Subscribe
Subscribe to Newsletter

Threats

Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.

  • Nimbuspwn: New Root Privilege Escalation Found in Linux

    The Microsoft 365 Defender Research Team has revealed several new Linux vulnerabilities collectively dubbed “Nimbuspwn.” Like the Dirty Pipe vulnerability, they only need a local user with low capabilities to elevate privileges, but this time the exploit seems much more specific and focuses on “networkd-dispatcher,” a systemd component that handles connection status changes. The Nimbuspwn…

  • Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

    U.S. cybersecurity agencies joined their counterparts around the globe to urge organizations to address the top 15 vulnerabilities exploited in 2021. Topping the list were the Log4Shell vulnerability and Microsoft bugs ProxyShell and ProxyLogon. Microsoft occupied more than half the list, with Exchange Server accounting for eight of the vulnerabilities. VMware, Atlassian, Pulse Secure and…

  • WatchGuard, Windows Vulnerabilities Require Urgent Fixes

    Vulnerabilities in WatchGuard firewalls and Microsoft Windows and Windows Server need to be patched and fixed immediately, security organizations said in alerts this week. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged organizations to patch a critical WatchGuard firewall vulnerability (CVE-2022-23176) that affects the Fireware operating system running on WatchGuard Firebox and XTM appliances,…

  • Critical Infrastructure, ICS/SCADA Systems Under Attack by Advanced Threat Groups

    Critical infrastructure, industrial control (ICS) and supervisory control and data acquisition (SCADA) systems are under increasing threat of cyber attacks, according to a number of recent warnings from government agencies and private security researchers. CERT-UA (Computer Emergency Response Team of Ukraine) reported a major attack on Ukrainian energy infrastructure last week. Researchers at ESET and…

  • How Hackers Evade Detection

    Bypassing detection tools is part of a hacker’s routine these days. Despite the incredible evolution of defensive technologies, attackers often remain undetected for weeks or months, earning the label advanced persistent threat (APT). Classic security tools are necessary but less and less sufficient. That’s why most security companies are now focusing on behavioral analysis and…

  • Protecting Against the Spring4Shell Vulnerability

    Spring4Shell (CVE-2022-22965) is a remote code execution (RCE) vulnerability that affects Spring Core, a comprehensive framework for Java-based enterprise applications. Spring4Shell gets its name from the Log4Shell vulnerability, one of the most critical zero-day threats ever, which affected a Java software component called Log4j and allowed hackers to take control of web servers and networks.…

  • Complete Guide to Phishing Attacks: What Are the Different Types and Defenses?

    As web security improves, email security has become a bigger problem than ever. The overwhelming majority of malware attacks now come from email — as high as 89 percent, according to HP Wolf Security research. And with many employees getting multiple emails per day, it’s easy for spam emails to slip their notice and potentially…

  • A Few Clicks from Data Disaster: The State of Enterprise Security

    Once an organization has been breached, the overwhelming majority of critical assets are just a few attack techniques away from being compromised, according to a new study. The report by breach and attack simulation (BAS) vendor XM Cyber noted that 63% of critical assets are just a single “hop” away from initial breach to compromise;…

  • Addressing Remote Desktop Attacks and Security

    The Remote Desktop Protocol (RDP) has long been essential for IT service management and remote access. Still, in the wrong hands, RDP attacks and vulnerabilities related to remote desktop software are a severe threat. Recent years presented a torrent of research showing how vulnerable RDP systems are for organizations not taking additional cybersecurity precautions. Because…

  • LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung

    The LAPSUS$ threat group has had an attention-grabbing month, snaring high-profile victims like Microsoft, Okta, NVIDIA, Samsung and others. On March 22, Microsoft confirmed a substantial breach by the LAPSUS$ hacking group. In a blog post detailing its efforts to track and contain the breach, Microsoft described LAPSUS$ as a “large scale social engineering and…

Get the free newsletter

Subscribe to Cybersecurity Insider for top news, trends & analysis

This field is required This field is required

IT Security Resources

Top Cybersecurity Companies

See Full List