Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
News
15 Nov 2024
Palo Alto Networks PAN-OS management interfaces under attack
Palo Alto Networks confirmed that threat actors are exploiting a vulnerability in PAN-OS firewall management interfaces after warning customers to secure them for nearly a week. Continue Reading
-
News
14 Nov 2024
Infoblox: 800,000 domains vulnerable to hijacking attack
While the 'Sitting Ducks' attack vector continues to pose a problem, Infoblox says domain registrars, DNS providers and government bodies remain inactive. Continue Reading
-
Guest Post
16 May 2022
How cryptocurrencies enable attackers and defenders
Threat actors use cryptocurrencies for their anonymity, but they're not as impenetrable as once thought. Discover how cryptocurrencies can help attackers and defenders alike. Continue Reading
-
News
16 May 2022
Critical bug in Zyxel firewalls, VPNs exploited in the wild
Initially discovered by Rapid7, the vulnerability poses a critical risk to enterprise networks and could allow attackers to gain remote access to Zyxel security products. Continue Reading
-
News
16 May 2022
Kasten backup adds Kubernetes ransomware detection, security
As ransomware becomes a bigger concern for container admins, updates to the Kasten backup and disaster recovery platform for Kubernetes take a proactive security stance. Continue Reading
-
Answer
12 May 2022
Zero trust vs. zero-knowledge proof: What's the difference?
Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure networks. Continue Reading
-
News
11 May 2022
Critical F5 vulnerability under exploitation in the wild
A remote code vulnerability in F5 BIG-IP network appliances is now being scanned for by threat actors, and some experts have observed exploitation in the wild. Continue Reading
-
News
10 May 2022
New clues point to REvil ransomware gang's return
New research from Secureworks' Counter Threat Unit provides further evidence that the REvil ransomware group, once thought to be defunct, is indeed back on the scene. Continue Reading
-
News
05 May 2022
Hackers exploit vulnerable Adminer for AWS database thefts
Mandiant researchers spotted a threat group using an exploit for older versions of Adminer to get their hands on metadata that included secret keys for AWS accounts. Continue Reading
-
News
05 May 2022
SentinelOne finds high-severity flaws in Avast, AVG
The Avast and AVG vulnerabilities, which have been patched, went undiscovered for 10 years and potentially impact millions of devices, according to SentinelOne. Continue Reading
-
Definition
04 May 2022
SYN flood attack
A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server. Continue Reading
-
News
04 May 2022
Winnti threat group rides again with IP theft campaign
A Chinese cyberespionage campaign, dubbed 'Operation CuckooBees' by Cybereason, went unnoticed for years as spies siphoned off intellectual property from companies. Continue Reading
-
News
03 May 2022
RCE vulnerabilities found in Avaya, Aruba network switches
Armis told SearchSecurity that depending on device model, it was 'not too hard to develop an exploit' for the Avaya and Aruba flaws, heightening concern for administrators. Continue Reading
-
News
03 May 2022
April ransomware attacks slam US universities
April's ransomware attacks were highlighted by several universities and colleges in the U.S. reporting attacks, plus a possible data breach at one of the world's largest beverage companies. Continue Reading
-
Guest Post
02 May 2022
Russia-Ukraine war prompts security best practices refresher
The Russia-Ukraine war hasn't led to major cyber attacks affecting MSPs, but IT services providers should review cybersecurity best practices, including hardening and response. Continue Reading
-
Definition
28 Apr 2022
Sender Policy Framework (SPF)
Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message. Continue Reading
-
Feature
28 Apr 2022
Case study: Why it's difficult to attribute nation-state attacks
If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware. Continue Reading
-
Feature
28 Apr 2022
Tips for using a threat profile to prevent nation-state attacks
Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile. Continue Reading
-
News
27 Apr 2022
Five Eyes reveals 15 most exploited vulnerabilities of 2021
Law enforcement agencies from five countries share the top flaws they've observed being exploited this year, some of which were disclosed as early as 2018. Continue Reading
-
Feature
27 Apr 2022
Why companies should focus on preventing privilege escalation
If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them. Continue Reading
-
Tip
27 Apr 2022
Best practices for creating an insider threat program
A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
-
News
26 Apr 2022
Cisco Talos observes 'novel increase' in APT activity in Q1
The security vendor uncovered new trends during Q1, including increased APT attacks, 'democratized' ransomware threats and significant exploitation of Log4j bugs. Continue Reading
-
News
25 Apr 2022
T-Mobile breached in apparent Lapsus$ attack
Lapsus$'s alleged theft of T-Mobile source code is in line with its previous activity; the cybercrime group previously stole code from Microsoft and Samsung. Continue Reading
-
Feature
22 Apr 2022
An introduction to binary diffing for ethical hackers
Binary diffing is a useful tool in the ethical hacker's arsenal. This excerpt teaches aspiring penetration testers and red teamers how to get started. Continue Reading
-
News
21 Apr 2022
Zero-day vulnerability exploitation soaring, experts say
Researchers with Mandiant and Google Project Zero say they observed significant increases in exploitation of zero-day vulnerabilities over the past year. Continue Reading
-
News
21 Apr 2022
Cryptocurrency theft leaves Beanstalk Farms' future in doubt
Beanstalk Farms' founders confirmed they found many aspects of activity during the attack 'strange' but saw no reason for concern. Now, the company's future is uncertain. Continue Reading
-
News
21 Apr 2022
FBI warns of 'timed' ransomware attacks on agriculture sector
In a recent alert, the FBI warned that food and agriculture businesses could become a target of ransomware attacks at the sector's busiest times of the year. Continue Reading
-
Tip
21 Apr 2022
7 best practices for Web3 security risk mitigation
Tech builders and businesses evaluating decentralized technologies should keep these seven Web3 security best practices in mind to help mitigate traditional and novel cyber threats. Continue Reading
-
News
20 Apr 2022
U.S. warns of 'increased' threats from Russian hacking groups
The U.S. government and its Five Eyes intelligence partners issued a joint advisory warning of the dangers posed by both state-sponsored hackers and cybercriminal crews in Russia. Continue Reading
-
Tip
20 Apr 2022
Traditional IT vs. critical infrastructure cyber-risk assessments
When it comes to critical infrastructure cybersecurity, the stakes are uniquely high. Assessing associated cyber-risk, in turn, is uniquely challenging. Continue Reading
-
News
20 Apr 2022
Kaspersky releases decryptor for Yanluowang ransomware
Kaspersky is offering users and admins a tool to decrypt data that had been locked away by the emerging Yanluowang ransomware gang, which was first revealed in December. Continue Reading
-
News
20 Apr 2022
BlackCat emerges as one of the top ransomware threats
After several notable ransomware attacks against major enterprises, the BlackCat gang is drawing the attention of security researchers who have connected it to other groups. Continue Reading
-
News
20 Apr 2022
AWS Log4Shell hot patch vulnerable to privilege escalation
Amazon's initial Log4Shell fix had 'severe security issues,' a Palo Alto Networks security researcher said. Amazon released new patches to fix those issues Tuesday. Continue Reading
-
News
18 Apr 2022
Stolen OAuth tokens lead to 'dozens' of breached GitHub repos
Stolen OAuth tokens issued to Heroku and Travis CI were used to download data from the private repositories of 'dozens of organizations,' including GitHub subsidiary npm. Continue Reading
-
Definition
15 Apr 2022
mail bomb
A mail bomb is a form of a denial-of-service (DoS) attack designed to overwhelm an inbox or inhibit a server by sending a massive number of emails to a specific person or system. Continue Reading
-
News
14 Apr 2022
Critical Windows RPC vulnerability raises alarm
Security experts warn that a newly disclosed vulnerability in a critical Windows networking component is opening the door for remote takeover attacks. Continue Reading
-
Opinion
14 Apr 2022
Making sense of conflicting third-party security assessments
Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective. Continue Reading
-
News
14 Apr 2022
VMware Workspace One flaw actively exploited in the wild
Multiple threat intelligence providers have detected threat activity related to the VMware Workspace One flaw, including cryptocurrency mining activity. Continue Reading
-
News
14 Apr 2022
US government, security vendors warn of new ICS malware
As attacks on critical infrastructure increase, experts warn that threat actors have developed new malware designed to take control of ICS and SCADA systems in the energy sector. Continue Reading
-
News
13 Apr 2022
Microsoft dismantles ZLoader botnet
Microsoft and ESET security teams explained how they were able to identify and dismantle the command and control infrastructure of the notorious ZLoader malware network. Continue Reading
-
News
13 Apr 2022
Sophos: LockBit affiliates hacked regional government agency
Sophos said attackers spent at least five months inside an unnamed regional government agency's network, remotely Googling for hacking tools before deploying LockBit ransomware. Continue Reading
-
News
12 Apr 2022
Ukraine energy grid hit by Russian Industroyer2 malware
The 2016 malware known as 'Industroyer' has resurfaced in a new series of targeted attacks against industrial controller hardware at a Ukraine power company. Continue Reading
-
News
12 Apr 2022
Synopsys: Enterprises struggling with open source software
To curb open source risk, Synopsys advises enterprises to keep a comprehensive inventory of all software within its environment and to understand that securing open source requires strong management. Continue Reading
-
News
11 Apr 2022
Apple Security Bounty improves, but problems remain
Security researchers told SearchSecurity that Apple Security Bounty improved its communication earlier this year, which had been a key issue for participants. Continue Reading
-
News
07 Apr 2022
How the FBI took down the Cyclops Blink botnet
The FBI's operation copied and removed Cyclops Blink's malware from victims' systems that were used as command and control devices, severing Sandworm's control of the botnet. Continue Reading
-
Tip
07 Apr 2022
Pen testing guide: Types, steps, methodologies and frameworks
Penetration testing helps organizations find security vulnerabilities before hackers do. Uncover details about pen testing steps, methodologies, frameworks and standards. Continue Reading
-
News
06 Apr 2022
US sanctions Garantex for laundering over $100M
The latest action follows a string of sanctions imposed during the past year against cryptocurrency exchanges operating out of Russia. Continue Reading
-
News
06 Apr 2022
Conti ransomware leaks show a low-tech but effective model
The Conti ransomware gang runs largely on elbow grease, according to Akamai security researchers who analyzed the group's training materials and operating policies. Continue Reading
-
Feature
06 Apr 2022
How secure are one-time passwords from attacks?
Adding an additional authentication layer makes it harder for attackers to get into accounts, but not all authentication factors are equal -- especially when it comes to OTPs. Continue Reading
-
News
05 Apr 2022
March ransomware attacks strike finance, government targets
In March, ransomware reports and disclosures showed a variety of victims, from public schools and county governments to financial services firms and large enterprises. Continue Reading
-
News
05 Apr 2022
Conti ransomware deployed in IcedID banking Trojan attack
The Conti ransomware gang gained recent notoriety for publicly backing Russia in its invasion of Ukraine. An anonymous researcher then leaked massive amounts of internal Conti data. Continue Reading
-
News
04 Apr 2022
Cryptocurrency companies targeted in Mailchimp breach
Cryptocurrency wallet maker Trezor revealed phishing attacks against its customers that stemmed from a breach at Mailchimp, which the email marketing firm later confirmed. Continue Reading
-
News
31 Mar 2022
Spring Framework vulnerabilities sow confusion, concern
Two different remote code execution vulnerabilities in a Java developer tool caused considerable confusion after one of the flaws was leaked online as a zero-day. Continue Reading
-
News
31 Mar 2022
New 'AcidRain' malware may be connected to Viasat attack
SentinelOne did not directly attribute the malware to the Viasat attack. That said, researchers argued the "AcidRain" malware's functionality matches open source intelligence. Continue Reading
-
News
30 Mar 2022
Axie Infinity hack results in $600M cryptocurrency heist
Axie Infinity, whose developer was hacked this month, is a popular NFT-based video game in which players earn cryptocurrency by raising their pay-to-play digital pets, or 'Axies.' Continue Reading
-
News
29 Mar 2022
Rapid7 finds zero-day attacks surged in 2021
Cybercriminals are turning bugs into exploits faster than ever, according to Rapid7, which found that the average time to known exploitation dropped 71% last year. Continue Reading
-
Feature
29 Mar 2022
Cryptocurrency cyber attacks on the rise as industry expands
Consumers, businesses and governments are finding new ways to use cryptocurrency, but a recent string of cyber attacks has highlighted security risks and shortcomings. Continue Reading
-
News
25 Mar 2022
US indicts Russian nationals for critical infrastructure attacks
One defendant is accused of deploying the infamous Trisis or Triton malware against energy-sector companies, including a petrochemical plant in Saudi Arabia in a 2017 attack. Continue Reading
-
Tip
25 Mar 2022
Review Microsoft Defender for endpoint security pros and cons
Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls. Continue Reading
-
Podcast
25 Mar 2022
Risk & Repeat: Lapsus$ highlights poor breach disclosures
This Risk & Repeat podcast episode examines two high-profile breaches by emerging threat group Lapsus$ and how Microsoft and Okta responded to these attacks. Continue Reading
-
News
24 Mar 2022
North Korean hackers exploited Chrome zero-day for 6 weeks
Google researchers say a Chrome zero-day bug stemming from a use-after-free error was exploited by North Korean hackers against both media and financial targets earlier this year. Continue Reading
-
News
24 Mar 2022
FBI: Ransomware hit 649 critical infrastructure entities in 2021
The FBI's Internet Crime Complaint Center found ransomware was a top threat to critical infrastructure security in 2021, hitting a wide range of organizations. Continue Reading
-
News
23 Mar 2022
Microsoft confirms breach, attributes attack to Lapsus$
Microsoft disclosed it had been breached by emerging threat group Lapsus$ toward the end of a threat intelligence post dedicated to the extortion gang and its tactics. Continue Reading
-
News
22 Mar 2022
Biden: Russia exploring cyber attacks against US
President Joe Biden's warning of potential Russian attacks against U.S. critical infrastructure is the latest call to action for the private sector to fortify its cyberdefenses. Continue Reading
-
Feature
18 Mar 2022
Seeking truth in crisis times shows importance of metadata
Metadata gives context to data, and during crises like the war in Ukraine when it's difficult to know what news to trust, context can help distinguish truth from fiction. Continue Reading
-
News
17 Mar 2022
JavaScript apps hit with pro-Ukraine supply chain attack
A popular JavaScript package was sabotaged by its developer and seeded with messages in support of Ukraine in what has become a supply chain attack. Continue Reading
-
News
17 Mar 2022
Sandworm APT ramps up Cyclops Blink botnet with Asus routers
Trend Micro discovered that the Cyclops Blink botnet, which had originally targeted WatchGuard devices, is now spreading to Asus and 'at least one other vendor.' Continue Reading
-
News
16 Mar 2022
LokiLocker ransomware crew bursts onto the scene
The mysterious LokiLocker ransomware group caught the attention of BlackBerry researchers, who say the outfit could become the next cybercrime group to menace enterprises. Continue Reading
-
News
15 Mar 2022
Container vulnerability opens door for supply chain attacks
A CRI-O container engine vulnerability could allow attackers to bypass security controls and take over a host system, according to CrowdStrike researchers. Continue Reading
-
News
10 Mar 2022
Log4Shell vulnerability continues to menace developers
Months after it was first disclosed, the Log4j RCE vulnerability remains widespread on code-sharing sites and open source repositories, according to security researchers. Continue Reading
-
Answer
10 Mar 2022
Use microsegmentation to mitigate lateral attacks
Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
-
Feature
10 Mar 2022
6 potential enterprise security risks with NFC technology
Some NFC risks include payment processing fraud, eavesdropping and replay attacks. Continue Reading
-
Definition
10 Mar 2022
metamorphic and polymorphic malware
Metamorphic and polymorphic malware are two types of malicious software (malware) that can change their code as they propagate through a system. Continue Reading
-
News
09 Mar 2022
Researchers disclose new Spectre V2 vulnerabilities
The Spectre class of data disclosure vulnerabilities is once again at the security forefront after researchers discovered a new variant of the side-channel attack. Continue Reading
-
News
09 Mar 2022
Immersive Labs: Average cyberthreat response takes 96 days
Immersive Labs' Cyber Workforce Benchmark found that some critical threats, including a zero-day vulnerability, took an average of six months to fully address. Continue Reading
-
News
08 Mar 2022
FBI finds Ragnar Locker hit 52 U.S. critical infrastructure targets
While providing an updated list of indicators of compromise, the FBI revealed that a range of critical sectors were attacked by the ransomware group. Continue Reading
-
News
08 Mar 2022
Researchers uncover vulnerabilities in APC Smart-UPS devices
Researchers with Armis found a trio of vulnerabilities in uninterruptible power supply (UPS) devices from APC that could be remotely exploited by threat actors. Continue Reading
-
Tip
07 Mar 2022
Top DevSecOps certifications and trainings
Check out some of the top DevSecOps certifications and trainings that can help professionals learn how to shift security left in the software development lifecycle. Continue Reading
-
News
07 Mar 2022
Samsung breached, Nvidia hackers claim responsibility
Samsung said Galaxy device source code was stolen, but no employee or customer personal information was taken by the attackers, who appear to be with the Lapsus$ ransomware group. Continue Reading
-
News
04 Mar 2022
Hackers using stolen Nvidia certificates to sign malware
The recent breach of Nvidia's corporate network has resulted in the posting of valid software certificates that are now being used to spread malware in the wild. Continue Reading
-
Podcast
04 Mar 2022
Risk & Repeat: Conti ransomware gang gets breached
This Risk & Repeat podcast episode covers the massive Conti leaks, including the data that was published and what it reveals about the infamous ransomware gang. Continue Reading
-
News
04 Mar 2022
February ransomware attacks hit major enterprises
Enterprises, colleges and municipalities in the U.S. continued to be hit by ransomware as publicly reported attacks for February piled up. Continue Reading
-
News
03 Mar 2022
Job applications a top HR business cybersecurity risk
Russia's attack on Ukraine has raised the risk of a business cybersecurity attack, and HR may be particularly vulnerable. But there are steps HR can take to protect its company. Continue Reading
-
Feature
03 Mar 2022
How to stop malicious or accidental privileged insider attacks
How many permissions or privileges a user has will affect how big of an insider threat they are. Discover the issues surrounding privileged users and how to curtail these threats. Continue Reading
-
Definition
03 Mar 2022
Open Web Application Security Project (OWASP)
The Open Web Application Security Project (OWASP) is a nonprofit foundation that provides guidance on how to develop, purchase and maintain trustworthy and secure software applications. Continue Reading
-
News
02 Mar 2022
CrowdStrike cracks PartyTicket ransomware targeting Ukraine
CrowdStrike's analysis of the new ransomware, also known as HermeticRansom, that affected Ukrainian organizations revealed that files encrypted with PartyTicket are recoverable. Continue Reading
-
News
01 Mar 2022
Conti ransomware source code, documentation leaked
The Conti ransomware gang's primary Bitcoin address, found in the leak, showed the crime outfit has taken in over $2 billion in cryptocurrency since 2017. Continue Reading
-
News
01 Mar 2022
Nvidia confirms breach, proprietary data leaked online
Nvidia has confirmed some of the claims from a little-known ransomware gang that allegedly broke into the network of the GPU giant and stole corporate data. Continue Reading
-
News
01 Mar 2022
HermeticWiper poses increasing cyber risk to Ukraine
While it has not been attributed to a specific threat group, ESET researchers observed another data-wiping malware that targeted a Ukrainian organization and warned it could extend to allies. Continue Reading
-
News
28 Feb 2022
Recorded Future: Russia may retaliate with cyber attacks
Recorded Future warned U.S. and European organizations could be hit by 'spillover attacks' or intentional retaliatory strikes from Russia following its invasion of Ukraine. Continue Reading
-
News
28 Feb 2022
Conti ransomware gang backs Russia, threatens U.S.
The Conti ransomware gang announced last week that they were in 'full support' of Russia and would retaliate if the West attacked Russian critical infrastructure. Continue Reading
-
Feature
28 Feb 2022
Implement API rate limiting to reduce attack surfaces
Rate limiting can help developers prevent APIs from being overwhelmed with requests, thus preventing denial-of-service attacks. Learn how to implement rate limiting here. Continue Reading
-
Feature
28 Feb 2022
API security methods developers should use
Developers can reduce the attack surface by implementing security early in the API development process and knowing methods to secure older APIs that can't be deprecated. Continue Reading
-
News
25 Feb 2022
Researchers find access brokers focused on US targets
Security vendors studied 'access broker' advertisements on the dark web, which provide ransomware groups with the network and system access required for data thefts. Continue Reading
-
News
24 Feb 2022
New data wiper malware hits Ukraine targets
HermeticWiper is similar to another data-wiping malware known as WhisperGate, which was used in cyber attacks against Ukraine last month. Both used ransomware as an apparent decoy. Continue Reading
-
Tip
24 Feb 2022
Pave a path to cybersecurity and physical security convergence
Physical security doesn't get the attention cybersecurity does, but that gap poses significant risks. Find out what you can do to better protect your organization's assets. Continue Reading
-
News
24 Feb 2022
New tech, same threats for Web 3.0
Emerging technologies are prone to old-school social engineering attacks and credential-swiping techniques, according to Cisco Talos researchers who analyzed the new platforms. Continue Reading
-
News
23 Feb 2022
US, UK attribute Cyclops Blink to Sandworm
The group known for its use of VPNFilter malware has retooled with what is being tracked as Cyclops Blink, but its impact appears limited to WatchGuard business customers for now. Continue Reading
-
News
23 Feb 2022
Dragos: Ransomware topped ICS and OT threats in 2021
Whether ICS and OT networks were intentionally targeted or not, ransomware was found to be the No. 1 compromise to industrial organizations last year. Continue Reading
-
News
23 Feb 2022
IBM: REvil dominated ransomware activity in 2021
IBM X-Force's Threat Intelligence Index report also found a 'triple extortion' ransomware tactic in 2021, where threat actors use DDoS attacks to put extra pressure on victims. Continue Reading
-
Tip
22 Feb 2022
Top 6 critical infrastructure cyber-risks
Cyber attacks on critical infrastructure assets can cause enormous and life-threatening consequences. Discover the top cyber-risks to critical infrastructure here. Continue Reading
-
News
17 Feb 2022
FBI: BEC attacks spreading to virtual meetings
Since the start of the COVID-19 pandemic, many workplaces have shifted to virtual meeting platforms, and the FBI warned that threat actors have taken note. Continue Reading