Threats and vulnerabilities

Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.

Top Stories

News 04 Feb 2025
AMD, Google disclose Zen processor microcode vulnerability

AMD said CVE-2024-56161, which first leaked last month, requires an attacker to have local administrator privileges as well as developed and executed malicious microcode. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 04 Feb 2025
WatchTowr warns abandoned S3 buckets pose supply chain risk

WatchTowr researchers found that they could reregister abandoned Amazon S3 buckets and detail alarming ways that threat actors could exploit the attack surface. Continue Reading
By
- Arielle Waldman, News Writer

Definition 07 Oct 2021
decompression bomb (zip bomb, zip of death attack)

A decompression bomb -- also known as a zip bomb or zip of death attack -- is a malicious archive file containing a large amount of compressed data. Continue Reading
By
- Linda Rosencrance
News 06 Oct 2021
Apache HTTP Server vulnerability under active attack

Security experts are urging administrators to update their installations of Apache HTTP Server following the disclosure of a zero-day vulnerability that had been under attack. Continue Reading
By
- Shaun Nichols
News 06 Oct 2021
Iranian hackers abusing Dropbox in cyberespionage campaign

A group of hackers believed to be based in Iran is targeting organizations in the U.S. and elsewhere with a campaign that uses cloud storage service Dropbox. Continue Reading
By
- Shaun Nichols
News 04 Oct 2021
2 suspected ransomware operators arrested in Ukraine

A coordinated international law enforcement operation led to the arrest of two alleged ransomware operators, though the ransomware gang has not been identified. Continue Reading
By
- Arielle Waldman, News Writer
Definition 01 Oct 2021
rootkit

A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Linda Rosencrance
News 28 Sep 2021
SolarWinds hackers Nobelium spotted using a new backdoor

Microsoft researchers believe Nobelium, the Russian-backed group that breached SolarWinds, has been using a backdoor tool called FoggyWeb since at least April. Continue Reading
By
- Shaun Nichols
Definition 27 Sep 2021
brute-force attack

A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems. Continue Reading
By
- Katie Terrell Hanna
News 24 Sep 2021
Spurned researcher posts trio of iOS zero days

An anonymous bug hunter critical of Apple's handling of reports to its bounty program has released details on three zero-day vulnerabilities in its iOS mobile platform. Continue Reading
By
- Shaun Nichols
News 22 Sep 2021
Turla deploying 'secondary' backdoor in state-sponsored attacks

Cisco Talos said hackers connected to the Russian APT Turla are using a new piece of malware to get persistent access on infected networks in the U.S., Germany and Afghanistan. Continue Reading
By
- Shaun Nichols
News 22 Sep 2021
Marcus & Millichap hit with possible BlackMatter ransomware

The real estate firm confirmed in a SEC filing this week that it had suffered a recent cyber attack but claimed there was no 'material disruption' to its business. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 21 Sep 2021
Treasury Department sanctions cryptocurrency exchange Suex

In the ongoing battle against ransomware attacks, the Treasury Department sanctioned Suex, a cryptocurrency exchange accused of laundering ransom payments. Continue Reading
By
- Arielle Waldman, News Writer
Definition 21 Sep 2021
email virus

An email virus consists of malicious code distributed in email messages to infect one or more devices. Continue Reading
By
- Rahul Awati
- Linda Rosencrance
News 20 Sep 2021
Italian Mafia implicated in massive cybercrime network

A recent spate of phishing attacks and SMS fraud scams in Spain is being blamed on cybercriminals who were operating from the Canary Islands with backing from the Italian mob. Continue Reading
By
- Shaun Nichols
News 16 Sep 2021
Bitdefender releases REvil universal ransomware decryptor

The REvil decryptor key helps victims recover their encrypted files, as long as the attacks were made before July 13, which is when REvil went off the grid for two months. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 16 Sep 2021
ExpressVPN stands behind CIO named in UAE hacking scandal

ExpressVPN said it will not cut ties with CIO Daniel Gericke, who was implicated by the DOJ in state-sponsored hacking on behalf of the United Arab Emirates government. Continue Reading
By
- Shaun Nichols
Definition 16 Sep 2021
browser hijacker (browser hijacking)

A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
News 15 Sep 2021
McAfee discovers Chinese APT campaign 'Operation Harvest'

McAfee Enterprise found the threat actors had not only breached a company's network, but had spent 'multiple years' siphoning data from the victim before getting caught. Continue Reading
By
- Shaun Nichols
News 14 Sep 2021
Apple patches zero-day, zero-click NSO Group exploit

The Citizen Lab said that it found the Apple zero-day vulnerability when it was 'analyzing the phone of a Saudi activist infected with NSO Group's Pegasus spyware.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Sep 2021
Hackers port Cobalt Strike attack tool to Linux

An unknown group of cybercriminals has created a version of the Windows-only Cobalt Strike Beacon tool that works against Linux machines, which has been used in recent attacks. Continue Reading
By
- Shaun Nichols
Feature 10 Sep 2021
17 ransomware removal tools to protect enterprise networks

Check out this list of ransomware removal platforms to detect possible security threats, block attacks, and erase any malware lingering on devices and enterprise networks. Continue Reading
By
- Paul Kirvan
Definition 09 Sep 2021
macro virus

A macro virus is a computer virus written in the same macro language used to create software programs such as Microsoft Excel or Word. Continue Reading
By
- Rahul Awati
- Linda Rosencrance
News 02 Sep 2021
Autodesk targeted in SolarWinds hack

Autodesk said in its 10-Q filing released Wednesday that it believes 'no customer operations or Autodesk products were disrupted' in the SolarWinds supply chain attack. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 30 Aug 2021
Malware analysis for beginners: Getting started

With the cybersecurity industry struggling to fill open positions, now is the time to start in the field. Infosec expert Dylan Barker shares what you should know to be a malware analyst. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 30 Aug 2021
Top static malware analysis techniques for beginners

Malware will eventually get onto an endpoint, server or network. Using static analysis can help find known malware variants before they cause damage. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Definition 30 Aug 2021
logic bomb

A logic bomb is a string of malicious code that is inserted intentionally into a program to harm a network when certain conditions are met. Continue Reading
By
- Rahul Awati
- Laura Fitzgibbons
News 26 Aug 2021
Private sectors pledge big for cyberdefense

Tech giants have invested billions to address cybersecurity threats such as supply chain security and attacks on critical infrastructures. Continue Reading
By
- Arielle Waldman, News Writer
News 24 Aug 2021
4 emerging ransomware groups take center stage

Four ransomware operations -- AvosLocker, Hive, HelloKitty and LockBit 2.0 -- have popped up on the radar of researchers with Palo Alto Network's Unit 42 team. Continue Reading
By
- Shaun Nichols
Definition 23 Aug 2021
spear phishing

Spear phishing is a malicious email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Crystal Bedell
Definition 23 Aug 2021
ILOVEYOU virus

The ILOVEYOU virus comes in an email with 'ILOVEYOU' in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient's Microsoft Outlook address book. Continue Reading
By
- Rahul Awati
News 11 Aug 2021
Hackers selling access to breached networks for $10,000

Network access is a closely-guarded commodity in underground hacker forums, with some sellers not even revealing the names of their victims until money has changed hands. Continue Reading
By
- Shaun Nichols
Definition 05 Aug 2021
cyberstalking

Cyberstalking is a crime in which someone harasses or stalks a victim using electronic or digital means, such as social media, email, instant messaging (IM) or messages posted to a discussion group or forum. Continue Reading
By
- Rahul Awati
News 04 Aug 2021
Matt Tait warns of 'stolen' zero-day vulnerabilities

During Black Hat 2021, the COO of Corellium discussed three main threats that have ramped up: stolen zero days, zero days being exploited in the wild and supply chain attacks. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Aug 2021
Supply chain attacks, IoT threats on tap for Black Hat 2021

Industry analysts say that evolving threats, real-world impacts and supply chain attacks will be among their hot topics at this year's Black Hat 2021 conference. Continue Reading
By
- Shaun Nichols
News 02 Aug 2021
Hospitals at risk from security flaws in pneumatic tube systems

Researchers at IoT security vendor Armis said the nine critical vulnerabilities affect the pneumatic tube systems used by many hospitals in North America. Continue Reading
By
- Shaun Nichols
News 29 Jul 2021
Kaspersky tracks Windows zero days to 'Moses' exploit author

In its second-quarter threat report, Kaspersky Lab found a rise in the use of exploits and zero-day vulnerabilities, several of which were traced to a single threat actor. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Jul 2021
New 'BlackMatter' ransomware gang has echoes of REvil

Although connections are being made between ransomware groups REvil and BlackMatter, the jury is still out on whether they have threat actors in common. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 26 Jul 2021
Coveware: Median ransomware payment down 40% in Q2 2021

Coveware CEO Bill Siegel said that the efficacy of using data leak threats to obtain ransomware payments has gone down because 'you don't get anything in return when you pay.' Continue Reading
By
- Alexander Culafi, Senior News Writer
Guest Post 19 Jul 2021
Balancing the benefits with the risks of emerging technology

Emerging technologies enable companies to maintain a competitive edge through their various benefits but can come with high risks. A balancing act is required. Continue Reading
By
- Jacob Young
News 19 Jul 2021
US charges members of APT40, Chinese state-sponsored group

The Department of Justice accused four Chinese nationals of hacking into a variety of businesses between 2011 and 2018 to steal trade secrets and other valuable data. Continue Reading
By
- Arielle Waldman, News Writer
News 19 Jul 2021
US government formally names China in Exchange Server hack

Beyond the Exchange Server hack, the White House's statement condemned China for its malicious cyber behavior and accused the country of government-affiliated ransomware attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jul 2021
SonicWall warns of 'imminent' SMA 100/SRA ransomware attacks

SonicWall said that those who fail to update or disconnect their vulnerable SMA 100 and SRA devices are 'at imminent risk of a targeted ransomware attack.' Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 14 Jul 2021
Risk & Repeat: Breaking down the Kaseya ransomware attacks

Nearly two weeks after REvil ransomware hit hundreds of companies, Kaseya and its managed service providers are still assessing the damage from the supply chain attack. Continue Reading
By
- Rob Wright, Senior News Director
News 14 Jul 2021
Microsoft: Chinese threat actor exploited SolarWinds zero-day

Microsoft has observed DEV-0322, the threat actor exploiting the SolarWinds Serv-U zero-day, 'targeting entities in the U.S. Defense Industrial Base Sector and software companies.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Jul 2021
Microsoft posts emergency 'PrintNightmare' patch

The out-of-band patch release addresses a critical flaw that allowed threat actors to gain remote code execution on vulnerable Windows and Windows Server systems. Continue Reading
By
- Shaun Nichols
News 06 Jul 2021
Kaseya ransomware attacks: What we know so far

REvil ransomware threat actors exploited a zero-day vulnerability to issue ransomware payloads disguised as legitimate software updates from Kaseya. Continue Reading
By
- Shaun Nichols
News 06 Jul 2021
Kaseya: 1,500 organizations affected by REvil attacks

Approximately 50 managed service providers and up to 1,500 of their customers were compromised via a devastating supply chain attack on Kaseya by REvil ransomware actors. Continue Reading
By
- Rob Wright, Senior News Director
News 02 Jul 2021
Russia using Kubernetes cluster for brute-force attacks

The NSA warned that Russian state-sponsored hackers launched a new container-based campaign aimed at breaching networks and stealing essential data from multiple industries. Continue Reading
By
- Shaun Nichols
Definition 02 Jul 2021
domain generation algorithm (DGA)

A domain generation algorithm (DGA) is a program that generates a large list of domain names. DGA provides malware with new domains in order to evade security countermeasures. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Sharon Shea, Executive Editor
News 30 Jun 2021
European police lay siege to hacker haven DoubleVPN

An international law enforcement operation shut down DoubleVPN, a Dutch-hosted service that had provided low-cost, underground anonymizing services to cybercriminals. Continue Reading
By
- Shaun Nichols
News 29 Jun 2021
End users in the dark about latest cyberthreats, attacks

A study from IoT security vendor Armis shows many outside the IT community are unaware of growing threats, leaving a major gap in knowledge of basic security practices. Continue Reading
By
- Shaun Nichols
News 28 Jun 2021
SolarWinds hackers compromised Microsoft support agent

After placing information-stealing malware on a customer support agent's system, the Nobelium threat actors gained access to three Microsoft clients. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Jun 2021
DarkSide ransomware funded by cybercriminal 'investors'

New ransomware gangs, such as DarkSide, are receiving cryptocurrency investments from their peers and are poised to make life difficult for enterprises and law enforcement alike. Continue Reading
By
- Shaun Nichols
News 24 Jun 2021
Namecheap refines strategy to fight malicious domains

Security researchers this month noted drastic improvements in the domain registrar's effort to respond to and mitigate reports of malicious and fraudulent sites. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 23 Jun 2021
Risk & Repeat: US opens door for hacking back

This episode of the Risk & Repeat podcast discusses the growing pressure on the U.S. to respond to cyber attacks and if hacking back will be part of the plan. Continue Reading
By
- Rob Wright, Senior News Director
News 22 Jun 2021
COVID, gift cards and phony acquisitions top BEC attack trends

New research from Cisco Talos shows cybercriminals are still using the COVID-19 pandemic for BEC attacks to steal millions, but in slightly different ways. Continue Reading
By
- Shaun Nichols
News 16 Jun 2021
Repeat ransomware attacks hit 80% of victims who paid ransoms

New research from Cybereason offers troubling findings for organizations that pay ransoms, from repeat attacks to corrupted data and faulty decryption tools. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Jun 2021
Slilpp marketplace goes dark following government takedown

Slilpp, a massive dark web emporium for buying and selling stolen credentials, has been pulled offline by an international law enforcement takedown. Continue Reading
By
- Shaun Nichols
News 11 Jun 2021
Cisco Talos: Exchange Server flaws accounted for 35% of attacks

More than one third of incidents recorded by Cisco Talos in the past three months were related to four Microsoft Exchange Server zero-days first revealed in March. Continue Reading
By
- Shaun Nichols
News 03 Jun 2021
White House issues ransomware directive for businesses

The Biden administration aims to stem parade of ransomware infections, data thefts and massive payouts to cybercriminal groups with a list of security best practices. Continue Reading
By
- Shaun Nichols
Definition 03 Jun 2021
social engineering

Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices to gain unauthorized access to systems, networks or physical locations or for financial gain. Continue Reading
By
- Linda Rosencrance
- Madelyn Bacon, TechTarget
Feature 28 May 2021
Network reconnaissance techniques for beginners

In this excerpt of 'How Cybersecurity Really Works,' author Sam Grubb breaks down common network reconnaissance techniques used by adversaries to attack wired networks. Continue Reading
By
- Katie Donegan, Social Media Manager
- No Starch Press
Guest Post 27 May 2021
3 steps to zero-day threat protection

Don't let a zero-day threat bring down your networks. Follow these three steps to prepare for the unknown and minimize potential damage. Continue Reading
By
- Rohit Dhamankar
News 26 May 2021
Rowhammer reach extended for new attack method

Google researchers discovered a bit-flipping hardware trick can now be carried out across extra rows of transistors, circumventing protections against the attack technique. Continue Reading
By
- Shaun Nichols
News 25 May 2021
Operational technology is the new low-hanging fruit for hackers

FireEye researchers say exposed and poorly guarded industrial systems are being increasingly compromised by low-skill hackers using entry-level exploit techniques. Continue Reading
By
- Shaun Nichols
News 20 May 2021
U.S. officials discuss 2020 election security, misinformation

During an RSA Conference 2021 panel, the CISO for Maricopa County, Ariz., said misinformation posed a bigger challenge for election officials than actual cyberattacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 May 2021
Infosec experts: Threat landscape is worst in 60 years

Between an increasing sophistication seen in nation-state groups and a rise in ransomware that's affecting everyone, the threat landscape may be reaching a historic peak. Continue Reading
By
- Arielle Waldman, News Writer
News 19 May 2021
SentinelOne: More supply chain attacks are coming

At RSA Conference 2021, SentinelOne threat researcher Marco Figueroa discussed the implications of the SolarWinds attacks, which he called one of the biggest hacks ever. Continue Reading
By
- Arielle Waldman, News Writer
News 19 May 2021
SolarWinds CEO: Supply chain attack began in January 2019

SolarWinds CEO Sudhakar Ramakrishna clarified earlier remarks from the company and said the massive supply chain attack was not the result of an intern's mistake. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 17 May 2021
Hackers turn Comcast voice remotes into eavesdropping tool

Guardicore researchers at RSA Conference 2021 manipulated the Xfinity XR11 voice controller to covertly record household conversations, raising concerns about IoT devices. Continue Reading
By
- Shaun Nichols
News 12 May 2021
Hacker makes short work of Apple AirTag jailbreak

A security researcher discovered a jailbreaking method for Apple's new mobile locating tracking devices, which were introduced just last month. Continue Reading
By
- Shaun Nichols
News 12 May 2021
Senate hearing raises questions about SolarWinds backdoors

U.S. Department of Commerce CISO Ryan Higgins said in a Senate committee hearing Tuesday that his department was one of first agencies to detect the systemic compromise. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 May 2021
DarkSide: The ransomware gang that took down a pipeline

DarkSide may be best known for the Colonial Pipeline ransomware attack, but the gang has hit dozens of organizations since last summer, presenting itself as a Robin Hood-type group. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 12 May 2021
hacker

A hacker is an individual who uses computer, networking or other skills to overcome a technical problem. Continue Reading
By
- Wesley Chai
- Linda Rosencrance
News 10 May 2021
Colonial Pipeline runs dry following ransomware attack

A vital U.S. oil supply was shut down to prevent a ransomware infection from spreading from corporate IT systems to more crucial operational technology systems. Continue Reading
By
- Shaun Nichols
News 06 May 2021
US defense contractor BlueForce apparently hit by ransomware

The Conti ransomware operators demanded nearly $1 million in bitcoin during ransomware negotiations and threatened to publish the defense contractor's data on its leak site. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 06 May 2021
Dell patches high-severity flaws in firmware update driver

SentinelOne discovered the flaws in Dell's firmware update driver in December. There's no evidence that hackers have exploited the 12-year-old vulnerabilities. Continue Reading
By
- Antone Gonsalves, Editor at Large
News 05 May 2021
Twilio discloses breach caused by Codecov supply chain hack

Twilio utilizes Codecov tools including the previously compromised Bash Uploader script. It said that a "small number" of customer emails were potentially exposed. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 05 May 2021
Researchers use PyInstaller to create stealth malware

Academic researchers say the application builder could be used to create undetectable attack bundles that bypass many widely used antimalware programs. Continue Reading
By
- Shaun Nichols
News 04 May 2021
Qualys finds 21 vulnerabilities in Exim mail software

Qualys, which discovered the '21Nails' vulnerabilities, said that it did not see evidence of exploitation, but many vulnerabilities are 17 years old and at risk of being exploited. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 May 2021
Apple hurries out fixes for WebKit zero-days

Mac and iOS users are urged to patch their devices immediately for Apple WebKit flaws following reports of active exploits in the wild. Continue Reading
By
- Shaun Nichols
Definition 30 Apr 2021
pass the hash attack

A pass the hash attack is an exploit in which an attacker steals a hashed user credential and -- without cracking it -- reuses it to trick an authentication system into creating a new authenticated session on the same network. Continue Reading
By
- TechTarget Contributor
- Madelyn Bacon, TechTarget
Feature 29 Apr 2021
SolarWinds puts national cybersecurity strategy on display

Biden imposed economic sanctions on Russia for its role in the SolarWinds cyber attack. Experts see the response as just one part of a larger national cybersecurity strategy. Continue Reading
By
- Makenzie Holland, Senior News Writer
Definition 28 Apr 2021
watering hole attack

A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. Continue Reading
By
- Gavin Wright
- Madelyn Bacon, TechTarget
News 26 Apr 2021
Remaining Emotet infections uninstalled by German police

A German federal police action led to all infections of Emotet malware being uninstalled Sunday, following an international police takeover of Emotet infrastructure in January. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 23 Apr 2021
computer cracker

A computer cracker is an outdated term used to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or in other ways intentionally breached computer security. Continue Reading
By
- Sharon Shea, Executive Editor
- Ben Lutkevich, Site Editor
Definition 23 Apr 2021
pharming

Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent. Continue Reading
By
- TechTarget Contributor
News 22 Apr 2021
DOJ creates ransomware task force to combat digital extortion

An internal memo from the DOJ said the task force will 'bring the full authorities and resources of the Department' in order to confront the growing threat of ransomware. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 Apr 2021
The wide web of nation-state hackers attacking the U.S.

Cybersecurity experts weigh in on what it means to be a nation-state hacker, as well as the activities and motivations of the 'big four' countries attacking the U.S. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 15 Apr 2021
Nation-state hacker indictments: Do they help or hinder?

While there are some benefits to filing criminal charges against nation-state actors, infosec experts say thus far, indictments haven't reduced cyber attacks. Continue Reading
By
- Arielle Waldman, News Writer
Definition 13 Apr 2021
attack vector

An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome. Continue Reading
By
- Mary E. Shacklett, Transworld Data
Tip 09 Apr 2021
12 Microsoft Exchange Server security best practices

Exchange security has come under increased scrutiny since the recent exploitation of critical vulnerabilities. Review this list of activities to best protect your enterprise. Continue Reading
By
- Paul Kirvan
News 07 Apr 2021
Cisco: Threat actors abusing Slack, Discord to hide malware

The threat intelligence vendor released a new report on how threat actors are increasingly abusing popular collaboration applications like Slack and Discord during the pandemic. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 06 Apr 2021
Risk & Repeat: Recapping the Exchange Server attacks

This week's Risk & Repeat episode looks back at the Microsoft Exchange Server attacks, plus the questions and mysteries surrounding the ongoing threat. Continue Reading
By
- Rob Wright, Senior News Director
Definition 06 Apr 2021
side-channel attack

A side-channel attack is a security exploit that aims to gather information from or influence the program execution of a system by measuring or exploiting indirect effects of the system or its hardware -- rather than targeting the program or its code directly. Continue Reading
By
- Gavin Wright
- Alexander S. Gillis, Technical Writer and Editor
Definition 06 Apr 2021
dumpster diving

Dumpster diving is looking for treasure in someone else's trash. Continue Reading
By
- Gavin Wright
News 05 Apr 2021
CISA: APTs exploiting Fortinet FortiOS vulnerabilities

Three Fortinet FortiOS vulnerabilities that have been fully patched since last summer are being exploited by advanced persistent threat actors, according to the FBI and CISA. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 05 Apr 2021
cyber hijacking

Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications. Continue Reading
By
- TechTarget Contributor
Definition 31 Mar 2021
antimalware (anti-malware)

Antimalware is a type of software program created to protect IT systems and individual computers from malicious software, or malware. Continue Reading
By
- Linda Rosencrance
News 30 Mar 2021
Mysterious Hades ransomware striking 'big game' enterprises

CrowdStrike reported Hades is tied to Evil Corp, but Awake Labs discovered a possible connection to Hafnium, a Chinese nation-state group behind initial Exchange Server attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 30 Mar 2021
botnet

A botnet is a collection of internet-connected devices, which may include personal computers (PCs), servers, mobile devices and internet of things (IoT) devices, that are infected and controlled by a common type of malware, often unbeknownst to their owner. Continue Reading
By
- Katie Terrell Hanna
- Ben Lutkevich, Site Editor
- Rob Wright, Senior News Director