Threats and vulnerabilities

Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.

Top Stories

News 15 Nov 2024
Palo Alto Networks PAN-OS management interfaces under attack

Palo Alto Networks confirmed that threat actors are exploiting a vulnerability in PAN-OS firewall management interfaces after warning customers to secure them for nearly a week. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Nov 2024
Infoblox: 800,000 domains vulnerable to hijacking attack

While the 'Sitting Ducks' attack vector continues to pose a problem, Infoblox says domain registrars, DNS providers and government bodies remain inactive. Continue Reading
By
- Arielle Waldman, News Writer

News 15 Sep 2022
Transparency, disclosure key to fighting ransomware

Current and former CISA members say the best methods for curbing ransomware attacks are organizations reporting attacks and assisting in investigations. Continue Reading
By
- Tim McCarthy, News Writer
News 14 Sep 2022
U.S. drops the hammer on Iranian ransomware outfit

The departments of Justice and the Treasury announced criminal charges and sanctions against a group of Iranian nationals accused of running an international ransomware operation. Continue Reading
By
- Shaun Nichols
News 13 Sep 2022
Secureworks reveals Azure Active Directory flaws

Secureworks published details of what it claims are significant security flaws in Azure's authentication system, but Microsoft has dismissed them as non-issues. Continue Reading
By
- Shaun Nichols
Definition 13 Sep 2022
computer worm

A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems. Continue Reading
By
- Crystal Bedell
- Peter Loshin, Former Senior Technology Editor
- Katie Terrell Hanna
News 13 Sep 2022
CrowdStrike threat report: Intrusions up, breakout time down

According to a new report by CrowdStrike's threat hunting team, Falcon OverWatch, attempted intrusions against the healthcare sector doubled year over year. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 13 Sep 2022
air gap (air gapping)

An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 08 Sep 2022
Cisco Talos traps new Lazarus Group RAT

The North Korean-backed Lazarus Group has deployed a new type of remote access Trojan that has already been turned against foreign government networks and private energy companies. Continue Reading
By
- Shaun Nichols
News 07 Sep 2022
Google: Former Conti ransomware members attacking Ukraine

Google said former members of the Conti ransomware gang are operating as part of threat group UAC-0098, which is conducting attacks of both political and financial nature. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 06 Sep 2022
Healthcare and education remain common ransomware targets

August disclosures showed ransomware attacks against education and healthcare entities resulted in slow recovery times and the potential loss of highly sensitive information. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 01 Sep 2022
How to start developing a plan for SASE implementation

From prioritizing business problems to identifying future initiatives to assessing critical tool gaps, learn how to create a realistic SASE implementation roadmap. Continue Reading
By
- John Grady, Principal Analyst
News 01 Sep 2022
Microsoft discloses 'high-severity' TikTok vulnerability

The flaw in TikTok's Android app is the latest security concern for the social media company, which was criticized last month for having keylogging functionality in its iOS app. Continue Reading
By
- Arielle Waldman, News Writer
Tip 01 Sep 2022
Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 30 Aug 2022
Microsoft Excel attacks fall out of fashion with hackers

Hornetsecurity researchers say newly introduced safety measures from Microsoft have driven cybercriminals away from using Excel as a malware infection tool. Continue Reading
By
- Shaun Nichols
News 30 Aug 2022
FBI warns attacks on DeFi platforms are increasing

As cryptocurrency interest soars, cybercriminals are cashing in on the immaturity of some DeFi platforms and stealing hundreds of millions of dollars from investors. Continue Reading
By
- Arielle Waldman, News Writer
Tutorial 30 Aug 2022
Learn to monitor group memberships with PowerShell

Use PowerShell automation to build reports in local group memberships on a server and security groups in Active Directory to keep tabs on any irregular behavior. Continue Reading
By
- Anthony Howell
News 25 Aug 2022
Ransomware defies seasonal trends with increase

The return and rebranding of major crews saw the volume of ransomware attacks in July jump 47%, defying seasonal trends, according to researchers at NCC Group. Continue Reading
By
- Shaun Nichols
Tip 24 Aug 2022
How to conduct a secure code review

Learn how to conduct a secure code review -- a critical step in the software development lifecycle -- to avoid releasing an app with bugs and security vulnerabilities. Continue Reading
By
- Michael Cobb
News 22 Aug 2022
CEO of spyware vendor NSO Group steps down

Current NSO Group COO Yaron Shohat will replace outgoing CEO Shalev Hulio as part of a reorganization for the vendor, which has come under fire from the U.S. government. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Aug 2022
Shunned researcher Hadnagy sues DEF CON over ban

Researcher Christopher Hadnagy is seeking damages from DEF CON and founder Jeff Moss over their decision to ban him citing multiple claims of conduct violations. Continue Reading
By
- Shaun Nichols
Opinion 17 Aug 2022
Data security as a layer in defense in depth against ransomware

Having data security as part of a defense-in-depth strategy can reduce the likelihood of a successful ransomware attack. Continue Reading
By
- Jack Poller
News 17 Aug 2022
Google patches yet another Chrome zero-day vulnerability

Google issued an update Wednesday to address a potentially serious security vulnerability in its Chrome browser, and the company urged users to patch their browsers immediately. Continue Reading
By
- Shaun Nichols
News 17 Aug 2022
CISA: Threat actors exploiting multiple Zimbra flaws

Cybersecurity vendor Volexity found earlier this month that one flaw, CVE-2022-27925, had compromised more than 1,000 Zimbra Collaboration Suite instances. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 17 Aug 2022
How to create a threat profile, with template

Read five key steps on how to create a threat profile, and get started making them customized to your organization with our free template. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 16 Aug 2022
Zero Day Initiative seeing an increase in failed patches

In a Q&A with TechTarget Editorial, Trend Micro Zero Day Initiative's Brian Gorenc and Dustin Childs discuss incomplete patches and the value of personal researcher relations. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Aug 2022
Eclypsium calls out Microsoft over bootloader security woes

At DEF CON 30, Eclypsium researchers detailed three new vulnerabilities in third-party Windows bootloaders that were signed with Microsoft's UEFI certificates. Continue Reading
By
- Rob Wright, Senior News Director
News 11 Aug 2022
Rapid7: Cisco ASA and ASDM flaws went unpatched for months

While several of the vulnerabilities were reported to Cisco in February, they remained unpatched until Thursday when Rapid7's Jake Baines discussed the flaws at Black Hat USA 2022. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Aug 2022
Researchers reveal Kubernetes security holes, prevention

Researchers with Palo Alto Networks took the stage at Black Hat to explain how configurations and system privileges in Kubernetes clusters can allow container escape and takeover. Continue Reading
By
- Shaun Nichols
News 11 Aug 2022
SentinelOne discusses the rise of data-wiping malware

During a Black Hat 2022 session, researchers showed how expectations of cyber war may differ from the reality. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Aug 2022
Zero Day Initiative launches new bug disclosure timelines

The Trend Micro Zero Day Initiative's vulnerability disclosure policy will now mandate shorter disclosure windows for flaws believed to result from bypassed security patches. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 11 Aug 2022
Google researchers dissect Android spyware, zero days

Researchers with Google's Threat Analysis Group say the ecosystem of surveillance vendors is far larger than just NSO Group, and some vendors are sharing or trading exploits. Continue Reading
By
- Shaun Nichols
Feature 11 Aug 2022
What is data security? The ultimate guide

Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
By
- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
Feature 10 Aug 2022
Is ethical hacking legal? And more ethical hacking advice

Is ethical hacking legal? Learn about the legality of ethical hacking, why it's important, its benefits and what organizations should look for when hiring an ethical hacker. Continue Reading
By
- Isabella Harford, TechTarget
Feature 10 Aug 2022
Ethical hacking: How to conduct a Sticky Keys hack

Physical security is often overlooked by cybersecurity teams. Learn about physical cybersecurity attacks in step-by-step instruction on how to conduct a Windows Sticky Keys hack. Continue Reading
By
- Isabella Harford, TechTarget
- No Starch Press
Tip 08 Aug 2022
10 top open source security testing tools

From Kali Linux to Mimikatz to Metasploit, learn about 10 open source penetration testing tools organizations can use to determine how secure their network is. Continue Reading
By
- Ed Moyle, Drake Software
Feature 05 Aug 2022
Importance of enterprise endpoint security during a pandemic

Enterprises often focus greatly on communications security and less on endpoint security. Review the importance of enterprise endpoint security and best practices to implement it. Continue Reading
By
- Kyle Johnson, Taylor & Francis
Feature 05 Aug 2022
Cybersecurity lessons learned from COVID-19 pandemic

Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans. Continue Reading
By
- Kyle Johnson, Technology Editor
News 02 Aug 2022
July another down month in ransomware attack disclosures

July saw a similar number of ransomware attack disclosures as June, previously the sparsest month for disclosures this year, according to SearchSecurity's data. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 29 Jul 2022
Coveware: Median ransom payments dropped 51% in Q2

Coveware hypothesized that large enterprises are making themselves more expensive targets for ransomware gangs and refusing to give into high demands. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Jul 2022
Microsoft: Austrian company DSIRF selling Subzero malware

Microsoft said Austrian penetration testing firm DSIRF exploited multiple zero-day vulnerabilities, including the recently patched CVE-2022-22047. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 28 Jul 2022
How to prevent a data breach: 10 best practices and tactics

When it comes to data breach prevention, the stakes are high. While it's impossible to eliminate the risk, organizations can minimize it by following these best practices. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 28 Jul 2022
AWS adds anti-malware and PII visibility to storage

New tools unveiled by AWS at re:Inforce 2022 add new anti-malware capabilities to AWS block storage and a way to find personally identifiable information with S3 object storage. Continue Reading
By
- Tim McCarthy, News Writer
News 27 Jul 2022
Deepfake technology risky but intriguing for enterprises

Enterprises can generate synthetic data sets with the technology. It is useful in broadcast and for advertising. However, its privacy and political implications can be dangerous. Continue Reading
By
- Esther Ajao, News Writer
Feature 27 Jul 2022
NFT wash trading explained

NFT popularity grew with the rise of cryptocurrency. But scams -- such as wash trading -- also increased, presenting new problems for businesses and consumers. Continue Reading
By
- Amanda Hetler, Senior Editor
Definition 27 Jul 2022
data breach

A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Katie Terrell Hanna
- Kevin Ferguson
Definition 22 Jul 2022
insider threat

An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Katie Terrell Hanna
- Brien Posey
News 21 Jul 2022
NCC Group observes a drop in ransomware attacks -- for now

Changes in top ransomware-as-a-service groups like LockBit 2.0 and Conti accounted for the decline in activity, though NCC Group anticipates attacks will ramp back up. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Jul 2022
Atlassian Confluence plugin contains hardcoded password

A flaw in Questions for Confluence, a first-party application in Atlassian Confluence, contains a hardcoded password enabling access into any vulnerable instance. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 21 Jul 2022
SynSaber: Only 41% of ICS vulnerabilities require attention

The industrial cybersecurity vendor analyzed 681 ICS vulnerabilities that were disclosed this year and found many had a low probability of exploitation. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Jul 2022
DOJ report warns of escalating cybercrime, 'blended' threats

The Department of Justice's cyber review report warned that the lines between conventional cybercriminal activity and national security threats have all but disappeared. Continue Reading
By
- Shaun Nichols
Feature 20 Jul 2022
VMDR: Inside vulnerability management, detection and response

VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool? Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 19 Jul 2022
Cyber-war game case study: Preparing for a ransomware attack

In this real-world cyber-war game case study, an exercise on ransomware preparedness helped a company discover shortcomings in its incident response plan. Continue Reading
By
- Johna Till Johnson, Nemertes Research
News 12 Jul 2022
4 critical flaws among 84 fixes in July Patch Tuesday

Microsoft's Patch Tuesday release for July brought dozens of fixes for security flaws in Windows, an Azure disaster recovery tool and the problematic Print Spooler service. Continue Reading
By
- Shaun Nichols
Definition 12 Jul 2022
software bill of materials (SBOM)

A software bill of materials (SBOM) is an inventory of all constituent components and software dependencies involved in the development and delivery of an application. Continue Reading
By
- Sean Michael Kerner
Tip 07 Jul 2022
How to create a critical infrastructure incident response plan

Does your organization have an incident response plan for disruptions to critical infrastructure? Learn how to write a successful plan for your company. Continue Reading
By
- Paul Kirvan
News 06 Jul 2022
HackerOne incident raises concerns for insider threats

While the threat actor's motivation appears to be financial, it shows just how damaging an insider threat could be for vulnerability disclosure and bug bounty systems. Continue Reading
By
- Arielle Waldman, News Writer
Definition 06 Jul 2022
blended threat

A blended threat is an exploit that combines elements of multiple types of malware and usually employs various attack vectors to increase the severity of damage and the speed of contagion. Continue Reading
By
- Kinza Yasar, Technical Writer
Feature 29 Jun 2022
A guide to MSP patch management best practices

As software patch management challenges mount, industry experts offer advice to MSPs on prioritizing system risk levels, selecting proper tools and testing patches internally. Continue Reading
By
- Esther Shein
News 28 Jun 2022
Ransomware gangs using Log4Shell to attack VMware instances

Ransomware groups are exploiting the Log4Shell flaw in VMware Horizon and using DLL sideloading techniques to exfiltrate and encrypt data, according to Trend Micro. Continue Reading
By
- Shaun Nichols
News 28 Jun 2022
Wiz launches open database to track cloud vulnerabilities

Wiz researchers Alon Schindel and Amitai Cohen and Scott Piper, cloud security engineer at Block, launched a database to list all known cloud vulnerabilities and security issues. Continue Reading
By
- Arielle Waldman, News Writer
Feature 27 Jun 2022
How to determine out-of-scope bug bounty assets

What happens when a security researcher discovers a bug in an out-of-scope asset? Learn how to handle bug bounty scope in this excerpt from 'Corporate Cybersecurity.' Continue Reading
By
- Kyle Johnson, Technology Editor
- Wiley Publishing
Feature 27 Jun 2022
An enterprise bug bounty program vs. VDP: Which is better?

Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground. Continue Reading
By
- Kyle Johnson, Technology Editor
News 24 Jun 2022
Researchers criticize Oracle's vulnerability disclosure process

While the critical flaws were reported in April, it took the vendor nearly half a year to issue patches, exceeding the standard responsible coordinated disclosure policy. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Jun 2022
Chinese HUI Loader malware ups the ante on espionage attacks

A state-sponsored piece of malware may become a favorite weapon for Beijing-backed hacking crews looking to lift intellectual property from foreign firms. Continue Reading
By
- Shaun Nichols
Guest Post 23 Jun 2022
3 threats dirty data poses to the enterprise

The Information Security Forum predicted dirty data will pose three threats to the enterprise. Learn about these threats, and get tips on how to protect your organization from them. Continue Reading
By
- Steve Durbin
News 22 Jun 2022
Kaspersky unveils unknown APT actor 'ToddyCat'

The origin of 'ToddyCat' is unknown. However, Kaspersky said the APT actor carries similarities with a number of Chinese-speaking threat groups. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 22 Jun 2022
Publicly disclosed U.S. ransomware attacks database

Each day SearchSecurity looks for every publicly available instance of a ransomware attack in the U.S. and compiles this data into a list to keep readers updated on recent threats. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 22 Jun 2022
Proofpoint: Social engineering attacks slipping past users

Executives, administrators and network defenders overlook the severity of many of the most effective social engineering tools, Proofpoint cautions. Continue Reading
By
- Shaun Nichols
News 21 Jun 2022
Forescout discloses 'OT:Icefall,' 56 flaws from 10 vendors

The OT:Icefall vulnerabilities come from 10 operational technology vendors that make hardware for critical infrastructure, including Emerson, Honeywell, Motorola and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 16 Jun 2022
Risk & Repeat: Recapping RSA Conference 2022

This Risk & Repeat episode discusses RSA Conference 2022 and major themes, such as the evolving ransomware landscape and the government's strategy to address nation-state threats. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 16 Jun 2022
How hackers use AI and machine learning to target enterprises

AI benefits security teams and cybercriminals alike. Learn how hackers use AI and machine learning to target enterprises, and get tips on preventing AI-focused cyber attacks. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 15 Jun 2022
Alphv ransomware gang ups pressure with new extortion scheme

The ransomware operators this week launched a website for victims' employees and customers to search for any stolen personal information following an attack. Continue Reading
By
- Arielle Waldman, News Writer
Definition 15 Jun 2022
directory traversal

Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory. Continue Reading
By
- Ben Lutkevich, Site Editor
News 14 Jun 2022
Critical Atlassian Confluence flaw remains under attack

Researchers say a critical flaw in the Atlassian Confluence Data Center and Server is now being used to spread ransomware in the wild, making updates a top priority. Continue Reading
By
- Shaun Nichols
News 13 Jun 2022
Tenable slams Microsoft over Azure vulnerabilities

Tenable expressed its frustration after working with Microsoft on the disclosure of two cloud flaws that researchers ranked as critical, which the company later silently patched. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Jun 2022
Rob Joyce: China represents biggest long-term cyberthreat

NSA director of cybersecurity Rob Joyce spoke at RSA Conference 2022 about the cyberthreat landscape for nation-state attacks from Russia and China. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 09 Jun 2022
CrowdStrike demonstrates dangers of container escape attacks

CrowdStrike gave a live demonstration at RSA Conference 2022 of how an attacker can use a recently discovered Kubernetes flaw to obtain full control over a container's host system. Continue Reading
By
- Shaun Nichols
News 09 Jun 2022
Mandiant: Cyberextortion schemes increasing pressure to pay

At RSA Conference 2022, Mandiant executives discussed how attackers are pulling out all the stops to pressure victims to pay, from DDoS attacks to harassing victims' customers. Continue Reading
By
- Arielle Waldman, News Writer
News 07 Jun 2022
Cybereason: Paying ransoms leads to more ransomware attacks

Cybereason found that the majority of organizations that pay threat actors to decrypt data are attacked again -- usually within a month and at the hands of the same attackers. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Jun 2022
MacOS malware attacks slipping through the cracks

Apple security specialist Patrick Wardle told RSA Conference 2022 attendees that some of the worst security flaws in the macOS operating system come from overlooked bits of code. Continue Reading
By
- Shaun Nichols
News 03 Jun 2022
Critical Atlassian Confluence flaw exploited in the wild

No patch is currently available for the critical Atlassian bug, which affects Confluence Server and Data Center products, though one is expected by end of day Friday. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Jun 2022
Conti ransomware group targeted Intel firmware tools

A pair of Intel firmware management platforms were targeted by the notorious Conti ransomware group to create new attack techniques, according to Eclypsium researchers. Continue Reading
By
- Shaun Nichols
Feature 01 Jun 2022
How ransomware kill chains help detect attacks

Reconstructing cyber attacks is a key step in incident response. Learn how ransomware kill chains can help security teams detect and mitigate the consequences of an attack. Continue Reading
By
- Isabella Harford, TechTarget
Feature 01 Jun 2022
How to improve cyber attack detection using social media

Social media has cybersecurity pros and cons. One benefit is that it can help improve cyber attack detection. These four real-world examples show how. Continue Reading
By
- Isabella Harford, TechTarget
- Packt Publishing
News 01 Jun 2022
Forescout proof-of-concept ransomware attack affects IoT, OT

Forescout's proof of concept showed how an attacker could use an IoT camera to gain access to an enterprise's IT network and then shut down operational technology hardware. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 31 May 2022
Microsoft zero day exploited in the wild, workarounds released

A zero-day flaw in the Microsoft Support Diagnostic Tool has already been exploited in the wild. No patch is available yet, but Microsoft released temporary mitigations. Continue Reading
By
- Rob Wright, Senior News Director
Tip 26 May 2022
Top 4 source code security best practices

Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Feature 26 May 2022
8 ways to avoid NFT scams

People and businesses are turning to NFTs to make money, trade collectibles and use as promotions. But scams are also trying to trick people and businesses out of money. Continue Reading
By
- Amanda Hetler, Senior Editor
News 26 May 2022
'Pantsdown' BMC vulnerability still present in Quanta servers

Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks. Continue Reading
By
- Shaun Nichols
News 25 May 2022
Verizon DBIR: Stolen credentials led to nearly 50% of attacks

The Verizon 2022 Data Breach Investigations Report revealed enterprises' ongoing struggle with securing credentials and avoiding common mistakes such as misconfigurations. Continue Reading
By
- Arielle Waldman, News Writer
Tip 25 May 2022
Prepare for deepfake phishing attacks in the enterprise

Deepfake phishing has already cost at least one company $243,000. Learn how cybersecurity leaders can train users to recognize this emerging attack vector. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 24 May 2022
Verizon DBIR: Ransomware dominated threat landscape in 2021

Though ransomware became an increasingly large threat to enterprises last year, Verizon's Data Breach Investigations Report found the model may not be as profitable as expected. Continue Reading
By
- Arielle Waldman, News Writer
News 23 May 2022
Veeam data protection aids users with secure restores

From 'nothing worked' to 'it just worked': How Veeam Software helped a Florida city out of a troublesome predicament with its legacy data backup platform. Continue Reading
By
- Paul Crocetti, Executive Editor
News 23 May 2022
AdvIntel: Conti rebranding as several new ransomware groups

According to AdvIntel's research, the Conti ransomware group's attack on the Costa Rican government was part of a rebranding effort, as the gang's ransom payments had dried up. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 20 May 2022
How to counter insider threats in the software supply chain

Insider threats extend beyond employees within your company to include people working at partners and third parties. Learn about these insider threats in the software supply chain. Continue Reading
By
- Will Kelly
News 19 May 2022
QNAP devices hit by DeadBolt ransomware again

DeadBolt ransomware is once again targeting QNAP's NAS devices, and the vendor is urging customers to patch immediately. Continue Reading
By
- Arielle Waldman, News Writer
News 19 May 2022
VMware vulnerabilities under attack, CISA urges action

Administrators are grappling with four VMware vulnerabilities -- two older flaws that are under active exploitation and two new bugs that CISA believes will be exploited soon. Continue Reading
By
- Shaun Nichols
Tip 19 May 2022
How to conduct a cyber-war gaming exercise

A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed. Continue Reading
By
- Johna Till Johnson, Nemertes Research
News 19 May 2022
VeeamON 2022: Backup and security union emerges as top trend

Veeam has seized an opportunity to make its products more secure amid the prevalence of cyber attacks. The vendor is also looking to expand its reach, potentially through acquisitions. Continue Reading
By
- Paul Crocetti, Executive Editor
News 18 May 2022
Axie Infinity hack highlights DPRK cryptocurrency heists

The $620 million hack of developer Sky Mavis earlier this year is only the latest in a long line of cryptocurrency platform attacks conducted by North Korean nation-state actors. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 17 May 2022
man in the browser (MitB)

Man in the browser (MitB) is a security attack where the perpetrator installs a Trojan horse on the victim's computer that is capable of modifying that user's web transactions. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor