Threats

Microsoft Warns of Surge in Token Theft, Bypassing MFA

The Microsoft Detection and Response Team (DART) recently warned that attackers are increasingly using token theft to circumvent multi-factor authentication (MFA). "By compromising and replaying a...

Vulnerability Patching: How to Prioritize and Apply Patches

Every IT environment and cybersecurity strategy has vulnerabilities. To avoid damage or loss, organizations need to find and eliminate those vulnerabilities before attackers can exploit them. Some...

Major TTE Flaw Could Threaten Critical Infrastructure, Including Aircraft

Researchers at the University of Michigan and NASA are warning of a major flaw in the TTE (Time-Triggered Ethernet) protocol, which is used in a wide range of critical infrastructure, including space...

Azov ‘Ransomware’ Wipes Data, Blames Security Researchers

Check Point security researchers recently described the Azov ransomware as an "effective, fast, and unfortunately unrecoverable data wiper," noting that the malware seems far more focused on destroyi...

ProxyNotShell Finally Gets Patched by Microsoft

Microsoft's November 2022 Patch Tuesday includes fixes for more than 60 vulnerabilities affecting almost 40 different products, features and roles – including patches for CVE-2022-41040 and CVE-2022-...

Threat Group Continuously Updates Malware to Evade Antivirus Software

Kaspersky researchers recently found evidence of an advanced threat group continuously updating its malware to evade security products, similar to a release cycle for developers. Kaspersky reveale...

The History of Computer Viruses & Malware

If you’ve used a computer for more than 5 minutes, you probably know a thing or two about computer viruses and malware. On the modern Internet, malware is a near-constant presence. Whether it’s infe...

Main Targets of Ransomware Attacks & What They Look For

Cyber crime seems to evolve and innovate as much as the tech industry it seeks to exploit. In recent times, ransomware has become an especially potent tool of cyber criminals looking to exploit compan...

Heartbleed 2.0? OpenSSL Warns of Second-Ever Critical Security Flaw

The OpenSSL project this week announced plans to release version 3.0.7 on November 1 to patch a critical security flaw affecting versions 3.0 and later. Co-founder Mark J. Cox noted it's only the sec...

Cybercriminals Use Fake Public PoCs to Spread Malware and Steal Data

GitHub proofs of concept (PoCs) for known vulnerabilities could themselves contain malware as often as 10% of the time, security researchers have found. Researchers at the Leiden Institute of Adva...

Latest articles