Threats

The latest cybersecurity threats and news to help you protect your data, networks, applications, and devices.

  • Kaseya Breach Underscores Vulnerability of IT Management Tools

    Managed service providers (MSPs) have long relied on third-party software to manage clients’ IT infrastructure, but a massive ransomware attack launched over the weekend at customers of Kaseya will likely cause MSPs to take a harder look at the security of their IT suppliers. Kaseya revealed late Friday night that a zero-day vulnerability in its… Read more

  • LinkedIn Hack is Scraped Data, Company Claims

    A hacker who recently offered 700 million LinkedIn records for sale alarmed LinkedIn users and security specialists, but the company insists the data is linked to previously reported scraped data and wasn’t hacked. The RaidForums post offering the data included a sample users’ full names, genders, birthdates, LinkedIn user names, Facebook user names, Twitter user… Read more

  • Ransomware Groups are Targeting VMs

    Virtual machines are becoming an increasingly popular avenue cybercriminals are taking to distribute their ransomware payloads onto compromised corporate networks. Bad actors have been exploiting VMs in recent years as a way of running under the radar, making it more difficult to detect their malware while it encrypts the data they intend to hold for… Read more

  • Ransomware-as-a-Service (RaaS) Is the Latest Evolution in Ransomware Threats

    At first glance, the report this week from cybersecurity software vendor McAfee showing that the incidence of ransomware dropped by half in the first quarter seems like good news to a world that continues to feel the repercussions of the seemingly ubiquitous malware. However, the 50 percent decline in ransomware during the first three months… Read more

  • PowerShell Is Source of More Than a Third of Critical Security Threats

    PowerShell was the source of more than a third of critical threats detected on endpoints in the second half of 2020, according to a Cisco research study released at the RSA Conference today. The top category of threats detected across endpoints by Cisco Secure Endpoint was dual-use tools leveraged for exploitation and post-exploitation tasks. PowerShell… Read more

  • The Microsoft Exchange Attack Saga Continues

    With companies and organizations under siege on so many fronts over the past year, the last thing internal IT departments needed was another daunting challenge to grapple with.  Yet for those enterprises that host their own Microsoft Exchange environments, a collection of four recently discovered exploits involving the Exchange Server software has added another layer… Read more

  • SolarWinds Hack Defenses: Protecting Against ‘Solorigate’ TTPs

    A March 2020 software update of the SolarWinds Orion management platform gave malicious actors unhindered access to key government and enterprise networks. Microsoft has dubbed the infamous supply chain compromise of SolarWinds as “Solorigate.” In December, eSecurity Planet detailed FireEye’s initial findings, implications for the industry, and how to mitigate similar attacks. Since then, much… Read more

  • Automating Security Risk Assessments for Better Protection

    Protecting your organization from IT security risks is an ongoing, fluid task. Proactively identifying, mitigating and remediating security threats is one of the biggest challenges today’s global businesses face. As a savvy tech leader, you are likely hyperfocused on performing security risk audits to keep your networks strong and protected. Automated security risk assessments can… Read more

  • How to Defend Common IT Security Vulnerabilities

    IT security pros have never faced more threats, whether it’s from the huge increase in remote work or aggressive nation-state sponsored hackers like those involved in the SolarWinds breach. While there will always be new holes to plug, security vulnerabilities usually stem from the same few causes: unpatched vulnerabilities, misconfigurations or user error, and even… Read more

  • New TCP/IP Vulnerabilities Expose IoT, OT Systems

    Forescout Research Labs last month released a 14-page white paper and a 47-page research report detailing 33 vulnerabilities affecting millions of Internet of Things (IoT), Operational Technology (OT), and IT devices. Dubbed AMNESIA:33, these newly identified vulnerabilities include four broadly used TCP/IP stacks and have left more than 150 vendors potentially compromised. Forescout’s findings are… Read more

IT Security Resources

Top Cybersecurity Companies

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis