Subscribe
Subscribe to Newsletter

Threats

Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.

  • Nation-State Attackers, Ransomware Groups Take Aim at Apache Log4j Flaw

    Nation-state cyber threat groups and ransomware attackers are moving in to exploit a critical flaw found in the seemingly ubiquitous Apache Log4j open-source logging tool, as attacks spread just days after the vulnerability that could affect hundreds of millions of devices was made public late last week. Microsoft researchers reported that the remote code execution…

  • Log4Shell Exploitation Grows as Security Firms Scramble to Contain Log4j Threat

    Cybercriminals are quickly ramping up efforts to exploit the critical flaw found in the widely used Log4j open-source logging tool, targeting everything from cryptomining to data theft to botnets that target Linux systems. The cybersecurity community is responding with tools for detecting exploitation of the vulnerability, a remote code execution (RCE) flaw dubbed Log4Shell and…

  • Cybersecurity ‘Vaccines’ Emerge as Ransomware, Vulnerability Defense

    Cybersecurity vaccines are emerging as a new tool to defend against threats like ransomware and zero-day vulnerabilities. Cybersecurity firms have released “vaccines” in recent days to protect against the widely used STOP ransomware strain and the new Apache Log4Shell vulnerability. Germany-based G Data CyberDefense released software designed to trick the STOP ransomware variant into believing…

  • Apache Log4j Zero Day Exploit Puts Large Number of Servers at Severe Risk

    A critical vulnerability in the open-source logging software Apache Log4j 2 is fueling a chaotic race in the cybersecurity world, with the Apache Software Foundation (ASF) issuing an emergency security update as bad actors searched for vulnerable servers. Log4j 2, developed by the ASF, is a widely used Java package that enables logging in an…

  • AT&T Looks to Shut Down Botnet that Attacked 5,700 Network Appliances

    AT&T is working to stop a botnet that has infected at least 5,700 network edge servers inside its networks and appears designed to steal sensitive information and launch distributed denial-of-service (DDoS) attacks. Researchers at Netlab, the network security unit of Chinese tech giant Qihoo 360, wrote in a report this week that the rapidly updated…

  • Nation-State Attackers Use RTF Injection to Easily Spread Malware

    Hacking groups linked to Russia, China and India are leveraging a novel attack technique that makes it easier for them to spread malware, steal data and evade detection, according to a report this week by security firm Proofpoint. The advanced persistent threat (APT) groups are using a technique called rich text format (RTF) template injections,…

  • Companies Get Better at Fighting Ransomware Despite Escalating Threats

    In a year in which ransomware attacks seem to get worse by the day, companies have made surprising progress defending themselves against attacks. But the attention paid to the malware by journalists, cybersecurity vendors and increasingly, government agencies, has pushed companies to improve their preparedness to defend themselves against ransomware gangs, according to a report…

  • How Hackers Use Payloads to Take Over Your Machine

    A payload is a piece of code that executes when hackers exploit a vulnerability. In other words, it’s an exploit module. It’s usually composed of a few commands that will run on the targeted operating system (e.g., key-loggers) to steal data and other malicious acts. Most operations use payloads, but there are a few payload-less…

  • Cybersecurity Mesh, Decentralized Identity Lead Emerging Security Technology: Gartner

    New cybersecurity buzzwords are always in abundance at the Gartner Security & Risk Management Summit, and the concepts that took center stage this week, like cybersecurity mesh and decentralized identity, seem well suited for new threats that have exploded onto the scene in the last year. Gartner analyst Ruggero Contu noted that security risks are…

  • HTML Smuggling Techniques on the Rise: Microsoft

    Bad actors are increasingly using a technique called HTML smuggling to deliver ransomware and other malicious code in email campaigns aimed at financial services firms and other organizations, according to Microsoft researchers. In a blog post, the company’s Microsoft 365 Defender Threat Intelligence Team wrote that the highly evasive technique, which is used to deploy…

Get the free newsletter

Subscribe to Cybersecurity Insider for top news, trends & analysis

This field is required This field is required

IT Security Resources

Top Cybersecurity Companies

See Full List