Threat actors favor brute force attacks to hit cloud services

Google Cloud warned that organizations face their greatest threat due to weak passwords and vulnerable software.

By Matt Kapko • July 12, 2022

Microsoft rollback on macro blocking in Office sows confusion

The company said it remains "fully committed" to disabling macros by default, and the temporary measure will make the product more user friendly.

By David Jones • July 11, 2022

What to watch with 5G network security

For wireless network carriers, 5G is a model of what’s next. But it also introduces features and services that dramatically expand the threat surface.

By Matt Kapko • July 8, 2022

Apple's coming security features an answer to government-backed spyware

While some mobile security experts hail Lockdown Mode as a breakthrough, others warn the features will not extend to third-party apps.

By David Jones • July 7, 2022

Federal authorities warn MedusaLocker ransomware targeting remote desktop vulnerabilities

The ransomware as a service group began targeting healthcare and other industries in 2019. In recent months, activity has surged once again.

By David Jones • July 1, 2022

Organizations lag on confidence and policies to manage open source security

It's taking longer for companies to find open source vulnerabilities, and shaky policies mean only the most critical vulnerabilities are attended to. 

By David Jones • June 24, 2022

Attackers keep targeting VMware Horizon, exploiting unpatched Log4Shell

In one case, CISA found multiple threat actors compromising an organization using Log4Shell, which leveraged access to gain remote command and control.

By Naomi Eide • June 24, 2022

Dozens of vulnerabilities threaten major OT device makers

Researchers from Forescout’s Vedere Labs found 56 vulnerabilities across big names like Honeywell and Motorola raising design-level security concerns.

By David Jones • June 21, 2022

Microsoft releases long sought patch for Office Follina zero day as CISA, customers assess impact

The fix comes two weeks after the industry was forced to improvise with a workaround solution, while nation-state and criminal actors exploited the vulnerability.

By David Jones • June 15, 2022

Microsoft resolves critical vulnerability in Azure Synapse after prior patches fall short

Orca Security warned in January that attackers could gain remote code execution, taking over tenant workspaces.

By David Jones • June 14, 2022

Tenable CEO calls out Microsoft on lack of transparency on vulnerabilities

Amit Yoran claims Microsoft failed to acknowledge a critical vulnerability in Azure until Tenable said it would go public.

By David Jones • June 13, 2022

5 takeaways from the RSA Conference

The event tried to pick up where it left off 28 months ago. Can defenders keep up with the accelerated pace and scale of the cyber threat?

By Matt Kapko • June 13, 2022

Threat actors deploy new attack methods as Microsoft Follina vulnerability lingers

Researchers discover new vectors, including the use of remote access trojan AsyncRAT.

By David Jones • June 10, 2022

FBI, CISA issue warning on China-backed cyber threats against the telecom industry

State-sponsored actors are targeting small and home office networking equipment for access.

By David Jones • June 8, 2022

Attackers aim for Atlassian Confluence zero day with mass, targeted exploitation

The threat activity comes days after Atlassian released a security fix for the on-premise vulnerability.

By David Jones • June 7, 2022

Atlassian releases fix for critical zero day impacting Confluence

Attackers could take control of affected devices without need for authentication.

By David Jones • June 3, 2022

CISA issues warning after critical zero day hits Atlassian's Confluence

No patch or workaround is currently available and federal agencies are required to disconnect from the product.

By David Jones • June 3, 2022

Food supplier cyber risk spreads 1 year after JBS attack

Ransomware attacks target common vulnerabilities like legacy OT systems and equipment that lacks modern security tools.

By Matt Kapko • June 2, 2022

Microsoft zero day under attack as industry awaits patch

One threat actor has been exploiting the Follina vulnerability to deliver malware, Proofpoint researchers said Tuesday.

By David Jones • Updated June 8, 2022

Microsoft Office zero day leaves researchers scrambling over the holiday weekend

The company warns a successful attack could allow an attacker to install programs, delete data or create new accounts. 

By David Jones • Updated May 31, 2022

Persistent vulnerabilities put VMware on the defense

Recent flaws earned the company CISA's 10th emergency directive, the latest in a series of potential high-impact flaws for enterprise users.

By Matt Kapko • May 27, 2022

Feds release grim reminder: Threat actors prey on basic security mishaps

Federal authorities and U.S. allies admonished companies to tighten weak controls and configurations.

By David Jones • May 20, 2022

Critical VMware vulnerabilities resurface after threat actors evade patches within 48 hours

Even with new patches available, CISA is concerned that threat actors will easily shake off the fixes once again.

By Matt Kapko • Updated June 2, 2022

Tech giants pledge multimillion down payment to secure open source

Top technology companies offered $30 million toward a two-year goal to bolster software supply chain security.

By David Jones • May 13, 2022

Critical CVEs put Aruba Networks, Avaya enterprise switches at risk

Researchers previously found similar vulnerabilities in Smart-UPS devices.

By David Jones • May 3, 2022