Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
News
25 Apr 2024
Risk & Repeat: Change Healthcare's bad ransomware bet
This Risk & Repeat podcast discusses Change Healthcare's ransomware attack and the apparent further spread of sensitive data despite the company paying a ransom. Continue Reading
-
News
25 Apr 2024
Cisco zero-day flaws in ASA, FTD software under attack
Cisco revealed that a nation-state threat campaign dubbed 'ArcaneDoor' exploited two zero-day vulnerabilities in its Adaptive Security Appliance and Firepower Threat Defense products. Continue Reading
-
News
24 Apr 2024
Critical CrushFTP zero-day vulnerability under attack
While a patch is now available, a critical CrushFTP vulnerability came under attack as a zero-day and could allow attackers to exfiltrate all files on the server. Continue Reading
-
News
24 Apr 2024
Coalition: Insurance claims for Cisco ASA users spiked in 2023
Coalition urged enterprises to be cautious when using Cisco and Fortinet network boundary devices as attackers can leverage the attack vectors to gain initial access. Continue Reading
-
News
24 Apr 2024
GitHub vulnerability leaks sensitive security reports
The vulnerability is triggered when GitHub users correct code or other mistakes they discover on repositories. But GitHub does not believe it warrants a fix. Continue Reading
-
Tip
24 Apr 2024
Traditional MFA isn't enough, phishing-resistant MFA is key
Not every MFA technique is effective in combating phishing attacks. Enterprises need to consider new approaches to protect end users from fraudulent emails. Continue Reading
-
News
23 Apr 2024
U.S. cracks down on commercial spyware with visa restrictions
The move marks the latest effort by the U.S. government to curb the spread of commercial spyware, which has been used to target journalists, politicians and human rights activists. Continue Reading
-
Tip
23 Apr 2024
Creating a patch management policy: Step-by-step guide
A comprehensive patch management policy is insurance against security vulnerabilities and bugs in networked hardware and software that can disrupt your critical business processes. Continue Reading
-
News
23 Apr 2024
Mandiant: Attacker dwell time down, ransomware up in 2023
Mandiant's 'M-Trends' 2024 report offered positive signs for global cybersecurity but warned that threat actors are shifting to zero-day exploitation and evasion techniques. Continue Reading
-
News
22 Apr 2024
Mitre breached by nation-state threat actor via Ivanti flaws
An unnamed nation-state threat actor breached Mitre through two Ivanti Connect Secure zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, disclosed earlier this year. Continue Reading
-
News
19 Apr 2024
CISA: Akira ransomware extorted $42M from 250+ victims
The Akira ransomware gang, which utilizes sophisticated hybrid encryption techniques and multiple ransomware variants, targeted vulnerable Cisco VPNs in a campaign last year. Continue Reading
-
News
18 Apr 2024
Cisco discloses high-severity vulnerability, PoC available
The security vendor released fixes for a vulnerability that affects Cisco Integrated Management Controller, which is used by devices including routers and servers. Continue Reading
-
News
17 Apr 2024
Mandiant upgrades Sandworm to APT44 due to increasing threat
Over the past decade, Sandworm has been responsible for high-severity attacks that highlight the group's persistence, evasion techniques and threat to government bodies. Continue Reading
-
News
12 Apr 2024
CISA: Midnight Blizzard obtained federal agency emails
CISA ordered U.S. federal agencies to reset any credentials exposed by Midnight Blizzard's breach against Microsoft and notify CISA in the case of a known or suspected compromise. Continue Reading
-
News
12 Apr 2024
Palo Alto Networks discloses RCE zero-day vulnerability
Threat actors have exploited the remote code injection flaw, which affects the GlobalProtect gateway in Palo Alto Networks' PAN-OS software, in a 'limited' number of attacks. Continue Reading
-
Conference Coverage
11 Apr 2024
RSA Conference 2024 focuses on collaboration, resilience
Follow TechTarget Security's RSAC 2024 guide for pre-conference insights and the most pressing presentations and breaking news at the world's biggest infosec event. Continue Reading
-
Opinion
10 Apr 2024
5 trends in the cyber insurance evolution
As cyber insurance companies evolve, they will wield more power throughout the industry. Check out five areas where cyber insurance trends are changing the cybersecurity market. Continue Reading
-
Definition
10 Apr 2024
fraud detection
Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses. Continue Reading
-
News
09 Apr 2024
Unit 42: Malware-initiated scanning attacks on the rise
Palo Alto Networks' research team warned of threat actors compromising one victim and then using that victim's resources to discreetly scan for vulnerabilities on other systems. Continue Reading
-
Feature
09 Apr 2024
Why the Keitaro TDS keeps causing security headaches
Keitaro insists it is on the side of the law, but threat actors continue to flock to the software company's traffic distribution system to redirect users to malicious domains. Continue Reading
-
News
08 Apr 2024
Flaws in legacy D-Link NAS devices under attack
Internet scans show threat actors are targeting CVE-2024-3273 in thousands of end-of-life D-Link NAS devices, and exploitation requires no authentication. Continue Reading
-
Podcast
05 Apr 2024
Risk & Repeat: Cyber Safety Review Board takes Microsoft to task
This podcast episode discusses the Cyber Safety Review Board's report on Microsoft and its conclusion that the software giant must overhaul its security culture. Continue Reading
-
News
04 Apr 2024
Ransomware attacks ravaged municipal governments in March
Many municipalities across the U.S. faced network outages, data breaches and large ransom demands following a flurry of ransomware attacks last month. Continue Reading
-
News
04 Apr 2024
Infosec professionals praise CSRB report on Microsoft breach
Security professionals and executives weigh in on how the Cyber Safety Review Board handled its investigation into Microsoft and what it could mean for the tech giant. Continue Reading
-
Tip
04 Apr 2024
5 top OT threats and security challenges
Securing operational technology is particularly critical but also especially challenging. Consider these top OT threats and how to manage them. Continue Reading
-
News
03 Apr 2024
Cyber Safety Review Board slams Microsoft security failures
The Department of Homeland Security's Cyber Safety Review Board said a 'cascade' of errors at Microsoft allowed nation-state hackers to access U.S. government emails last year. Continue Reading
-
News
03 Apr 2024
Trend Micro: LockBit ransomware gang's comeback is failing
LockBit is struggling to resume operations in part due to the name-and-shame aspect of the international law enforcement operation responsible for the gang's disruption. Continue Reading
-
Tip
02 Apr 2024
Cloud computing forensics techniques for evidence acquisition
With the proper tools and methodologies, security teams can provide analysts with the critical pieces required to complete cloud computing forensics investigations. Continue Reading
-
News
01 Apr 2024
XZ backdoor discovery reveals Linux supply chain attack
A maintainer for XZ, a popular open source compression library for Linux distributions, compromised the open source project over the course of two years. Continue Reading
-
News
29 Mar 2024
Typosquatting campaign, malicious packages slam PyPI
Threat actors used automated typosquatting attacks to lead victims to malicious python packages in yet another campaign targeting the open-source software supply chain. Continue Reading
-
Opinion
28 Mar 2024
5 areas to help secure your cyber-risk management program
To meet the challenges of managing cyber-risk, organizations need to have a cyber-risk management plan in place. Look at five areas to better secure your organization's assets. Continue Reading
-
Tip
28 Mar 2024
Microsoft Teams phishing attacks and how to prevent them
Users who think phishing happens only over email should think again. Learn about recent Microsoft Teams phishing attacks and how to defend against them. Continue Reading
-
News
27 Mar 2024
Spyware vendors behind 75% of zero-days targeting Google
Google observed 97 zero-day vulnerabilities exploited in the wild last year, which was more than a 50% increase over the 62 exploited zero-day vulnerabilities tracked in 2022. Continue Reading
-
News
27 Mar 2024
Unpatched flaw in Anyscale's Ray AI framework under attack
Oligo Security researchers say thousands of Ray servers have been compromised through the flaw, but Anyscale said it has received no reports of exploitation. Continue Reading
-
News
27 Mar 2024
Flashpoint observes 84% surge in ransomware attacks in 2023
The threat intelligence vendor anticipates that enterprises will continue to face increases in ransomware activity and data breaches in 2024, with some silver linings ahead. Continue Reading
-
News
26 Mar 2024
SQL injection vulnerability in Fortinet software under attack
Fortinet and CISA confirmed CVE-2023-48788 is being actively exploited. But the Shadowserver Foundation found that many vulnerable instances remain online. Continue Reading
-
News
26 Mar 2024
Top.gg supply chain attack highlights subtle risks
Threat actors used fake Python infrastructure and cookie stealing to poison multiple GitHub code repositories, putting another spotlight on supply chain risks. Continue Reading
-
Report
25 Mar 2024
35 cybersecurity statistics to lose sleep over in 2024
Here are 35 eye-opening cybersecurity stats from dozens of security experts -- on crime, jobs and trends -- to consider while developing your 2024 security plan. Continue Reading
-
News
22 Mar 2024
'GoFetch' attack spells trouble for Apple M-series chips
Academic researchers discovered a hardware optimization feature called 'data memory-dependent prefetcher' could be abused to extract secret encryption keys from vulnerable systems. Continue Reading
-
News
21 Mar 2024
AWS fixes 'FlowFixation' vulnerability for account hijacking
A Tenable researcher discovered a session fixation flaw in AWS Managed Workflows for Apache Airflow that, combined with a misconfiguration, could enable account hijacking. Continue Reading
-
News
21 Mar 2024
NCC Group: Ransomware attacks jump 73% in February
While NCC Group expected an increase in ransomware attacks from January to February, year-over-year data showed just how persistent the threat is to enterprises. Continue Reading
-
Tip
21 Mar 2024
10 remote work cybersecurity risks and how to prevent them
Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
-
News
20 Mar 2024
CISA urges defensive actions against Volt Typhoon threats
The U.S. cybersecurity agency advised critical infrastructure leaders to adopt several best practices and defensive measures to protect against Chinese state-sponsored attacks. Continue Reading
-
Tip
20 Mar 2024
How to defend against phishing as a service and phishing kits
Phishing is a perennial thorn in the side of enterprise security. Thanks to phishing-as-a-service offerings and phishing kits, the problem will only get worse. Continue Reading
-
Tip
19 Mar 2024
EDR vs. antivirus: What's the difference?
Endpoint detection and response and antivirus tools both protect enterprise networks, and both have distinct advantages. Which is better for your organization? Continue Reading
-
News
18 Mar 2024
Exploitation activity increasing on Fortinet vulnerability
The Shadowserver Foundation recently saw an increase in exploitation activity for CVE-2024-21762, two days after a proof-of-concept exploit was published. Continue Reading
-
News
18 Mar 2024
GitOps users warned to patch 3 new Argo CD CVEs
Three recently identified vulnerabilities, one designated high severity, now have fixes following a lengthy disclosure process and disagreements about their real-world risk. Continue Reading
-
Definition
15 Mar 2024
virus (computer virus)
A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an infected system and it often propagates to other systems, much like a biological virus spreads from host to host. Continue Reading
-
Feature
14 Mar 2024
JetBrains, Rapid7 clash over vulnerability disclosure policies
In a blog post this week, JetBrains argued that attacks on TeamCity customers were the result of Rapid7 publishing the full technical details of two critical vulnerabilities. Continue Reading
-
Definition
14 Mar 2024
virus signature (virus definition)
A virus signature, also known as a 'virus definition,' is a piece of code with a unique binary pattern that identifies a computer virus or family of viruses. Continue Reading
-
Tip
14 Mar 2024
How to craft a generative AI security policy that works
The advent of generative AI threatens to poke additional holes in your cybersecurity strategy. Compiling a GenAI-based security policy to guide your responses can help. Continue Reading
-
Podcast
13 Mar 2024
Risk & Repeat: CISA hacked via Ivanti vulnerabilities
The compromise of two internal CISA systems comes on the heels of ongoing attacks and developments related to two zero-day vulnerabilities Ivanti disclosed in January. Continue Reading
-
Tip
13 Mar 2024
How data poisoning attacks work
Generative AI brings business opportunities to the enterprise but also security risks. Learn about an evolving attack vector called data poisoning and how it works. Continue Reading
-
News
13 Mar 2024
Researchers warn devs of vulnerabilities in ChatGPT plugins
OpenAI and two third-party providers fixed vulnerabilities in the experimental ChatGPT plugins framework, but Salt Security researchers caution devs that security risks persist. Continue Reading
-
Tip
13 Mar 2024
4 types of prompt injection attacks and how they work
Compromised LLMs can expose sensitive corporate data and put organizations' reputations at risk. Learn about four types of prompt injection attacks and how they work. Continue Reading
-
News
12 Mar 2024
LockBit attacks continue via ConnectWise ScreenConnect flaws
Coalition is latest company to confirm LockBit activity against vulnerable ScreenConnect instances. But the insurer found significant differences between previous LockBit attacks. Continue Reading
-
News
11 Mar 2024
CISA confirms compromise of its Ivanti systems
CISA said that approximately one month ago, it identified 'activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses.' Continue Reading
-
Podcast
07 Mar 2024
Risk & Repeat: Alphv/BlackCat's chaotic exit (scam)
This podcast episode discusses the possible exit scam of ransomware-as-a-service gang Alphv/BlackCat, as well as the chaotic months the gang had leading up to its closure. Continue Reading
-
News
06 Mar 2024
Apple discloses 2 iOS zero-day vulnerabilities
CVE-2024-23225 and CVE-2024-23296, which bypass kernel memory protections, mark the second and third zero-day vulnerabilities that Apple has disclosed and patched this year. Continue Reading
- Definition 06 Mar 2024
-
Tip
06 Mar 2024
Explore mitigation strategies for 10 LLM vulnerabilities
As large language models enter more enterprise environments, it's essential for organizations to understand the associated security risks and how to mitigate them. Continue Reading
-
News
05 Mar 2024
Alphv/BlackCat leak site goes down in possible exit scam
An Alphv/BlackCat affiliate accused the ransomware gang of stealing a ransom payment worth more than $20 million that may have been obtained in the Change Healthcare attack. Continue Reading
-
News
05 Mar 2024
Critical JetBrains TeamCity vulnerabilities under attack
Exploitation activity has started against two vulnerabilities in JetBrains TeamCity, which has been targeted previously by nation-state threat actors such as Russia's Cozy Bear. Continue Reading
-
Tip
05 Mar 2024
DoS vs. DDoS: How they differ and the damage they cause
DoS and DDoS attacks may not be new, but that doesn't mean they are any less disruptive to organizations. Companies should understand what they are and how they work. Continue Reading
-
News
04 Mar 2024
LockBit, Alphv/BlackCat highlight February ransomware activity
With events surrounding the LockBit and Alphv/BlackCat gangs and the ConnectWise ScreenConnect flaws, ransomware activity continues this year after a surge in 2023. Continue Reading
-
Tip
01 Mar 2024
How dynamic malware analysis works
Security teams use dynamic malware analysis to uncover how malware works -- and thereby improve threat hunting and incident detection capabilities. Continue Reading
-
Definition
29 Feb 2024
phishing
Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person in an email or other form of communication. Continue Reading
-
Podcast
27 Feb 2024
Risk & Repeat: LockBit resurfaces after takedown
LockBit returns just days after an international law enforcement operation infiltrated the ransomware gang's network and seized infrastructure, source code and decryption keys. Continue Reading
-
News
27 Feb 2024
Ransomware gangs exploiting ConnectWise ScreenConnect flaws
Ransomware activity is ramping up against vulnerable ScreenConnect systems as Black Basta and Bl00dy threat actors were observed exploiting the vulnerabilities. Continue Reading
-
News
26 Feb 2024
LockBit restores servers following law enforcement takedown
Law enforcement agencies last week announced a takedown of the LockBit ransomware gang that involved the seizure of servers, websites and decryption keys, as well as two arrests. Continue Reading
-
News
23 Feb 2024
GitHub Copilot replicating vulnerabilities, insecure code
Research from Snyk shows that AI assistants such as GitHub Copilot, which offer code completion suggestions, often amplify existing bugs and security issues in a user's codebase. Continue Reading
-
News
22 Feb 2024
ConnectWise ScreenConnect flaws under attack, patch now
Huntress said in a blog post this week that the ConnectWise ScreenConnect flaws, which have come under attack, were 'trivial and embarrassingly easy' for a threat actor to exploit. Continue Reading
-
Definition
22 Feb 2024
cybersecurity
Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats. Continue Reading
-
News
21 Feb 2024
Coalition: Vulnerability scoring systems falling short
Coalition said enterprises faced more substantial fallout from attacks on Citrix Bleed and Progress Software's MoveIt Transfer due to inadequate vulnerability prioritization. Continue Reading
-
News
21 Feb 2024
CrowdStrike 'Global Threat Report': Cloud intrusions up 75%
This year's report covered cloud intrusions, data extortion attacks, and the ongoing conflict between Israel and Hamas. Continue Reading
-
News
15 Feb 2024
Ransomware disrupts utilities, infrastructure in January
Ransomware attacks last month caused outages and disruptions at public sector and critical infrastructure organizations as well as a major financial services firm. Continue Reading
-
Tip
14 Feb 2024
Improve AI security by red teaming large language models
Cyberattacks such as prompt injection pose significant security risks to LLMs, but implementing red teaming strategies can test models' resistance to various cyberthreats. Continue Reading
-
News
13 Feb 2024
Iranian cyberattacks targeting U.S. and Israeli entities
Google said Tuesday that state-backed Iranian actors targeted the U.S. and Israel consistently in the years prior to the start of the Israel-Hamas war as well as the months after. Continue Reading
-
Guest Post
13 Feb 2024
How passwordless helps guard against AI-enhanced attacks
With all the potential of generative AI comes a major downfall: malicious actors using it in attacks. Shifting from password-based authentication can help solve the challenge. Continue Reading
-
Feature
13 Feb 2024
Ransomware preparedness kicks off 2024 summit series
BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here. Continue Reading
-
News
12 Feb 2024
CISA warns Fortinet zero-day vulnerability under attack
CISA alerted federal agencies that a critical zero-day vulnerability in FortiOS is being actively exploited, though Fortinet has yet to confirm reports. Continue Reading
-
Definition
12 Feb 2024
password spraying
Password spraying is a cyberattack tactic that involves a hacker using a single password to try and break into multiple target accounts. Continue Reading
-
Tip
12 Feb 2024
Top metaverse cybersecurity challenges: How to address them
As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
-
Definition
09 Feb 2024
cyberterrorism
Cyberterrorism is usually defined as any premeditated, politically motivated attack against information systems, programs, and data that threatens violence or results in violence. Continue Reading
-
News
08 Feb 2024
NCC Group records the most ransomware victims ever in 2023
Enterprises faced an alarming number of ransomware attacks as gangs targeted supply chains and took advantage of zero-day vulnerabilities and organizations' patching struggles. Continue Reading
-
News
07 Feb 2024
Chainalysis: 2023 a 'watershed' year for ransomware
Chainalysis said ransomware payments ballooned to reach $1.1 billion in 2023, marking a complete reversal from the decline in ransomware payments seen the year prior. Continue Reading
-
Definition
07 Feb 2024
keylogger (keystroke logger or system monitor)
A keylogger, sometimes called a keystroke logger, is a type of surveillance technology used to monitor and record each keystroke on a specific device, such as a computer or smartphone. Continue Reading
-
News
06 Feb 2024
Google: Spyware vendors are driving zero-day exploitation
Google's Threat Analysis Group urged further government action against commercial surveillance vendors that let customers abuse spyware products with impunity. Continue Reading
-
News
06 Feb 2024
Linux group announces Post-Quantum Cryptography Alliance
The Post-Quantum Cryptography Alliance aims to 'drive the advancement and adoption of post-quantum cryptography' and respond to security threats introduced by the emerging tech. Continue Reading
-
Definition
06 Feb 2024
dictionary attack
A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary, or word list, as a password. Continue Reading
-
Guest Post
02 Feb 2024
GenAI development should follow secure-by-design principles
Every company wants a piece of the GenAI pie, but rushing to develop a product without incorporating secure-by-design principles could harm their business and customers. Continue Reading
-
News
01 Feb 2024
Critical infrastructure hacks raise alarms on Chinese threats
FBI Director Christopher Wray and CISA Director Jen Easterly warned that China was targeting critical infrastructure for possible destructive attacks in the event of a conflict with the United States. Continue Reading
-
News
31 Jan 2024
Ivanti discloses new zero-day flaw, releases delayed patches
While Ivanti customers can start patching two previously disclosed vulnerabilities, they must also address two new flaws for the same product. Continue Reading
-
Feature
31 Jan 2024
Top 13 ransomware targets in 2024 and beyond
Two in three organizations suffered ransomware attacks in a single year, according to recent research. And, while some sectors bear the brunt, no one is safe. Continue Reading
-
Feature
31 Jan 2024
9 secure email gateway options for 2024
Finding the best email security gateway is vital to protect companies from cyber attacks. Here's a look at some current market leaders and their standout features. Continue Reading
-
Tip
31 Jan 2024
Top 15 email security best practices for 2024
Attackers exploit email every day to break into corporate networks, but the risk can be reduced by adhering to these 15 email security best practices. Continue Reading
-
Definition
30 Jan 2024
data loss
Data loss is the intentional or unintentional destruction of information. Continue Reading
-
News
30 Jan 2024
Corvus: 2023 was a 'record-breaking' ransomware year
The insurance company analyzed claims data and ransomware gangs' data leak sites, which suggests as many as 7,600 organizations across the globe were attacked in 2023. Continue Reading
-
Feature
30 Jan 2024
Security executives slam Microsoft over latest breach
Criticisms about Microsoft's breach include the lack of multifactor authentication on the targeted account and the company's approach to disclosing information about the attack. Continue Reading
-
Tip
30 Jan 2024
16 common types of cyberattacks and how to prevent them
To stop cybercrime, companies must understand how they're being attacked. Here are the most damaging types of cyberattacks and what to do to prevent them. Continue Reading
-
Tip
29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it
The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
-
News
26 Jan 2024
Microsoft: Legacy account hacked by Russian APT had no MFA
Microsoft has begun notifying other organizations that have been targeted in recent attacks by Midnight Blizzard, a Russian nation-state actor also known as Cozy Bear and APT29. Continue Reading