Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
Podcast
07 Mar 2024
Risk & Repeat: Alphv/BlackCat's chaotic exit (scam)
This podcast episode discusses the possible exit scam of ransomware-as-a-service gang Alphv/BlackCat, as well as the chaotic months the gang had leading up to its closure. Continue Reading
-
News
06 Mar 2024
Apple discloses 2 iOS zero-day vulnerabilities
CVE-2024-23225 and CVE-2024-23296, which bypass kernel memory protections, mark the second and third zero-day vulnerabilities that Apple has disclosed and patched this year. Continue Reading
- Definition 06 Mar 2024
-
Tip
06 Mar 2024
Explore mitigation strategies for 10 LLM vulnerabilities
As large language models enter more enterprise environments, it's essential for organizations to understand the associated security risks and how to mitigate them. Continue Reading
-
News
05 Mar 2024
Alphv/BlackCat leak site goes down in possible exit scam
An Alphv/BlackCat affiliate accused the ransomware gang of stealing a ransom payment worth more than $20 million that may have been obtained in the Change Healthcare attack. Continue Reading
-
News
05 Mar 2024
Critical JetBrains TeamCity vulnerabilities under attack
Exploitation activity has started against two vulnerabilities in JetBrains TeamCity, which has been targeted previously by nation-state threat actors such as Russia's Cozy Bear. Continue Reading
-
Tip
05 Mar 2024
DoS vs. DDoS: How they differ and the damage they cause
DoS and DDoS attacks may not be new, but that doesn't mean they are any less disruptive to organizations. Companies should understand what they are and how they work. Continue Reading
-
News
04 Mar 2024
LockBit, Alphv/BlackCat highlight February ransomware activity
With events surrounding the LockBit and Alphv/BlackCat gangs and the ConnectWise ScreenConnect flaws, ransomware activity continues this year after a surge in 2023. Continue Reading
-
Tip
01 Mar 2024
How dynamic malware analysis works
Security teams use dynamic malware analysis to uncover how malware works -- and thereby improve threat hunting and incident detection capabilities. Continue Reading
-
Definition
29 Feb 2024
phishing
Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person in an email or other form of communication. Continue Reading
-
Podcast
27 Feb 2024
Risk & Repeat: LockBit resurfaces after takedown
LockBit returns just days after an international law enforcement operation infiltrated the ransomware gang's network and seized infrastructure, source code and decryption keys. Continue Reading
-
News
27 Feb 2024
Ransomware gangs exploiting ConnectWise ScreenConnect flaws
Ransomware activity is ramping up against vulnerable ScreenConnect systems as Black Basta and Bl00dy threat actors were observed exploiting the vulnerabilities. Continue Reading
-
News
26 Feb 2024
LockBit restores servers following law enforcement takedown
Law enforcement agencies last week announced a takedown of the LockBit ransomware gang that involved the seizure of servers, websites and decryption keys, as well as two arrests. Continue Reading
-
News
23 Feb 2024
GitHub Copilot replicating vulnerabilities, insecure code
Research from Snyk shows that AI assistants such as GitHub Copilot, which offer code completion suggestions, often amplify existing bugs and security issues in a user's codebase. Continue Reading
-
News
22 Feb 2024
ConnectWise ScreenConnect flaws under attack, patch now
Huntress said in a blog post this week that the ConnectWise ScreenConnect flaws, which have come under attack, were 'trivial and embarrassingly easy' for a threat actor to exploit. Continue Reading
-
Definition
22 Feb 2024
cybersecurity
Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats. Continue Reading
-
News
21 Feb 2024
Coalition: Vulnerability scoring systems falling short
Coalition said enterprises faced more substantial fallout from attacks on Citrix Bleed and Progress Software's MoveIt Transfer due to inadequate vulnerability prioritization. Continue Reading
-
News
21 Feb 2024
CrowdStrike 'Global Threat Report': Cloud intrusions up 75%
This year's report covered cloud intrusions, data extortion attacks, and the ongoing conflict between Israel and Hamas. Continue Reading
-
News
15 Feb 2024
Ransomware disrupts utilities, infrastructure in January
Ransomware attacks last month caused outages and disruptions at public sector and critical infrastructure organizations as well as a major financial services firm. Continue Reading
-
Tip
14 Feb 2024
Improve AI security by red teaming large language models
Cyberattacks such as prompt injection pose significant security risks to LLMs, but implementing red teaming strategies can test models' resistance to various cyberthreats. Continue Reading
-
News
13 Feb 2024
Iranian cyberattacks targeting U.S. and Israeli entities
Google said Tuesday that state-backed Iranian actors targeted the U.S. and Israel consistently in the years prior to the start of the Israel-Hamas war as well as the months after. Continue Reading
-
Guest Post
13 Feb 2024
How passwordless helps guard against AI-enhanced attacks
With all the potential of generative AI comes a major downfall: malicious actors using it in attacks. Shifting from password-based authentication can help solve the challenge. Continue Reading
-
Feature
13 Feb 2024
Ransomware preparedness kicks off 2024 summit series
BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here. Continue Reading
-
News
12 Feb 2024
CISA warns Fortinet zero-day vulnerability under attack
CISA alerted federal agencies that a critical zero-day vulnerability in FortiOS is being actively exploited, though Fortinet has yet to confirm reports. Continue Reading
-
Definition
12 Feb 2024
password spraying
Password spraying is a cyberattack tactic that involves a hacker using a single password to try and break into multiple target accounts. Continue Reading
-
Tip
12 Feb 2024
Top metaverse cybersecurity challenges: How to address them
As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
-
Definition
09 Feb 2024
cyberterrorism
Cyberterrorism is usually defined as any premeditated, politically motivated attack against information systems, programs, and data that threatens violence or results in violence. Continue Reading
-
News
08 Feb 2024
NCC Group records the most ransomware victims ever in 2023
Enterprises faced an alarming number of ransomware attacks as gangs targeted supply chains and took advantage of zero-day vulnerabilities and organizations' patching struggles. Continue Reading
-
News
07 Feb 2024
Chainalysis: 2023 a 'watershed' year for ransomware
Chainalysis said ransomware payments ballooned to reach $1.1 billion in 2023, marking a complete reversal from the decline in ransomware payments seen the year prior. Continue Reading
-
Definition
07 Feb 2024
keylogger (keystroke logger or system monitor)
A keylogger, sometimes called a keystroke logger, is a type of surveillance technology used to monitor and record each keystroke on a specific device, such as a computer or smartphone. Continue Reading
-
News
06 Feb 2024
Google: Spyware vendors are driving zero-day exploitation
Google's Threat Analysis Group urged further government action against commercial surveillance vendors that let customers abuse spyware products with impunity. Continue Reading
-
News
06 Feb 2024
Linux group announces Post-Quantum Cryptography Alliance
The Post-Quantum Cryptography Alliance aims to 'drive the advancement and adoption of post-quantum cryptography' and respond to security threats introduced by the emerging tech. Continue Reading
-
Definition
06 Feb 2024
dictionary attack
A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary, or word list, as a password. Continue Reading
-
Guest Post
02 Feb 2024
GenAI development should follow secure-by-design principles
Every company wants a piece of the GenAI pie, but rushing to develop a product without incorporating secure-by-design principles could harm their business and customers. Continue Reading
-
News
01 Feb 2024
Critical infrastructure hacks raise alarms on Chinese threats
FBI Director Christopher Wray and CISA Director Jen Easterly warned that China was targeting critical infrastructure for possible destructive attacks in the event of a conflict with the United States. Continue Reading
-
News
31 Jan 2024
Ivanti discloses new zero-day flaw, releases delayed patches
While Ivanti customers can start patching two previously disclosed vulnerabilities, they must also address two new flaws for the same product. Continue Reading
-
Feature
31 Jan 2024
Top 13 ransomware targets in 2024 and beyond
Two in three organizations suffered ransomware attacks in a single year, according to recent research. And, while some sectors bear the brunt, no one is safe. Continue Reading
-
Feature
31 Jan 2024
9 secure email gateway options for 2024
Finding the best email security gateway is vital to protect companies from cyber attacks. Here's a look at some current market leaders and their standout features. Continue Reading
-
Tip
31 Jan 2024
Top 15 email security best practices for 2024
Attackers exploit email every day to break into corporate networks, but the risk can be reduced by adhering to these 15 email security best practices. Continue Reading
-
Definition
30 Jan 2024
data loss
Data loss is the intentional or unintentional destruction of information. Continue Reading
-
News
30 Jan 2024
Corvus: 2023 was a 'record-breaking' ransomware year
The insurance company analyzed claims data and ransomware gangs' data leak sites, which suggests as many as 7,600 organizations across the globe were attacked in 2023. Continue Reading
-
Feature
30 Jan 2024
Security executives slam Microsoft over latest breach
Criticisms about Microsoft's breach include the lack of multifactor authentication on the targeted account and the company's approach to disclosing information about the attack. Continue Reading
-
Tip
30 Jan 2024
16 common types of cyberattacks and how to prevent them
To stop cybercrime, companies must understand how they're being attacked. Here are the most damaging types of cyberattacks and what to do to prevent them. Continue Reading
-
Tip
29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it
The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
-
News
26 Jan 2024
Microsoft: Legacy account hacked by Russian APT had no MFA
Microsoft has begun notifying other organizations that have been targeted in recent attacks by Midnight Blizzard, a Russian nation-state actor also known as Cozy Bear and APT29. Continue Reading
-
Definition
26 Jan 2024
digital forensics and incident response (DFIR)
Digital forensics and incident response (DFIR) is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events. Continue Reading
-
Feature
26 Jan 2024
The ultimate guide to cybersecurity planning for businesses
This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
-
News
25 Jan 2024
HPE breached by Russian APT behind Microsoft hack
HPE suspects that Cozy Bear, a Russian state-sponsored threat actor also known as Midnight Blizzard and Nobelium, breached its network twice in 2020. Continue Reading
-
Definition
25 Jan 2024
QR code phishing
QR code phishing, or 'quishing,' is a social engineering phishing attack that intentionally deceives its recipient into scanning a QR code, redirecting the person to a bogus website. Continue Reading
-
News
24 Jan 2024
NCSC says AI will increase ransomware, cyberthreats
While other threats are likely to increase as well, the U.K.'s National Cyber Security Centre warns that threat actors will use AI to continue the influx of ransomware attacks. Continue Reading
-
News
23 Jan 2024
Attacks begin on critical Atlassian Confluence vulnerability
Exploitation activity for CVE-2023-22527 marks the third time in four months that a critical Atlassian Confluence flaw has gained threat actors' attention. Continue Reading
-
Tip
23 Jan 2024
How to avoid malware on Linux systems
Malware attacks are devastating to companies, and there is no exception for Linux systems. Consider updating systems and assigning correct permissions. Continue Reading
-
Tip
23 Jan 2024
Building an incident response framework for your enterprise
Understanding incident response framework standards and how to build the best framework for your organization is essential to prevent threats and mitigate cyber incidents. Continue Reading
-
News
22 Jan 2024
Microsoft breached by Russian APT behind SolarWinds attack
Several email accounts belonging to Microsoft senior leadership were accessed as part of the breach, though Microsoft found 'no evidence' of customer environments being accessed. Continue Reading
-
News
19 Jan 2024
Chinese threat group exploited VMware vulnerability in 2021
After VMware confirmed that CVE-2023-34048 had been exploited, Mandiant attributed the activity to a China-nexus threat group and revealed that exploitation began in late 2021. Continue Reading
-
Definition
19 Jan 2024
security incident
A security incident is an event that could indicate that an organization's systems or data have been compromised or that security measures put in place to protect them have failed. Continue Reading
-
News
18 Jan 2024
CISA posts incident response guide for water utilities
In its guide, CISA urged water and wastewater sector utility operators to harden their security posture, increase information sharing and build incident response plans. Continue Reading
-
News
17 Jan 2024
New zero-days in Citrix NetScaler ADC, Gateway under attack
The new vulnerabilities come four months after a variety of threat actors exploited the 'Citrix Bleed' zero-day flaw in NetScaler ADC and Gateway products. Continue Reading
-
News
17 Jan 2024
Google, researchers in dispute over account hijacking attacks
Google disputes aspects of threat research that CloudSEK published last month claiming threat actors are maintaining persistence after hijacking Google user accounts. Continue Reading
-
News
16 Jan 2024
Ivanti zero-day flaws under 'widespread' exploitation
Volexity confirmed that multiple threat actors have exploited two critical Ivanti zero-day vulnerabilities, with 1,700 devices compromised so far. Continue Reading
-
News
11 Jan 2024
Ivanti confirms 2 zero-day vulnerabilities are under attack
Volexity reported the vulnerabilities to Ivanti after discovering that suspected Chinese nation-state threat actors created an exploit chain to achieve remote code execution. Continue Reading
-
Tip
11 Jan 2024
Cloud incident response: Frameworks and best practices
Cloud incident response, like it sounds, involves responding to incidents in the cloud. But there are nuances to be aware of and unique best practices to follow. Continue Reading
-
Definition
10 Jan 2024
vulnerability management
Vulnerability management is the process of identifying, assessing, remediating and mitigating security vulnerabilities in software and computer systems. Continue Reading
-
News
10 Jan 2024
China claims it cracked Apple's AirDrop, can track senders
The flaw used by Chinese researchers to crack Apple's AirDrop encryption was reported to the company in 2019 by researchers at German university TU Darmstadt. Continue Reading
-
News
09 Jan 2024
Account hijacking, cryptocurrency scams spread on X
One company that had its account stolen and used for cryptocurrency scams, CertiK, said it was hacked through a phishing attack from a journalist's compromised account. Continue Reading
-
Feature
09 Jan 2024
How to fix the top 5 cybersecurity vulnerabilities
Check out how to fix five top cybersecurity vulnerabilities to prevent data loss from poor endpoint security, ineffective network monitoring, weak authentication and other issues. Continue Reading
-
Tip
09 Jan 2024
Top 7 enterprise cybersecurity challenges in 2024
Security teams faced unprecedented challenges in 2023. The year ahead appears no less daunting. Here are the cybersecurity trends and safeguards to consider in 2024. Continue Reading
-
Feature
04 Jan 2024
10 of the biggest zero-day attacks of 2023
There were many zero-day vulnerabilities exploited in the wild in 2023. Here's a look at 10 of the most notable and damaging zero-day attacks last year. Continue Reading
-
News
04 Jan 2024
December ransomware attacks disrupt healthcare organizations
Two attacks last month exposed the sensitive information of more than 3 million individuals as ransomware attacks continued to disrupt networks and expose private data. Continue Reading
-
Feature
03 Jan 2024
Ransomware trends, statistics and facts heading into 2024
Supply chain attacks, double extortion and RaaS are just a few of the ransomware trends that will continue to disrupt businesses in 2024. Is your industry a top target? Continue Reading
-
Definition
02 Jan 2024
cybercrime
Cybercrime is any criminal activity that involves a computer, network or networked device. Continue Reading
-
Definition
27 Dec 2023
email signature
An email signature -- or signature block or signature file -- is the short text that appears at the end of an email message to provide more information about the sender. Continue Reading
-
News
27 Dec 2023
Another Barracuda ESG zero-day flaw exploited in the wild
On Christmas Eve, Barracuda disclosed that a China-nexus threat actor had resumed attacks against its Email Security Gateway appliance using a new zero-day vulnerability. Continue Reading
-
News
21 Dec 2023
10 of the biggest ransomware attacks in 2023
Ransomware attacks against U.S. organizations hit record levels this year as threat actors stepped up extortion tactics and took shaming victims to new levels. Continue Reading
-
Feature
20 Dec 2023
Board preparedness: 7 steps to combat cybersecurity threats
In the face of security breaches, organization board members must urgently tackle real-world cyber threats. These seven steps offer crucial preparedness for companies. Continue Reading
-
News
18 Dec 2023
Akamai discloses zero-click exploit for Microsoft Outlook
During research into an older Microsoft Outlook privilege escalation vulnerability, Akamai discovered two new flaws that can be chained for a zero-click RCE exploit. Continue Reading
-
Tip
18 Dec 2023
Generative AI is making phishing attacks more dangerous
Cybercriminals are using AI chatbots such as ChatGPT to launch sophisticated business email compromise attacks. Cybersecurity practitioners must fight fire with fire. Continue Reading
-
News
14 Dec 2023
Russian APT exploiting JetBrains TeamCity vulnerability
The Russian hackers behind the SolarWinds attacks are the latest nation-state group to exploit a critical TeamCity vulnerability to gain initial access to victims' servers. Continue Reading
-
Feature
14 Dec 2023
9 cybersecurity trends to watch in 2024
Analysts are sharing their cybersecurity trends and predictions for 2024. From zero-day attacks to generative AI security and increased regulations, is your organization ready? Continue Reading
-
News
14 Dec 2023
Splunk: AI isn't making spear phishing more effective
While new research shows AI tools won't make it easier for adversaries to conduct successful phishing attacks, social engineering awareness should remain a priority. Continue Reading
-
News
13 Dec 2023
How ransomware gangs are engaging -- and using -- the media
New Sophos research shows that ransomware groups are not only attacking technical systems, but taking advantage of information systems as well to pressure victims into paying. Continue Reading
-
Definition
12 Dec 2023
cyber attack
A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
-
Definition
07 Dec 2023
advanced persistent threat (APT)
An advanced persistent threat (APT) is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. Continue Reading
-
Opinion
06 Dec 2023
How organizations can learn from cloud security breaches
Research shed light on cloud security breaches. It's time to learn from the past and mitigate these attacks in the future with strong cloud security and posture management. Continue Reading
-
News
06 Dec 2023
Forescout uncovers 21 Sierra Wireless router vulnerabilities
Forescout is urging enterprises to patch software for affected OT/IoT routers as attackers increasingly target edge devices to gain network access to critical infrastructure. Continue Reading
-
Definition
05 Dec 2023
cyber resilience
Cyber resilience is the ability of a computing system to identify, respond and recover quickly should it experience a security incident. Continue Reading
-
News
05 Dec 2023
Ransomware ramps up against private sector in November
Ransomware disclosures and reports increased again in November, with the most disruptive and dangerous attacks occurring against healthcare organizations. Continue Reading
-
News
04 Dec 2023
Fancy Bear hackers still exploiting Microsoft Exchange flaw
Microsoft and Polish Cyber Command warned enterprises that Russian nation-state hackers are exploiting CVE-2023-23397 to gain privileged access to Exchange email accounts. Continue Reading
-
Definition
01 Dec 2023
attack surface
An attack surface is the total number of all possible entry points for unauthorized access into any system. Continue Reading
-
News
30 Nov 2023
Black Basta ransomware payments exceed $100M since 2022
Insurance provider Corvus and blockchain analytics vendor Elliptic partnered to examine how much damage the Black Basta ransomware group has caused in less than two years. Continue Reading
-
Definition
28 Nov 2023
timing attack
A timing attack is a type of side-channel attack that exploits the amount of time a computer process runs to gain knowledge about or access a system. Continue Reading
-
News
27 Nov 2023
Threat actors targeting critical OwnCloud vulnerability
Researchers observed exploitation attempts against a vulnerability affecting OwnCloud's Graph API app, highlighting threat actors' continued focus on file-sharing products. Continue Reading
-
Tip
22 Nov 2023
4 data loss examples keeping backup admins up at night
Protecting data is a critical task for backup admins, and threats are ever evolving. Preparation is key to preventing data loss and recovering quickly. Continue Reading
-
News
21 Nov 2023
CISA, FBI warn of LockBit attacks on Citrix Bleed
The latest advisory on exploitation of the Citrix Bleed vulnerability confirmed that the LockBit ransomware group perpetrated the attack on Boeing. Continue Reading
-
News
16 Nov 2023
Alphv ransomware gang claims it reported MeridianLink to SEC
MeridianLink said it recently identified a "cybersecurity incident," but the Alphv ransomware gang claims it breached the company and compromised customer data. Continue Reading
-
Definition
16 Nov 2023
Automated Clearing House fraud (ACH fraud)
ACH fraud is the theft of funds through the U.S. Department of the Treasury's Automated Clearing House financial transaction network. Continue Reading
-
News
15 Nov 2023
VMware discloses critical, unpatched Cloud Director bug
A manual workaround is currently available for a critical VMware Cloud Director Appliance flaw, tracked as CVE-2023-34060, but no patch is available at press time. Continue Reading
-
Tip
15 Nov 2023
How to protect your organization from IoT malware
IoT devices are attractive targets to attackers, but keeping them secure isn't easy. Still, there are steps to take to minimize risk and protect networks from attacks. Continue Reading
-
Tip
15 Nov 2023
Traditional MFA isn't enough, phishing-resistant MFA is key
Not every MFA technique is effective in combating phishing attacks. Enterprises need to consider new approaches to protect end users from fraudulent emails. Continue Reading
-
News
14 Nov 2023
Cryptocurrency wallets might be vulnerable to 'Randstorm' flaw
Cryptocurrency recovery company Unciphered discovered a vulnerability in a JavaScript Bitcoin library that could jeopardize private keys. Continue Reading
-
News
13 Nov 2023
LockBit ransomware gang claims it leaked stolen Boeing data
Boeing confirmed that it experienced a cybersecurity incident following LockBit's claims, but the aircraft manufacturer has not directly confirmed a ransomware attack. Continue Reading
-
News
09 Nov 2023
Lace Tempest exploits SysAid zero-day vulnerability
SysAid urged users to patch a zero-day vulnerability in its on-premises software, which is being exploited by the threat actor behind the MoveIt Transfer ransomware attacks. Continue Reading