Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
News
25 Sep 2024
More Ivanti vulnerabilities exploited in the wild
Three vulnerabilities in Ivanti products have come under attack by unknown threat actors in recent weeks, including two flaws in the company's Cloud Services Appliance. Continue Reading
By- Rob Wright, Senior News Director
-
News
24 Sep 2024
CrowdStrike exec apologizes to Congress, shares updates
CrowdStrike changed the way it rolls out content updates as a result of the global IT outage caused by a faulty update in July. Continue Reading
By- Makenzie Holland, Senior News Writer
-
News
24 Sep 2024
Arkansas City water treatment facility hit by cyberattack
While disruptions are limited, the attack on the water treatment facility highlights how the critical infrastructure sector remains a popular target for threat actors. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
24 Sep 2024
U.S. Army, Lockheed Martin detail SBOM progress
Despite muddied regulatory waters and industry angst over technical stumbling blocks, enterprises are forging ahead with SBOMs, according to presenters at a recent CISA event. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Feature
20 Sep 2024
How to prepare for post-quantum computing security
One of the biggest fears about quantum computing is its ability to easily break current encryption algorithms. Learn why and how to start making quantum security preparations. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
19 Sep 2024
Microsoft warns of Russian election threats, disinformation
As the 2024 U.S. presidential election nears, Microsoft detailed new influence campaigns, such as fake videos aimed at discrediting Vice President Kamala Harris. Continue Reading
By- Arielle Waldman, News Writer
-
News
19 Sep 2024
FBI disrupts another Chinese state-sponsored botnet
The FBI said the massive botnet, which included 260,000 connected devices, was developed and operated by a publicly traded Chinese company named Integrity Technology Group. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
19 Sep 2024
What is quishing (QR code phishing)?
QR code phishing, or 'quishing,' is a social engineering phishing attack that intentionally deceives its recipient into scanning a QR code, redirecting the person to a bogus website. Continue Reading
-
Opinion
18 Sep 2024
Top vulnerability management challenges for organizations
Organizations understand vulnerability management is essential to identifying cyber-risks, but coordinating teams, tools and handling CVEs keeps the pressure on. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Definition
18 Sep 2024
What is email spam and how to fight it?
Email spam, also known as 'junk email,' refers to unsolicited email messages, usually sent in bulk to a large list of recipients. Humans send spam, but more often, botnets are responsible for sending it. Continue Reading
-
News
16 Sep 2024
Windows spoofing flaw exploited in earlier zero-day attacks
Microsoft reveals that CVE-2024-43461, which was disclosed in September's Patch Tuesday, was previously exploited as a zero-day vulnerability in an attack chain. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
13 Sep 2024
How AI could change threat detection
AI is changing technology as we know it. Discover how it's already improving organizations' ability to detect cybersecurity threats and how its benefits could grow as AI matures. Continue Reading
-
Podcast
12 Sep 2024
CTO challenges software security status quo
A former U.S. Department of Homeland Security researcher argues that software is fundamentally broken from a security perspective. So, where does the industry go from here? Continue Reading
By- Beth Pariseau, Senior News Writer
-
Definition
12 Sep 2024
What is threat detection and response (TDR)? Complete guide
Threat detection and response (TDR) is the process of recognizing potential cyberthreats and reacting to them before harm can be done to an organization. Continue Reading
By- Phil Sweeney, Industry Editor
-
News
11 Sep 2024
Microsoft: Zero-day vulnerability rolled back previous patches
On Patch Tuesday, Microsoft addresses a critical zero-day vulnerability that reversed previous fixes for older vulnerabilities and put Windows 10 systems at risk. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
11 Sep 2024
How to prevent vendor email compromise attacks
Vendor email compromise is one of the latest email attacks to hit headlines. Learn how to prevent becoming a victim to this potentially expensive scheme. Continue Reading
-
News
10 Sep 2024
JFrog connects key software supply chain management dots
JFrog ties in with GitHub and Nvidia and ships Runtime Security to offer visibility into software supply chains from source code to production and back again, including AI apps. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
09 Sep 2024
Akira ransomware gang targeting SonicWall VPN accounts
Arctic Wolf recently observed the Akira ransomware gang compromising SonicWall SSL VPN accounts, which could be connected to a critical vulnerability in SonicOS. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
06 Sep 2024
Threat hunting frameworks, techniques and methodologies
Threat hunting's proactive approach plays a vital role in defending against cyberattacks. Learn about the frameworks, methodologies and techniques that make it so effective. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
06 Sep 2024
Ransomware rocked healthcare, public services in August
Ransomware remained a highly disruptive threat last month, as notable attacks claimed victims in healthcare, technology, manufacturing and the public sector. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
05 Sep 2024
What is threat hunting? Key strategies explained
If you are ready to take a more proactive approach to cybersecurity, threat hunting might be a tactic to consider. Here's what security teams should know. Continue Reading
By- Ed Moyle, Drake Software
-
News
03 Sep 2024
FBI: North Korean hackers targeting cryptocurrency employees
North Korean state-sponsored threat actors have been conducting successful social engineering campaigns against cryptocurrency employees over the last several months. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
03 Sep 2024
What is cybercrime and how can you prevent it?
Cybercrime is any criminal activity that involves a computer, network or networked device. Continue Reading
-
News
29 Aug 2024
Russia's APT29 using spyware exploits in new campaigns
A new report from Google TAG suggests that Russia's APT29 is using vulnerability exploits first developed from spyware vendors to target Mongolian government websites. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
29 Aug 2024
How AI will transform vulnerability management for the better
Artificial intelligence is improving how enterprises address security vulnerabilities, resulting in stronger security postures and smaller attack surfaces. Learn more. Continue Reading
By- John Burke, Nemertes Research
-
News
28 Aug 2024
Volt Typhoon exploiting Versa Director zero-day flaw
Lumen Technologies researchers have observed exploitation of CVE-2024-39717 against four U.S. organizations in the ISP, MSP and IT sectors. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
28 Aug 2024
Types of hackers: Black hat, white hat, red hat and more
Black, white and gray hats are familiar to security pros, but as the spectrum evolves to include green, blue, red and purple, things get muddled. Brush up on types of hackers. Continue Reading
By- Sharon Shea, Executive Editor
-
Feature
27 Aug 2024
An overview of storage firmware and the importance of updates
While challenges exist, IT teams that fail to update their storage firmware in a timely manner could put their data and organizations at significant risk. Continue Reading
-
Feature
27 Aug 2024
Infosec industry calls for more public sector collaboration
As cyberattacks continue to rise, infosec professionals address the need to increase private and public sector partnerships to assist law enforcement operations. Continue Reading
By- Arielle Waldman, News Writer
-
News
27 Aug 2024
Port of Seattle grappling with 'possible cyberattack'
A possible cyberattack against Washington's Port of Seattle has caused significant service disruptions to airline travel at the Seattle-Tacoma International Airport. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
26 Aug 2024
Risk & Repeat: National Public Data breach questions remain
The breach of National Public Data may have put billions of personal records at risk, but the scope of the attack and impact on consumers are still unclear. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
26 Aug 2024
5 open source Mitre ATT&CK tools
Security teams that use the Mitre ATT&CK framework should consider using these open source tools to help map attacker techniques to the knowledge base. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
Conference Coverage
23 Aug 2024
The latest from Black Hat USA 2024
Use this guide to Black Hat 2024 to keep up on breaking news, trending topics and expert insights from one of the world's top cybersecurity conferences. Continue Reading
By- Sharon Shea, Executive Editor
-
Answer
22 Aug 2024
Are virtual machines safe for end users?
Virtual machine security is a complicated topic because there are many factors that can determine their security posture. Learn how to evaluate these factors. Continue Reading
By- John Powers, Senior Site Editor
-
News
22 Aug 2024
NCC Group: Ransomware down in June, July YoY
While ransomware activity in July increased from the previous month, NCC Group researchers found the number of attacks was much lower compared to earlier this year. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
21 Aug 2024
Microchip Technology discloses cyberattack, business delays
The microprocessor manufacturer says it detected malicious activity in its network over the weekend, which disrupted business operations and impaired its ability to fulfill orders. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
20 Aug 2024
What is cloud detection and response (CDR)?
Cloud computing requires a security approach that is different than traditional protections. Where does cloud detection and response fit into a cybersecurity strategy? Continue Reading
-
News
20 Aug 2024
U.S. agencies attribute Trump campaign hack to Iran
CISA, the FBI and the Office of the Director of National Intelligence attributed a recent hack-and-leak attack on former President Donald Trump's 2024 election campaign to Iran. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
19 Aug 2024
Guide to data detection and response (DDR)
Data is one of the most important assets in any organization. To truly protect it, you need a DDR strategy. Here's what you need to know, with tips on buying DDR tools. Continue Reading
-
Feature
19 Aug 2024
Social Security number data breach: What you need to know
An estimated 2.9 million Social Security numbers and other PII have been leaked onto the dark web in a National Public Data breach. Continue Reading
-
Tip
19 Aug 2024
EDR vs. MDR vs. XDR: Key differences
One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
By -
Podcast
19 Aug 2024
Generative AI fuels growth of online deepfakes
As generative AI systems and voice cloning apps grow, organizations are seeing a rise in fraudulent calls. Organizations need to be vigilant and plan to deal with these threats. Continue Reading
By- Esther Ajao, News Writer
- Shaun Sutner, News Director
-
News
15 Aug 2024
July ransomware attacks slam public sector organizations
The global IT outage caused by an errant CrowdStrike channel file update dominated security news last month. But there were still plenty of ransomware attacks to go around. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
15 Aug 2024
National Public Data confirms breach, scope unknown
Reports suggest billions of personal records could have been compromised in the attack against data aggregator National Public Data, but the reality is more complicated. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
15 Aug 2024
How to select an MDR security service
With the threat landscape as challenging as it is, organizations are looking for reinforcements. One option is to bolster detection and response via third-party MDR services. Continue Reading
-
News
14 Aug 2024
GitHub Copilot Autofix tackles vulnerabilities with AI
GitHub says Copilot Autofix drastically reduced the median time to remediate vulnerabilities in beta testing from 90 minutes for manual fixes to 28 minutes with the GenAI tool. Continue Reading
By- Rob Wright, Senior News Director
-
News
13 Aug 2024
What the Delta-Crowdstrike lawsuit may mean for IT contracts
The recent exchange of allegations between Delta and CrowdStrike reveals legal arguments Delta could use to recover the massive losses suffered in the CrowdStrike outage. Continue Reading
By- Antone Gonsalves, News Director
-
News
13 Aug 2024
Law enforcement disrupts Radar/Dispossessor ransomware group
The now-disrupted Radar/Dispossessor ransomware gang was launched in August 2023, and its members have targeted dozens of SMBs across critical sectors via dual extortion. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
13 Aug 2024
SIEM vs. SOAR vs. XDR: Evaluate the key differences
SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs. Continue Reading
By -
Podcast
12 Aug 2024
Risk & Repeat: Recapping Black Hat USA 2024
Highlights from Black Hat USA 2024 include a keynote panel on securing election infrastructure as well as several sessions on potential threats against new AI technology. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
09 Aug 2024
Evolving threat landscape influencing cyber insurance market
Many aspects of cyber insurance were addressed throughout Black Hat USA 2024, including changes in the threat landscape that affect policies and coverage. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 Aug 2024
Akamai warns enterprises that VPN attacks will only increase
During Black Hat USA 2024, Akamai's Ori David revealed new VPN post-exploitation techniques that open the attack vector to threat actors of all skill levels. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 Aug 2024
CISA: Election infrastructure has never been more secure
CISA Director Jen Easterly emphasized at Black Hat 2024 that election stakeholders cannot be complacent because 'the threat environment has never been so complex.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
07 Aug 2024
The dangers of voice deepfakes in the November election
The growth of generative AI has led to more audio cloning technology. This could affect the U.S. election. Recent incidents show that existing safeguards are not effective. Continue Reading
By- Esther Ajao, News Writer
-
Answer
07 Aug 2024
What's the best way to protect against HDD failure?
Whatever the reason for failure, HDDs are hard to repair. Admins need to get out in front of potential issues, like the four described here, to prevent prolonged downtime. Continue Reading
-
Guest Post
02 Aug 2024
How to prepare for a secure post-quantum future
Quantum computing is expected to arrive within the next decade and break current cryptographic algorithms. SANS' Andy Smith explains how to start securing your company now. Continue Reading
By- Andy Smith, SANS Institute instructor
-
News
30 Jul 2024
Microsoft: Ransomware gangs exploiting VMware ESXi flaw
VMware ESXi has proven to be a popular target for ransomware threat actors and a challenge for enterprises to patch. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
29 Jul 2024
Evolving ZeroFont phishing attacks target Outlook users
Threat actors are using a new twist on a longtime phishing tactic to compel corporate end users to open malicious emails. Learn how ZeroFont attacks work and how to prevent them. Continue Reading
By- Amy Larsen DeCarlo, GlobalData
-
Video
29 Jul 2024
An explanation of romance scams (pig butchering)
Pig butchering is a scam that exploits virtual relationships to deceive and steal money. Continue Reading
By- Tommy Everson, Assistant Editor
-
Definition
26 Jul 2024
What is a computer exploit?
A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or network system. Continue Reading
By -
Definition
26 Jul 2024
What is malware? Prevention, detection and how attacks work
Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server. Continue Reading
By- Kinza Yasar, Technical Writer
- Ben Lutkevich, Site Editor
-
Video
25 Jul 2024
An explanation of Flipper Zero
Flipper Zero is both a tool for pen testers and a learning device for new hackers. Continue Reading
By- Tommy Everson, Assistant Editor
-
Feature
24 Jul 2024
10 social media scams and how to avoid them
Discover how fraudsters are using social media platforms to steal personal and financial information from unsuspecting users. Continue Reading
By- Samantha Poutre, Former Editorial Assistant
-
Tip
24 Jul 2024
How to implement an attack surface management program
Keeping attackers away from corporate assets means keeping constant vigilance over the organization's attack surface. An attack surface management program can help. Continue Reading
By -
News
23 Jul 2024
Dragos: New ICS malware FrostyGoop abuses Modbus
Dragos published research Tuesday unveiling an industrial control systems-focused malware it dubbed FrostyGoop that targets Modbus to disrupt critical infrastructure. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
23 Jul 2024
The ultimate guide to cybersecurity planning for businesses
This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
By- Craig Stedman, Industry Editor
-
Definition
22 Jul 2024
What is exposure management?
Exposure management is a cybersecurity approach to protecting exploitable IT assets. Continue Reading
By- Kyle Johnson, Technology Editor
-
Tip
22 Jul 2024
Cloud detection and response: CDR vs. EDR vs. NDR vs. XDR
Cloud detection and response is the latest detection and response tool. Explore how it differs from endpoint, network and extended detection and response tools. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Opinion
19 Jul 2024
CrowdStrike chaos casts a long shadow on cybersecurity
As organizations recover from today’s outages, the cybersecurity industry will need to develop new security software evaluation criteria and requirements and learn to parlay risks. Continue Reading
By- Dave Gruber, Principal Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Opinion
19 Jul 2024
Is today's CrowdStrike outage a sign of the new normal?
A CrowdStrike update with a faulty sensor file has global implications for Windows systems. But competitors need to limit the finger-pointing in case it happens to them. Continue Reading
By- Gabe Knuth, Senior Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Answer
19 Jul 2024
How to protect port 139 from SMB attacks
Keeping port 139 open is perfectly normal -- but only for good reason. Without the proper protections, it can present a major security risk. Continue Reading
By -
News
18 Jul 2024
Fin7 helps ransomware gangs with EDR bypass
SentinelOne found the Russia-based cybercriminal group is helping other threat actors, including ransomware gangs, to evade detection with a custom tool named AvNeutralizer. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
18 Jul 2024
What dangling pointers are and how to avoid them
Plenty of legacy systems are vulnerable to attackers looking for dangling pointers to gain unauthorized access. Learn how to identify dangling pointers and protect your network. Continue Reading
By -
News
17 Jul 2024
NullBulge threat actor targets software supply chain, AI tech
SentinelOne published new research detailing NullBulge, an emerging ransomware actor that recently claimed to have stolen data from Disney's internal Slack channels. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
17 Jul 2024
The CDK Global outage: Explaining how it happened
CDK Global was hit with a ransomware attack affecting thousands of U.S. auto dealerships. Keep reading to learn more about this attack and how it affected the industry. Continue Reading
-
Podcast
16 Jul 2024
Risk & Repeat: AT&T's Snowflake database breached
AT&T disclosed a breach in which threat actors compromised the company's Snowflake instance and stole call and text records from 'nearly all' the company's cellular customers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
15 Jul 2024
Experts weigh in on Snowflake database MFA features
In response to a wave of recent attacks on customers, Snowflake introduces new authentication offerings that enable administrators to require MFA for all user accounts. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Video
12 Jul 2024
An explanation of Trojan horse
Trojan horses are a type of malware that can take control of your computer and even access your camera. Continue Reading
By- Tommy Everson, Assistant Editor
-
News
11 Jul 2024
Ransomware gangs increasingly exploiting vulnerabilities
New research from Cisco Talos highlighted three of the most popular known vulnerabilities that were exploited by ransomware gangs for initial access during 2023 and 2024. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 Jul 2024
Check Point sheds light on Windows MSHTML zero-day flaw
A Check Point Software Technologies researcher who discovered CVE-2024-38112 said the Windows spoofing vulnerability may have been exploited as far back at January 2023. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
09 Jul 2024
Microsoft fixes 2 zero-days in massive July Patch Tuesday
Microsoft disclosed and patched a whopping 142 vulnerabilities in a busy Patch Tuesday that included two zero-day flaws under active exploitation in the wild. Continue Reading
By- Rob Wright, Senior News Director
-
News
09 Jul 2024
Governments issue warning on China's APT40 attacks
Government agencies say APT40 continues to pose significant risk to organizations across the globe by exploiting vulnerabilities in public-facing applications. Continue Reading
By- Arielle Waldman, News Writer
-
Podcast
09 Jul 2024
Risk & Repeat: Hacks, lies and LockBit
Months after an international law enforcement effort disrupted the notorious ransomware-as-a-service operation, LockBit falsely claimed that it breached the U.S. Federal Reserve. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
09 Jul 2024
Use these 6 user authentication types to secure networks
One layer of security that all networks and applications need is authentication. Read up on six authentication types, from 2FA to biometrics to certificates. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
08 Jul 2024
Ransomware hits CDK Global, public sector targets in June
The prevalent threat continued to cause disruptions last month as city halls were forced to close and auto dealerships faced downstream effects after an attack against CDK Global. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
08 Jul 2024
How API attacks work, plus 5 common types
A growing number of API attacks put enterprises at risk of serious data breaches. Learn how these attacks work, and explore some API security best practices. Continue Reading
By- Rob Shapland, Falanx Cyber
-
Definition
05 Jul 2024
What is a cyber attack? How they work and how to stop them
A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Mary K. Pratt
-
Tip
05 Jul 2024
16 common types of cyberattacks and how to prevent them
To stop cybercrime, companies must understand how they're being attacked. Here are the most damaging types of cyberattacks and what to do to prevent them. Continue Reading
By -
Feature
03 Jul 2024
RSA security conference video roundup: 2024 perspectives
We chatted on camera with attendees and presenters at RSAC 2024. To get the highlights of one of the world's major cybersecurity conferences, check out this video collection. Continue Reading
By- Brenda L. Horrigan, Executive Managing Editor
-
News
01 Jul 2024
Critical OpenSSH vulnerability could affect millions of servers
Exploitation against CVE-2024-6387, which Qualys nicknamed 'regreSSHion,' could let attackers bypass security measures and gain root access to vulnerable servers. Continue Reading
By- Arielle Waldman, News Writer
-
News
27 Jun 2024
Supply chain attacks conducted through Polyfill.io service
In February, a Chinese company named Funnell bought the Polyfill.io domain, which sparked concerns in the infosec community about potential supply chain threats. Continue Reading
By- Arielle Waldman, News Writer
-
News
26 Jun 2024
LockBit claim about hacking U.S. Federal Reserve fizzles
Evolve Bank & Trust confirmed that it was affected by a cybersecurity-related incident, but has not yet said whether the LockBit ransomware gang was responsible. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
26 Jun 2024
MoveIt Transfer vulnerability targeted amid disclosure drama
Progress Software's MoveIt Transfer is under attack again, just one year after a Clop ransomware actor exploited a different zero-day MoveIt flaw against thousands of customers. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
26 Jun 2024
12 common types of malware attacks and how to prevent them
The umbrella term malware is one of the greatest cybersecurity threats enterprises face. Learn about 12 common types of malware and how to prevent them. Continue Reading
By- Sharon Shea, Executive Editor
- Isabella Harford, TechTarget
-
Tip
25 Jun 2024
Best practices for protection from ransomware in cloud storage
Cybercriminals are getting smarter and evolving their enterprise attacks. Be proactive -- get out in front of ransomware in cloud storage before the attack occurs. Continue Reading
By- Julia Borgini, Spacebarpress Media
-
News
25 Jun 2024
CISA discloses breach of Chemical Security Assessment Tool
The breach, which CISA first disclosed in March, stemmed from Ivanti zero-day vulnerabilities that a Chinese nation-state threat actor first exploited in January. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
25 Jun 2024
EDR vs. antivirus: What's the difference?
Endpoint detection and response and antivirus tools both protect enterprise networks, and both have distinct advantages. Which is better for your organization? Continue Reading
By- Ravi Das, RaviDas.Tech Inc.
-
Definition
25 Jun 2024
What is security information and event management (SIEM)?
Security information and event management (SIEM) is an approach to security management that combines security information management (SIM) and security event management (SEM) functions into one security management system. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
-
News
21 Jun 2024
Biden administration bans Kaspersky Lab products in US
The Biden administration announced a ban on Kaspersky Lab products inside the United States due to the antivirus vendor's ties with the Russian government. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
20 Jun 2024
SolarWinds Serv-U vulnerability under attack
The Centre for Cybersecurity Belgium observed exploitation against CVE-2024-28995, a high-severity vulnerability in SolarWind's Serv-U file transfer product. Continue Reading
By- Arielle Waldman, News Writer
-
News
20 Jun 2024
Phoenix SecureCore UEFI firmware bug affects Intel processors
Multiple Intel processors and hundreds of PC models are potentially vulnerable to a recently disclosed vulnerability in Phoenix SecureCore UEFI firmware. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
20 Jun 2024
How Amazon's decision to ditch Active Directory paid off
Amazon's decision to build its own identity and access management system was an expensive one, but an infamous supply chain attack validated the move. Continue Reading
By- Rob Wright, Senior News Director