "has been and continues to be directly injured" by the actions of the Glupteba botnet. Continue Reading
By
- Alexander Culafi, Senior News Writer
Guest Post 07 Dec 2021
Why image-based phishing emails are difficult to detect

Image-based phishing emails are becoming increasingly popular with attackers. Learn how these hard-to-detect scams bypass email filters to infiltrate victims' systems. Continue Reading
By
- Sébastien Goutal
Definition 07 Dec 2021
Melissa virus

Melissa was a type of email virus that initially become an issue in early 1999. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 06 Dec 2021
BitMart the latest crypto exchange to suffer cyber attack

BitMart, which describes itself as the 'most trusted crypto trading platform,' confirmed it was the victim of an attack where $150 million in assets were stolen. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Dec 2021
One year later, SolarWinds hackers targeting cloud providers

The hacking crew accused of breaking into SolarWinds a year ago is back at it and is trying to get to their targets through attacks on the networks of cloud computing providers. Continue Reading
By
- Shaun Nichols
Tip 06 Dec 2021
How to get started with attack surface reduction

Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
By
- Diana Kelley, SecurityCurve
News 03 Dec 2021
Hundreds of new vulnerabilities found in SOHO routers

Researchers credited vendors for their swift response to reports of widespread security vulnerabilities but warned users to make sure firmware is updated to avoid attacks. Continue Reading
By
- Shaun Nichols
Guest Post 03 Dec 2021
IoT security needs zero trust to face new botnet trends

The growing threat of botnets that target IoT devices means that organizations must extend their perimeter access controls, including the use of zero trust. Continue Reading
By
- Jonathan Nguyen-Duy
News 01 Dec 2021
New Yanluowang ransomware mounting targeted attacks in US

Symantec threat analysts observed the new ransomware operation abusing legitimate tools such as ConnectWise's remote access product to move laterally inside networks. Continue Reading
By
- Arielle Waldman, News Writer
News 01 Dec 2021
BlackByte ransomware attacks exploiting ProxyShell flaws

Red Canary said BlackByte's campaign is using wormable ransomware against organizations vulnerable to ProxyShell flaws in Microsoft Exchange. Continue Reading
By
- Alexander Culafi, Senior News Writer
Guest Post 30 Nov 2021
Enterprise password security guidelines in a nutshell

In this concise guide to passwords, experts at Cyber Tec outline the security problems that put enterprises at risk and offer answers on how to solve them. Continue Reading
By
- Cyber Tec Security
News 30 Nov 2021
Windows Installer zero-day under active exploitation

McAfee said the Windows Installer vulnerability is being exploited in 23 countries around the world, including the United States, China, India and others. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 30 Nov 2021
walled garden

On the internet, a walled garden is an environment that controls the user's access to network-based content and services. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 29 Nov 2021
Hack 'Sabbath': Elusive new ransomware detected

A newly uncovered ransomware operation, dubbed UNC2190 or "Sabbath," has roots in a previous ransomware group but has so far been able to operate mostly undetected. Continue Reading
By
- Shaun Nichols
Tip 29 Nov 2021
Tackle IoT application security threats and vulnerabilities

By taking action to secure IoT applications and including them in a security strategy, IT admins can close off a tempting entry point to criminals. Continue Reading
By
- Julia Borgini, Spacebarpress Media
Tip 29 Nov 2021
How SBOMs for cybersecurity reduce software vulnerabilities

With SBOMs, companies will know what components constitute the software they purchase, making it easier for security teams to understand and manage vulnerabilities and risks. Continue Reading
By
- Ed Moyle, Drake Software
Feature 29 Nov 2021
Elastic Stack Security tutorial: How to create detection rules

This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 29 Nov 2021
Elastic Security app enables affordable threat hunting

New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 29 Nov 2021
ProxyShell vs. ProxyLogon: What's the difference?

ProxyShell and ProxyLogon both affect Microsoft Exchange Servers, but they work in different ways. Continue Reading
By
- Brien Posey
News 23 Nov 2021
Apple files lawsuit against spyware vendor NSO Group

Apple sued the Israeli technology vendor, whose Pegasus spyware has been implicated in several malicious attacks on journalists, activists and government officials. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Nov 2021
Researcher drops instant admin Windows zero-day bug

A newly-disclosed zero-day vulnerability in Windows could potentially allow local users to elevate their permissions to administrator status, and Microsoft has yet to post a fix. Continue Reading
By
- Shaun Nichols
Definition 23 Nov 2021
footprinting

Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them. Continue Reading
By
- Andrew Zola
News 22 Nov 2021
Cryptocurrency exchange BTC-Alpha confirms ransomware attack

While it is common for threat actors to use cryptocurrency platforms to move and obfuscate ransom payments, this time an exchange platform was the victim of such an attack. Continue Reading
By
- Arielle Waldman, News Writer
News 19 Nov 2021
Cybercriminals discuss new business model for zero-day exploits

Digital Shadows observed increased chatter on dark web forums about the possible emergence of a new business model that would rent out zero-day exploits as a service. Continue Reading
By
- Arielle Waldman, News Writer
Definition 19 Nov 2021
Nimda

First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the internet. Continue Reading
By
- Katie Terrell Hanna
News 18 Nov 2021
CISA, Microsoft warn of rise in cyber attacks from Iran

CISA and Microsoft this week issued alerts about increased threat activity Iranian nation-state hacking groups, including ransomware attacks on enterprises. Continue Reading
By
- Shaun Nichols
News 18 Nov 2021
New side channel attack resurrects DNS poisoning threat

A new side channel attack would potentially allow attackers to poison DNS servers and reroute traffic to malicious sites. Continue Reading
By
- Shaun Nichols
News 17 Nov 2021
Malwarebytes slams Apple for inconsistent patching

At the center of the Apple criticism is an exploit chain that utilized two vulnerabilities -- one of which was only patched in macOS Big Sur for several months. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 17 Nov 2021
Risk & Repeat: Are ransomware busts having an effect?

International law enforcement agencies this year have stepped up efforts to address the ransomware threat with arrests, indictments and multimillion-dollar rewards. Continue Reading
By
- Rob Wright, Senior News Director
News 15 Nov 2021
Microsoft releases out-of-band update for Windows Server

Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability. Continue Reading
By
- Shaun Nichols
News 15 Nov 2021
ProxyShell leads to domain-wide ransomware attack

The domain-wide ransomware attack utilized "almost no malware," and the threat actor accomplished the attack with the months-old ProxyShell vulnerabilities. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 15 Nov 2021
virus hoax

A virus hoax is a false warning about a computer virus. Continue Reading
By
- Katie Terrell Hanna
Feature 11 Nov 2021
Tools to conduct security chaos engineering tests

Security teams are becoming curious about how chaos engineering can benefit them. Read about the security chaos engineering tools available for early adopters. Continue Reading
By
- Kyle Johnson, Technology Editor
News 11 Nov 2021
Trend Micro reveals 'Void Balaur' cybermercenary group

New Trend Micro research revealed a cybermercenary group that has been actively targeting high-profile organizations and individuals across the globe since 2015. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Nov 2021
Citrix DDOS bug leaves networks vulnerable

Citrix patched a critical bug in its Application Delivery Controller and Gateway software that left networks open to DDOS attacks. It also fixed a less-severe SD-WAN WANOP bug. Continue Reading
By
- Madelaine Millar, TechTarget
News 11 Nov 2021
'King of Fraud' sentenced for Methbot botnet operation

Aleksandr Zhukov was sentenced to 10 years in prison for the theft of $7 million in a massive digital advertising fraud operation using his 'Methbot' botnet. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Nov 2021
US targets REvil, DarkSide ransomware with $10M rewards

Infosec experts weigh in on the U.S. government's latest tactic to thwart ransomware operations -- the offering of rewards of up to $10 million for information on operators. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Nov 2021
Medical devices at risk from Siemens Nucleus vulnerabilities

Thirteen bugs, including a critical security flaw, have been patched in the Siemens Nucleus TCP/IP stack, a vital component for millions of connected medical devices. Continue Reading
By
- Shaun Nichols
News 08 Nov 2021
REvil ransomware affiliates arrested in international takedown

Europol said the two suspected REvil affiliates were allegedly responsible for 5,000 ransomware infections and received approximately half a million euros in ransom payments. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 Nov 2021
BlackMatter claims to shut down ransomware operations

Operators behind the ransomware, known to target critical infrastructure, attributed the shutdown to pressure from authorities and the disappearance of team members. Continue Reading
By
- Arielle Waldman, News Writer
Definition 29 Oct 2021
shoulder surfing

Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Continue Reading
By
- Katie Terrell Hanna
Definition 29 Oct 2021
adware

Adware is any software application in which an advertising banner or other advertising material displays or downloads while a program is running. Continue Reading
By
- Ben Lutkevich, Site Editor
- Taina Teravainen
News 28 Oct 2021
Avast releases decryptors for multiple ransomware strains

Victims of three separate ransomware families can now recover data using tools developed by the antivirus vendor with help from a malware analyst and an alleged Babuk developer. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Oct 2021
Emsisoft cracked BlackMatter ransomware, recovered victims' data

Emsisoft developed a decryptor for BlackMatter and also found vulnerabilities in about a dozen other ransomware families that can be used to recover victims' data. Continue Reading
By
- Arielle Waldman, News Writer
News 19 Oct 2021
Federal agencies issue warning on BlackMatter ransomware

U.S. government agencies say a new family of malware could create problems for critical infrastructure by shutting down critical networks and disrupting commerce. Continue Reading
By
- Shaun Nichols
News 13 Oct 2021
How hackers exploited RCE vulnerabilities in Atlassian, Azure

Barracuda researchers examined exploitation activity and attack patterns for two remote code execution vulnerabilities affecting Atlassian's Confluence and Microsoft's Azure. Continue Reading
By
- Shaun Nichols
News 12 Oct 2021
Apple patches iOS vulnerability actively exploited in the wild

Apple said in a security advisory that it had received a report that the iOS flaw, which impacts kernel extension IOMobileFrameBuffer, 'may have been actively exploited.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 11 Oct 2021
Iranian password spraying campaign hits Office 365 accounts

The Iran-backed DEV-0343 threat group has launched a password spraying offensive against Office 365 accounts in the defense, maritime and oil industries. Continue Reading
By
- Shaun Nichols
Definition 07 Oct 2021
decompression bomb (zip bomb, zip of death attack)

A decompression bomb -- also known as a zip bomb or zip of death attack -- is a malicious archive file containing a large amount of compressed data. Continue Reading
By
- Linda Rosencrance
News 06 Oct 2021
Apache HTTP Server vulnerability under active attack

Security experts are urging administrators to update their installations of Apache HTTP Server following the disclosure of a zero-day vulnerability that had been under attack. Continue Reading
By
- Shaun Nichols
News 06 Oct 2021
Iranian hackers abusing Dropbox in cyberespionage campaign

A group of hackers believed to be based in Iran is targeting organizations in the U.S. and elsewhere with a campaign that uses cloud storage service Dropbox. Continue Reading
By
- Shaun Nichols
News 04 Oct 2021
2 suspected ransomware operators arrested in Ukraine

A coordinated international law enforcement operation led to the arrest of two alleged ransomware operators, though the ransomware gang has not been identified. Continue Reading
By
- Arielle Waldman, News Writer
Definition 01 Oct 2021
rootkit

A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Linda Rosencrance
News 28 Sep 2021
SolarWinds hackers Nobelium spotted using a new backdoor

Microsoft researchers believe Nobelium, the Russian-backed group that breached SolarWinds, has been using a backdoor tool called FoggyWeb since at least April. Continue Reading
By
- Shaun Nichols
Definition 27 Sep 2021
brute-force attack

A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems. Continue Reading
By
- Katie Terrell Hanna
News 24 Sep 2021
Spurned researcher posts trio of iOS zero days

An anonymous bug hunter critical of Apple's handling of reports to its bounty program has released details on three zero-day vulnerabilities in its iOS mobile platform. Continue Reading
By
- Shaun Nichols
News 22 Sep 2021
Turla deploying 'secondary' backdoor in state-sponsored attacks

Cisco Talos said hackers connected to the Russian APT Turla are using a new piece of malware to get persistent access on infected networks in the U.S., Germany and Afghanistan. Continue Reading
By
- Shaun Nichols
News 22 Sep 2021
Marcus & Millichap hit with possible BlackMatter ransomware

The real estate firm confirmed in a SEC filing this week that it had suffered a recent cyber attack but claimed there was no 'material disruption' to its business. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 21 Sep 2021
Treasury Department sanctions cryptocurrency exchange Suex

In the ongoing battle against ransomware attacks, the Treasury Department sanctioned Suex, a cryptocurrency exchange accused of laundering ransom payments. Continue Reading
By
- Arielle Waldman, News Writer
Definition 21 Sep 2021
email virus

An email virus consists of malicious code distributed in email messages to infect one or more devices. Continue Reading
By
- Rahul Awati
- Linda Rosencrance
News 20 Sep 2021
Italian Mafia implicated in massive cybercrime network

A recent spate of phishing attacks and SMS fraud scams in Spain is being blamed on cybercriminals who were operating from the Canary Islands with backing from the Italian mob. Continue Reading
By
- Shaun Nichols
News 16 Sep 2021
Bitdefender releases REvil universal ransomware decryptor

The REvil decryptor key helps victims recover their encrypted files, as long as the attacks were made before July 13, which is when REvil went off the grid for two months. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 16 Sep 2021
ExpressVPN stands behind CIO named in UAE hacking scandal

ExpressVPN said it will not cut ties with CIO Daniel Gericke, who was implicated by the DOJ in state-sponsored hacking on behalf of the United Arab Emirates government. Continue Reading
By
- Shaun Nichols
Definition 16 Sep 2021
browser hijacker (browser hijacking)

A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
News 15 Sep 2021
McAfee discovers Chinese APT campaign 'Operation Harvest'

McAfee Enterprise found the threat actors had not only breached a company's network, but had spent 'multiple years' siphoning data from the victim before getting caught. Continue Reading
By
- Shaun Nichols
News 14 Sep 2021
Apple patches zero-day, zero-click NSO Group exploit

The Citizen Lab said that it found the Apple zero-day vulnerability when it was 'analyzing the phone of a Saudi activist infected with NSO Group's Pegasus spyware.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Sep 2021
Hackers port Cobalt Strike attack tool to Linux

An unknown group of cybercriminals has created a version of the Windows-only Cobalt Strike Beacon tool that works against Linux machines, which has been used in recent attacks. Continue Reading
By
- Shaun Nichols
Feature 10 Sep 2021
17 ransomware removal tools to protect enterprise networks

Check out this list of ransomware removal platforms to detect possible security threats, block attacks, and erase any malware lingering on devices and enterprise networks. Continue Reading
By
- Paul Kirvan
Definition 09 Sep 2021
macro virus

A macro virus is a computer virus written in the same macro language used to create software programs such as Microsoft Excel or Word. Continue Reading
By
- Rahul Awati
- Linda Rosencrance
News 02 Sep 2021
Autodesk targeted in SolarWinds hack

Autodesk said in its 10-Q filing released Wednesday that it believes 'no customer operations or Autodesk products were disrupted' in the SolarWinds supply chain attack. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 30 Aug 2021
Malware analysis for beginners: Getting started

With the cybersecurity industry struggling to fill open positions, now is the time to start in the field. Infosec expert Dylan Barker shares what you should know to be a malware analyst. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 30 Aug 2021
Top static malware analysis techniques for beginners

Malware will eventually get onto an endpoint, server or network. Using static analysis can help find known malware variants before they cause damage. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Definition 30 Aug 2021
logic bomb

A logic bomb is a string of malicious code that is inserted intentionally into a program to harm a network when certain conditions are met. Continue Reading
By
- Rahul Awati
- Laura Fitzgibbons
News 26 Aug 2021
Private sectors pledge big for cyberdefense

Tech giants have invested billions to address cybersecurity threats such as supply chain security and attacks on critical infrastructures. Continue Reading
By
- Arielle Waldman, News Writer
News 24 Aug 2021
4 emerging ransomware groups take center stage

Four ransomware operations -- AvosLocker, Hive, HelloKitty and LockBit 2.0 -- have popped up on the radar of researchers with Palo Alto Network's Unit 42 team. Continue Reading
By
- Shaun Nichols