Threats
The latest cybersecurity threats and news to help you protect your data, networks, applications, and devices.
-
How to Prevent SQL Injection: 5 Key Prevention Methods
A SQL injection is an attack on a website’s back end. Discover how to protect your website and its database from SQL injection attacks. Read more
-
Western Digital Cyber Attack a ‘Wake Up Call for ASIC Vendors’
Update: In a statement on the extent of the data breach disclosed last month, Western Digital said it has control of its digital certificate infrastructure and is “equipped to revoke certificates as needed.” “Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm… Read more
-
Microsoft Flaws Include Secure Boot Bypass, System-Level Takeovers
Microsoft’s Patch Tuesday for May 2023 fixes two actively exploited vulnerabilities, including a Secure Boot bypass and system-level takeover. Read more
-
ChatGPT Security and Privacy Issues Remain in GPT-4
GPT-4 has many of ChatGPT’s malicious capabilities, in some cases even enhancing them. Read more
-
Misconfigured Registries: Security Researchers Find 250 Million Artifacts Exposed
Development teams are exposing critical data and secrets online. Here’s what to do about it. Read more
-
Attackers Continue to Leverage Signed Microsoft Drivers
In December of last year, Microsoft worked with SentinelOne, Mandiant, and Sophos to respond to an issue in which drivers certified by Microsoft’s Windows Hardware Developer Program were being used to validate malware. Unfortunately, the problem hasn’t gone away. In a recent Mastodon post, security expert Kevin Beaumont observed, “Microsoft are still digitally signing malware… Read more
-
How UPX Compression Is Used to Evade Detection Tools
Compression is a great way for hackers to hide malware and render it undetectable. Here’s what to do about that. Read more
-
Windows CLFS Vulnerability Used for Ransomware Attacks
Microsoft’s Patch Tuesday for April 2023 targets 97 vulnerabilities, seven of them rated critical – as well as one that’s currently being exploited in the wild. The one flaw that’s currently being exploited, CVE-2023-28252, is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver that could provide an attacker with… Read more
-
What is Ransomware? Everything You Should Know
Ransomware is a type of malicious program, or malware, that encrypts files, documents and images on a computer or server so that users cannot access the data. Ransomware is the most feared cybersecurity threat and with good reason: Its ability to cripple organizations by locking their data is a threat like no other. Knowing what… Read more
-
Over 15 Million Systems Exposed to Known Exploited Vulnerabilities
Effective vulnerability management is about knowing what you own and prioritizing what you need to fix. A new research report shows that millions of organizations are failing at those critical cybersecurity practices. Researchers at cybersecurity firm Rezilion found more than 15 million instances in which systems are vulnerable to the 896 flaws listed in the… Read more
