Jeff Goldman Avatar
  • Hacker at computer

    Over 15 Million Systems Exposed to Known Exploited Vulnerabilities

    Effective vulnerability management is about knowing what you own and prioritizing what you need to fix. A new research report shows that millions of organizations are failing at those critical cybersecurity practices. Researchers at cybersecurity firm Rezilion found more than 15 million instances in which systems are vulnerable to the 896 flaws listed in the […]

  • Exploited IT zero days

    Weakness at the Network Edge: Mandiant Examines 2022’s Zero-Day Exploits

    Enterprise IT, network and security product vulnerabilities were among those actively exploited in zero-day attacks last year, according to a recent Mandiant report. Mandiant tracked 55 zero-day vulnerabilities that were actively exploited in 2022. That’s fewer than the 81 zero-days exploited in 2021, but far more than those exploited in any previous year. Going forward, […]

  • Outlook NTLM exploit

    Microsoft Targets Critical Outlook Zero-Day Flaw

    Microsoft’s Patch Tuesday for March 2023 includes patches for more than 70 vulnerabilities, including zero-day flaws in Outlook and in Windows SmartScreen. According to Crowdstrike researchers, 40 percent of the patched vulnerabilities are remote code execution flaws, down from 48 percent last month; 31 percent are elevation of privilege flaws, up from almost 16 percent […]

  • ai security

    BlackMamba PoC Malware Uses AI to Avoid Detection

    HYAS researchers recently developed proof-of-concept (PoC) malware that leverages AI both to eliminate the need for command and control (C2) infrastructure and to generate new malware on the fly in order to evade detection algorithms. The malware, dubbed “BlackMamba,” is the latest example of exploits that can evade even the most sophisticated cybersecurity products. While […]

  • white house cybersecurity

    Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles

    The White House’s National Cybersecurity Strategy unveiled yesterday is an ambitious blueprint for improving U.S. cybersecurity and threat response, but some of the more ambitious items will take time to implement, and could face opposition from Congress. President Biden came into office around the time of the SolarWinds and Colonial Pipeline cyber attacks, so cybersecurity […]

  • DDoS protection and response

    Cloudflare Blocks Record DDoS Attack as Threats Surge

    Cloudflare mitigated dozens of hyper-volumetric DDoS attacks last weekend, most of them ranging from 50 to 70 million requests per second (RPS) – and the largest one exceeding 71 million RPS. “This is the largest reported HTTP DDoS attack on record, more than 35 percent higher than the previous reported record of 46 million RPS […]

  • feb 2023 patch tuesday

    Microsoft Patch Tuesday Includes Three Exploited Zero-Day Vulnerabilities

    Microsoft’s February 2023 Patch Tuesday fixes 75 vulnerabilities, nine of them rated critical, and three (all rated important) that are being exploited. “This is only the second Patch Tuesday of the year, and we have already tripled the number of weaponized threats that need to be fixed in this release,” Syxsense CEO and founder Ashley […]

  • Cybersecurity Analysts Using ChatGPT for Malicious Code Analysis, Predicting Threats

    ChatGPT has raised alarm among cybersecurity researchers for its unnerving ability in composing everything from sophisticated malware to phishing lures – but it’s important to keep in mind that the tool can help support cybersecurity defenses as well. Shiran Grinberg, director of research and cyber operations at Cynet, told eSecurity Planet that too many companies […]

  • Hackers and cyber attack.

    Hackers Use RMM Software to Breach Federal Agencies

    Cybercriminals recently breached U.S. federal agencies using remote monitoring and management (RMM) software as part of a widespread campaign. The malicious campaign began in June 2022 or earlier and was detected a few months later, according to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the […]

  • Detecting of a malware.

    Threat Groups Distributing Malware via Google Ads

    Security researchers are warning that Google Ads are being actively leveraged to distribute malware to unsuspecting victims searching for software downloads. On January 20, CronUp researcher Germán Fernández warned that the DEV-0569 ransomware group is using Google Ads to distribute Gozi/Ursnif malware, RedLine stealer, and Royal ransomware. “For deployment, they use Add-MpPreference to configure exclusions […]

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis