Threats
Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.
-
CISA, Microsoft Warn of Wiper Malware Amid Russia-Ukraine Tensions
The U.S. government agency overseeing cybersecurity is urging the country’s businesses and other organizations to take the necessary steps to protect their networks from any spillover that might occur from the ongoing cyberattacks aimed at Ukraine government agencies and private companies. In an alert issued this week, the Cybersecurity and Infrastructure Security Agency (CISA) cited…
-
Attacks Escalating Against Linux-Based IoT Devices
Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. According to a report by CrowdStrike, there was a 35 percent year-over year growth in 2021 of malware targeting these devices, and the XorDDoS, Mirai and Mozi…
-
Open Source Sabotage Incident Hits Software Supply Chain
An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software. Marak Squires, an open source coder and maintainer, sabotaged his repository to protest against unpaid work and his failed attempts to monetize faker.js and…
-
Iran-Based APT35 Group Exploits Log4J Flaw
Security researchers are continuing to see state-supported hacking groups developing tools to leverage the high-profile Log4j vulnerability that exploded onto the scene last month even as the White House and other parts of the federal government look for ways to get ahead of the threat. Check Point Software’s researchers said this week that the Iran-backed…
-
U.S. Security Agencies Warn About Russian Threat Gangs Amid Ukraine Tensions
U.S. federal security agencies are putting companies on alert to potential threats from Russian state-sponsored cybercriminal groups, warning in particular about dangers to critical infrastructure and urging organizations to learn how to detect and protect against attacks. The joint cybersecurity advisory issued Jan. 11 by the FBI, National Security Agency (NSA) and Cybersecurity and Infrastructure…
-
NY AG Investigation Highlights Dangers of Credential Stuffing
A report last week by the New York Attorney General’s Office put a spotlight on the ongoing threat of credential stuffing, a common technique used by cybercriminals that continues to spread and is helping to fuel the push for security practices that don’t involve usernames and passwords. AG Letitia James’ office ran a months-long investigation…
-
Cybersecurity Outlook 2022: Third-Party, Ransomware and AI Attacks Will Get Worse
About the only consensus on cybersecurity in 2022 is that things will get uglier, but in what ways? Third-party security, ransomware, artificial intelligence (AI) and decentralized finance (DeFi) are some of the threats you can expect to see more of this year – with the potential for far worse results than we’ve seen in the…
-
How to Use MITRE ATT&CK to Understand Attacker Behavior
MITRE ATT&CK (“miter attack”) is an up-to-date and widely-used knowledge base that focuses on how attackers think and operate. It’s based on practical use cases, so companies can better evaluate security issues and get examples of common tactics and techniques used by threat actors. ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) documents adversary behaviors to…
-
SolarWinds-Like Supply Chain Attacks will Peak in 2022, Apiiro Security Chief Predicts
Cyberthreats against software supply chains moved to the forefront of cybersecurity concerns a year ago when revelations of the attack on software maker SolarWinds emerged. Now one security researcher – Moshe Zioni, vice president of security research for application risk management startup Apiiro – is predicting that supply chain attacks will likely peak in 2022…
-
The Link Between Ransomware and Cryptocurrency
There are few guarantees in the IT industry, but one certainty is that as the world steps into 2022, ransomware will continue to be a primary cyberthreat. The dangers from ransomware have risen sharply since WannaCry and NotPetya hit the scene in 2017, and this year has been no different. A pair of recent reports…
