Remote-access tools the intrusion point to blame for most ransomware attacks

Self-managed VPNs from Cisco and Citrix were 11 times more likely to be linked to a ransomware attack last year, At-Bay research found.

By Matt Kapko • May 16, 2024

Black Basta ransomware is toying with critical infrastructure providers, authorities say

The threat group has impacted more than 500 targets worldwide and the vast majority of critical infrastructure sectors.  Numerous attacks have exploited vulnerabilities in ConnectWise ScreenConnect.

By David Jones • May 13, 2024

Generative AI is a looming cybersecurity threat

Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention. 

By Jen A. Miller , Naomi Eide • May 8, 2024

China-linked attackers are successfully targeting network security devices, worrying officials

Espionage groups linked to China are heavily exploiting zero days, focusing on devices that lack endpoint detection and response capabilities, one expert said.

By Matt Kapko • May 7, 2024

CISA, FBI urge software companies to eliminate directory traversal vulnerabilities

The software defects are linked to recent exploitation campaigns against critical infrastructure providers, including healthcare and schools. 

By David Jones • May 7, 2024

5 considerations for securing your software supply chain

Do you know what’s in your code? These five considerations should help you drive your security activities and identify weak points in your software supply chain.

By Mike McGuire, Sr. Software Solution Manager, Synopsys • May 6, 2024

CISA warned 1,750 organizations of ransomware vulnerabilities last year. Only half took action.

More than half of CISA's ransomware vulnerability warning pilot alerts were sent to government facilities, healthcare and public health organizations.

By Matt Kapko • May 1, 2024

CVE exploitation nearly tripled in 2023, Verizon finds

Threat actors are going after critical security flaws in widely used applications, but human error is still at the root of business security woes.

By David Jones • May 1, 2024

Cactus ransomware targets a handful of Qlik Sense CVEs

Security researchers warn the threat group is ramping up exploitation of previously disclosed flaws in the cloud platform.

By David Jones • April 29, 2024

What to do when your team is struggling to manage too many application security vendors

A good ASPM solution will correlate and analyze data from a variety of sources, allow you to administer and orchestrate security tools, and automate your security policies.

April 29, 2024

Cisco devices again targeted by state-linked threat campaign

The campaign, dubbed ArcaneDoor, dates back to late 2023 and is targeting perimeter network devices from Cisco — and potentially other companies.

By David Jones • April 25, 2024

Zero-day exploits hit CrushFTP, researchers expect rapid exploitation

CrushFTP CEO Ben Spink said the company isn’t aware of any data theft thus far, but researchers see echoes of MOVEit exploits and other high-profile file-transfer vulnerabilities.

By Matt Kapko • April 24, 2024

Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg

State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs.

By David Jones • April 24, 2024

Enterprises are getting better at detecting security incidents

Google Cloud’s Mandiant saw significant improvements in how organizations track down threats, yet hackers are still abusing common threat vectors.

By David Jones • April 23, 2024

Palo Alto Networks quibbles over impact of exploited, compromised firewalls

The security vendor downplayed the impact of exploit activity, describing most attempts as unsuccessful, but outside researchers say 6,000 devices are vulnerable.

By Matt Kapko • April 23, 2024

Mitre R&D network hit by Ivanti zero-day exploits

Exploits of Ivanti VPN products have hit roughly 1,700 organizations. To Mitre, guidance from the vendor and government fell short.

By Matt Kapko • April 22, 2024

Palo Alto Networks warns firewall exploits are spreading

Attempted exploits and attacks linked to the zero-day vulnerability, which has a CVSS of 10, grew after proof of concepts were released.

By Matt Kapko • April 18, 2024

Palo Alto Networks fixes maximum severity, exploited CVE in firewalls

The security vendor said a “limited number of attacks” were linked to the exploited vulnerability. Volexity observed exploits dating back to March 26.

By Matt Kapko • April 16, 2024

ChatGPT grabs the shadow IT crown: report

Generative AI tools emerged as the latest villain in the enterprise battle to curb SaaS bloat and rationalize software portfolios, Productiv analysis found.

By Matt Ashare • April 16, 2024

What’s going on with the National Vulnerability Database?

CVE overload and a lengthy backlog has meant the federal government’s repository of vulnerability data can’t keep up with today’s threat landscape.

By Matt Kapko • April 10, 2024

Microsoft embraces common weakness enumeration standard for vulnerability disclosure

The policy change is part of the company's wider effort to improve security practices and become more transparent following years of scrutiny. 

By David Jones • April 10, 2024

Mandiant spots advanced exploit activity in Ivanti devices

The incident response firm identified eight threat groups targeting the remote access VPNs and observed evolved post-exploitation activity.

By Matt Kapko • April 9, 2024

D-Link tells customers to sunset actively exploited storage devices

The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.

By Matt Kapko • April 8, 2024

Ivanti pledges security overhaul after critical vulnerabilities targeted in lengthy exploit spree

CEO Jeff Abbott said significant changes are underway. The beleaguered company committed to improve product security, share learnings and be more responsive to customers.

By David Jones • April 4, 2024

Motivations behind XZ Utils backdoor may extend beyond rogue maintainer

Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.

By David Jones • April 2, 2024