Subscribe
Subscribe to Newsletter

Threats

Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.

  • Hackers Leak 87,000 Fortinet VPN Passwords

    In the latest lesson about the importance of patching, the credentials for 87,000 Fortinet FortiGate VPNs have been posted on a dark web forum by hackers. Fortinet confirmed the veracity of the hackers’ claims in a blog post today. The network security vendor said the credentials were stolen from systems that remain unpatched against a…

  • Vulnerability Could Expose HAProxy to HTTP Request Smuggling Attack

    A critical vulnerability discovered in the open-source load balancer and proxy server HAProxy could enable bad actors to launch an HTTP Request Smuggling attack, which would let them bypass security controls and gain unauthorized access to sensitive data. Researchers with JFrog Security uncovered the vulnerability, CVE-2021-40346, during their regular searches for new and previously unknown…

  • Ransomware Group Ragnar Locker Threatens Data Leaks if Law Enforcement Contacted

    The cybercriminal gang behind the Ragnar Locker ransomware attacks is threatening victims that it will go public with data captured in an attack if they contact law enforcement agencies or hire negotiators. The Ragnar Locker group posted on its darknet leak site a note outlining the warning, putting even more pressure on target companies (which…

  • Zero-Day Threats: Preparation is the Best Prevention

    Zero-day threats can be the source of some of the most dangerous kinds of cyberattacks. Zero-day attacks take advantage of vulnerabilities that haven’t been discovered or are not publicly known yet. One of the things that makes these threats so dangerous is that they often come without warning, posing a huge risk to the companies…

  • Salesforce Email Service Used for Phishing Campaign

    Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses. According to a recent blog post from email security service provider Perception Point, the bad…

  • Cybersecurity Risks of 5G – And How to Control Them

    5G is on the cusp of widespread adoption. Consumers and organizations are enthused about the operational benefits of more robust mobile connectivity, but the shift to 5G networks doesn’t come without risks. Service providers and 5G-enabled device manufacturers both have critical roles to play in the success and sustainability of this wireless network rollout. Beyond…

  • LockFile Ransomware Uses Unique Methods to Avoid Detection

    The LockFile ransomware family has made an impression in the relatively short amount of time it’s been around. The malware garnered a lot of attention over the past several months after being detected exploiting high-profile Microsoft vulnerabilities dubbed ProxyShell and PetitPortam. Now security researchers with Sophos have found that the LockFile operators are using novel…

  • Microsoft, Google Among Tech Giants Pledging Big Money to Cybersecurity

    Some of the biggest names in tech are promising to spend more than $30 billion to bolster cybersecurity capabilities, from securing the supply chain and expanding the adoption of the zero trust model to growing the talent pool, ramping up security awareness and revamping parts of the National Institute of Standards and Technology (NIST) framework.…

  • Microsoft Issues ProxyShell Advisory After Attacks Begin

    Microsoft this week issued an advisory about three vulnerabilities referred to collectively as ProxyShell days after security researchers at a federal government cybersecurity agency warned that cybercriminals were actively trying to exploit them. The ProxyShell vulnerabilities that affect Microsoft Exchange servers were put on full display at this month’s Black Hat 2021 conference when Devcore…

  • Ransomware Groups Look for Inside Help

    Ransomware attackers, who use myriad methods to get their malware into the systems of businesses large and small in hopes of pulling down millions of dollars, are now going directly to the source. A researcher with email security solutions vendor Abnormal Security found a threat actor directly emailing employees of a company urging them to…

Get the free newsletter

Subscribe to Cybersecurity Insider for top news, trends & analysis

This field is required This field is required

IT Security Resources

Top Cybersecurity Companies

See Full List