Enterprises are getting better at detecting security incidents

Google Cloud’s Mandiant saw significant improvements in how organizations track down threats, yet hackers are still abusing common threat vectors.

By David Jones • April 23, 2024

Palo Alto Networks quibbles over impact of exploited, compromised firewalls

The security vendor downplayed the impact of exploit activity, describing most attempts as unsuccessful, but outside researchers say 6,000 devices are vulnerable.

By Matt Kapko • April 23, 2024

Mitre R&D network hit by Ivanti zero-day exploits

Exploits of Ivanti VPN products have hit roughly 1,700 organizations. To Mitre, guidance from the vendor and government fell short.

By Matt Kapko • April 22, 2024

Palo Alto Networks warns firewall exploits are spreading

Attempted exploits and attacks linked to the zero-day vulnerability, which has a CVSS of 10, grew after proof of concepts were released.

By Matt Kapko • April 18, 2024

Palo Alto Networks fixes maximum severity, exploited CVE in firewalls

The security vendor said a “limited number of attacks” were linked to the exploited vulnerability. Volexity observed exploits dating back to March 26.

By Matt Kapko • April 16, 2024

ChatGPT grabs the shadow IT crown: report

Generative AI tools emerged as the latest villain in the enterprise battle to curb SaaS bloat and rationalize software portfolios, Productiv analysis found.

By Matt Ashare • April 16, 2024

What’s going on with the National Vulnerability Database?

CVE overload and a lengthy backlog has meant the federal government’s repository of vulnerability data can’t keep up with today’s threat landscape.

By Matt Kapko • April 10, 2024

Microsoft embraces common weakness enumeration standard for vulnerability disclosure

The policy change is part of the company's wider effort to improve security practices and become more transparent following years of scrutiny. 

By David Jones • April 10, 2024

Mandiant spots advanced exploit activity in Ivanti devices

The incident response firm identified eight threat groups targeting the remote access VPNs and observed evolved post-exploitation activity.

By Matt Kapko • April 9, 2024

D-Link tells customers to sunset actively exploited storage devices

The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.

By Matt Kapko • April 8, 2024

Ivanti pledges security overhaul after critical vulnerabilities targeted in lengthy exploit spree

CEO Jeff Abbott said significant changes are underway. The beleaguered company committed to improve product security, share learnings and be more responsive to customers.

By David Jones • April 4, 2024

Motivations behind XZ Utils backdoor may extend beyond rogue maintainer

Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.

By David Jones • April 2, 2024

Red Hat warns of backoor in widely used Linux utility

With a CVSS of 10, CISA urged users and developers to downgrade to an uncompromised version, search for any malicious activity and report findings back to the agency.

By David Jones • April 1, 2024

Progress Software continues to cooperate with SEC probe into MOVEit exploitation

The company said it still cannot quantify the potential impact of multiple government agency inquiries.

By David Jones • March 29, 2024

Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines

The water utility industry says they recognize the heightened threat environment, but the current federal push fails to account for their resource constraints.

By David Jones • March 28, 2024

Software makers urged to flush SQL injection vulnerabilities

CISA and FBI officials linked attacks against MOVEit file transfer software to preventable defects.

By David Jones • March 26, 2024

Threat groups hit enterprise software, network infrastructure hard in 2023

Recorded Future observed an approximately threefold increase in actively exploited high-risk vulnerabilities in enterprise software and network infrastructure, such as VPNs.

By Matt Kapko • March 22, 2024

AI’s copyright problem will soon slow adoption, Gartner says

The analyst firm said efforts to mitigate intellectual property leaks and copyright infringement will diminish ROI. 

By Lindsey Wilkinson • March 19, 2024

JetBrains says TeamCity servers exploited as it defends disclosure policies

The company is publicly disputing with Rapid7 researchers over the timing and detail provided in connection with critical security vulnerabilities.

By David Jones • March 12, 2024

CISA attacked in Ivanti vulnerabilities exploit rush

The nation’s cyber defense agency was hit “about a month ago” by widely exploited vulnerabilities in the popular remote access VPN product.

By Matt Kapko • March 11, 2024

Yet another threat actor seen exploiting ConnectWise ScreenConnect

Kroll researchers identified a new malware variant threat actors are deploying against the rapidly exploited security vulnerabilities. 

By David Jones • March 6, 2024

JetBrains TeamCity a ripe attack target as more vulnerabilities emerge

Despite available security fixes, Rapid7 researchers raised concerns about JetBrains' lack of coordination in vulnerability disclosure.

By David Jones • Updated March 6, 2024

In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly

The incidents highlight rapid ongoing exploitation by criminal threat actors as customers are urged to patch.

By David Jones • March 4, 2024

Ivanti exploit warnings go global as Five Eyes sound alarm

Ivanti pushed back on some of CISA’s findings, claiming no hacker was able to gain persistence when customers followed recommended mitigations.

By David Jones • Updated March 1, 2024

Utility regulators take steps to raise sector’s cybersecurity ‘baselines’

The voluntary cyber recommendations are intended to serve as a resource for state public utility commissions, utilities and distribution operators and aggregators.

By Robert Walton • Feb. 29, 2024