Familiar names top 2021's most-exploited vulnerabilities list

Top ransomware operators, including Hive and Conti, are exploiting flawed systems to launch new attacks, researchers warn.

By David Jones • May 2, 2022

IT leaders remain bullish on open source despite security hiccups

Enterprise adoption of open source has not cooled, but flaws have highlighted the need for a better understanding of dependencies.

By Brian Eastwood • April 25, 2022

Merchants prioritize fraud prevention as fraud costs, impact to businesses rise

Merchants are grappling with which tools to use, which are most effective and how to balance rising fraud attacks on a limited budget without hampering CX.   

April 25, 2022

AWS reissues Log4Shell hotpatch after vulnerabilities found

Researchers warn attackers can escape containers and escalate privileges.

By David Jones • April 22, 2022

Threat detection accelerates in Asia, Europe, as notification trends shift

Median dwell time fell as organizations boosted cybersecurity defenses, shared threat intelligence.

By David Jones • April 19, 2022

Construction sector mulls cyber risk: hackers toying with materials

Structural integrity specs in automated systems could become a target. Here's how companies like Trimble, Procore and Autodesk are preparing.

By Sebastian Obando • March 31, 2022

Big tech is fixing bugs faster. Will that influence trickle down?

If a customer lacks urgency in deploying a patch, a flaw can linger. 

By Sue Poremba • March 25, 2022

Russian state-sponsored actors target PrintNightmare, MFA settings

ESET researchers are separately warning about new data wiping malware.

By David Jones • March 16, 2022

Education sector more prepared for cyberattacks than most

An analysis from Immersive Labs shows K-12 and higher ed are more willing to comply with ransomware demands.

By Kara Arundel • March 11, 2022

The threat from within: How to address the employee element in password security

There are numerous sides to the password problem, but here are a few common issues to know.

March 7, 2022

Medtech, hospitals on alert for cyberattacks after Russia's invasion of Ukraine

The Russia-Ukraine conflict has raised the cyberthreat level for medtech and hospitals, putting patient safety at risk.

By Greg Slabodkin • March 2, 2022

Critical SAP CVEs leave broad exposure, fixes require downtime

Thousands of systems remain vulnerable, including applications not connected to the public internet. 

By David Jones • Feb. 17, 2022

Cybersecurity outlook for 2022

Nation-state cyberthreats and Log4j have the security community on high alert; organizations need to master response and remediation.  

By Naomi Eide • Feb. 14, 2022

Log4j highlights ongoing cyber risk from free, open source software: Moody's

Limited investment and slow remediation response continues to challenge open source software.

By David Jones • Feb. 11, 2022

Critical SAP vulnerabilities spur CISA, researcher pleas for urgent patching

Onapsis security researchers warn attackers could take full control of systems to steal data, disrupt critical business functions and launch ransomware.

By David Jones • Feb. 10, 2022

Apache tells US Senate committee the Log4j vulnerability could take years to resolve

While a software bill of materials could improve supply chain security, users still download vulnerable versions of software. 

By David Jones • Feb. 9, 2022

NIST targets software supply chain with guidance on security standards

Guidelines call for developers to attest they use secure software practices.

By David Jones • Feb. 7, 2022

In 2022, you can no longer afford to ignore credential security

Credentials are among the most sought-after targets by hackers due to the low risk and high rewards.

Jan. 31, 2022

Blackberry links initial access broker activity to Log4Shell exploit in VMware Horizon

The threat actor primarily installed cryptomining software onto affected systems. In some cases, however, it deployed Cobalt Strike beacons, Blackberry found.

By David Jones • Jan. 26, 2022

Log4j raises cyber risk for public finance entities, Fitch warns

Local agencies and critical sites face increased operational and financial risk as the vulnerability opens organizations to ransomware or other malicious activity. 

By David Jones • Jan. 19, 2022

Extracting portions of open source in software development threatens app security

While companies employ safeguards to detect flaws in applications, the likelihood of organizations running a complete database of all the places a vulnerability lives is slim.

By Samantha Schwartz • Jan. 19, 2022

Cobalt Strike targets VMware Horizon after UK warnings of Log4Shell threats

Researchers say the threat emulation tool may endanger thousands of vulnerable servers.

By David Jones • Jan. 18, 2022

Big tech pushes White House for open source funding, standards after Log4j

Technology officials are calling on cross-sector collaboration to prevent a recurrence of a Log4j-style security crisis. 

By David Jones • Jan. 14, 2022

Microsoft pushes patch for wormable HTTP vulnerability, exploitation undetected so far

An attacker does not need to interact with a user or have privileged access to infect a system. 

By Samantha Schwartz • Jan. 13, 2022

Log4j threat activity limited, but CISA says actors lay in wait

Microsoft is warning about new activity from a threat actor exploiting the vulnerability in VMware Horizon to deploy ransomware.

By David Jones • Jan. 11, 2022