Vulnerability


  • Image attribution tooltip
    anyaberkut via Getty Images

    Tech adoption makes construction industry top target for cyberattacks

    Companies like Shawmut emphasize strengthening security, as a new report finds that contractors are at high risk for ransomware and other threats.

    By Sebastian Obando • Dec. 2, 2021
  • Image attribution tooltip
    Laurence Dutton via Getty Images

    Gartner guidance moves away from prioritizing critical CVEs, focuses on exploitability

    The analyst firm joined CISA in rethinking CVEs. Focusing on actively exploited vulnerabilities will exponentially improve security, a Gartner analyst said. 

    By Nov. 18, 2021
  • Image attribution tooltip
    sestovic/E+/Getty via Getty Images

    30K Microsoft Exchange Servers remain vulnerable to new tactics

    Organizations have failed to patch widely exploited vulnerabilities, though patches were made available in the spring, Mandiant researchers found.

    By Nov. 18, 2021
  • Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    A year after SolarWinds, third-party risk still threatens the software supply chain

    Digital transformation requirements have pressured organizations to introduce risk into their environments through open source or commercially available software.

    By Nov. 12, 2021
  • Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    CISA's vulnerability catalog is nice to have. But will it change how companies patch?

    The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.

    By Nov. 8, 2021
  • Image attribution tooltip
    Ian Forsyth / Stringer via Getty Images

    Better security, access policies can combat cloud misconfigurations

    Data disclosures from cloud misconfigurations are often the result of human error — but policies, not users, are to blame.  

    By Brian Eastwood • Nov. 4, 2021
  • Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images

    CISA overhauls vulnerability management, focuses on CVEs under active exploit

    The order is directed at all federal civilian agencies, "however, all organizations should adopt this directive and prioritize mitigating vulnerabilities listed on our public catalog," CISA Director Jen Easterly said.

    By Nov. 3, 2021
  • Image attribution tooltip
    Bethany Clarke via Getty Images

    Twitter eyes phishing deterrence with security key rollout

    The employee multifactor upgrade follows a high-profile attack against celebrity users in 2020, but the social media company says improvements are still needed. 

    By Oct. 29, 2021
  • Image attribution tooltip

    stock.adobe.com/JacobLund

    Sponsored by Cybersource

    How businesses are tackling fraud in a digital-first reality

    With digital transactions and eCommerce continuing to grow in volume, successfully taking on fraud will require businesses to explore and rely on new tools and technologies.

    Oct. 25, 2021
  • Image attribution tooltip
    Patrick Lux via Getty Images

    Supply chain attacks lift debate on how to manage software vulnerabilities

    Researchers and developers dispute where responsibilities lie for early detection and how to manage disclosure to customers. The disagreement can allow vulnerabilities to linger. 

    By Oct. 21, 2021
  • Image attribution tooltip
    Carl Court via Getty Images

    Users have bad security habits. What can businesses do?

    "As strange as it sounds, in the case of a security incident in the enterprise, you can't blame the user," Bitdefender's Alex "Jay" Balan said. 

    By Oct. 14, 2021
  • Image attribution tooltip
    Sean Gallup via Getty Images

    Top global companies falling short in protecting domain security

    Major brands leave themselves and their customers open to phishing attacks, ransomware and BEC due to inadequate measures.

    By Oct. 5, 2021
  • Image attribution tooltip
    David Ramos via Getty Images

    Threat actors more frequently — and successfully — target Active Directory

    Attacks on AD played a prominent role during the high-profile SolarWinds campaign and LockBit 2.0 ransomware attacks.

    By Sept. 30, 2021
  • Image attribution tooltip
    Traitov/iStock/Getty via Getty Images

    Timely patching remains pain point even as high-profile bugs linger

    With business continuity already challenged by COVID-19, patches interfering with business productivity became more of a challenge for security teams. 

    By Sept. 29, 2021
  • Image attribution tooltip

    Markus Spiske

    How hackers are making the leap from cloud to the software build processes

    The security problem with third-party container applications is not, however, indicative of infrastructure flaws.

    By Sept. 28, 2021
  • Image attribution tooltip
    Patrick Lux via Getty Images

    Is there too much transparency in cybersecurity?

    Between information sharing, software accountability, or incident response and disclosures, companies have to find the disclosure sweet spot.

    By Sept. 21, 2021
  • Image attribution tooltip
    gilaxia via Getty Images

    Executives fail to make software supply chain security a priority, report finds

    The disconnect between rhetoric and performance in the software development and security industries are part of an internal debate: Which sector should take the lead?

    By Sept. 14, 2021
  • Image attribution tooltip

     istock: ArthurHidden

    Sponsored by Code42

    The Great Resignation and the risk of data loss

    The Great Resignation is upon us and with it comes data loss.

    Sept. 13, 2021
  • Image attribution tooltip
    Jeenah Moon via Getty Images

    Exploits underway for Microsoft zero day leveraging Office documents

    Until a patch is developed, the company recommends disabling ActiveX in Internet Explorer. But Huntress researchers found the workaround is not functional in all cases.

    By , Updated Sept. 10, 2021
  • Image attribution tooltip

    iStock.com/pixelfit

    Sponsored by Code42

    Are you ready for the second wave of digital transformation?

    In the second wave of digital transformation, understanding Insider Risk is more important than ever.  

    Sept. 7, 2021
  • Image attribution tooltip

    Photo by cottonbro from Pexels

    Cyber Command urges immediate patching for Atlassian Confluence bug

    Atlassian Cloud customers are not impacted by the vulnerability.

    By Sept. 3, 2021
  • Image attribution tooltip
    Nigel Treblin via Getty Images

    Machine identity remains a mystery, threatening digital security

    As organizations undergo digital transformation, security often depends on authenticating the identity of connected machines. 

    By Sept. 2, 2021
  • Image attribution tooltip
    Jeenah Moon via Getty Images

    Azure flaw exposes enterprise databases, raising questions on cloud security

    The flaw dates back to 2019, when Microsoft added a data-visualization feature called Jupyter Notebook to the Cosmos DB, Wiz researchers said.

    By Aug. 30, 2021
  • Image attribution tooltip
    Sean Gallup via Getty Images

    More threats target Linux, a foundation for the cloud, report finds

    As enterprises embrace cloud, malicious actors are finding sophisticated methods to threaten users for computing power and data theft. 

    By Aug. 25, 2021
  • Image attribution tooltip
    Sean Gallup via Getty Images

    Microsoft Exchange vulnerabilities targeted in ProxyShell attacks

    Conti affiliates are now using ProxyShell exploits to target organizations during ransomware attacks, researchers found. 

    By Updated Sept. 7, 2021