Threats

Protecting Against the Spring4Shell Vulnerability

Spring4Shell (CVE-2022-22965) is a remote code execution (RCE) vulnerability that affects Spring Core, a comprehensive framework for Java-based enterprise applications. Spring4Shell gets its name f...

Complete Guide to Phishing Attacks: What Are the Different Types and Defenses?

As web security improves, email security has become a bigger problem than ever. The overwhelming majority of malware attacks now come from email — as high as 89 percent, according to HP Wolf Security...

A Few Clicks from Data Disaster: The State of Enterprise Security

Once an organization has been breached, the overwhelming majority of critical assets are just a few attack techniques away from being compromised, according to a new study. The report by breach and...

Addressing Remote Desktop Attacks and Security

The Remote Desktop Protocol (RDP) has long been essential for IT service management and remote access. Still, in the wrong hands, RDP attacks and vulnerabilities related to remote desktop software ar...

LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung

The LAPSUS$ threat group has had an attention-grabbing month, snaring high-profile victims like Microsoft, Okta, NVIDIA, Samsung and others. On March 22, Microsoft confirmed a substantial breach by...

APT Attacks & Prevention

A company that discovers that an advanced persistent threat (APT) attack is underway tends to be the exception. Attackers design APTs to be subtle, persistent, and to remain undetected for as long as ...

Biden Approves Cybersecurity Reporting, Issues Rare Warning

President Joe Biden has faced a number of crises since taking office in January 2021, but his Administration has nonetheless managed to be at the forefront of the U.S. response to cyber attacks by cri...

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

Using misconfigured multi-factor authentication (MFA) and an unpatched Windows vulnerability, Russian state-sponsored hackers were able to breach a non-governmental organization (NGO) and escalate pri...

How Cobalt Strike Became a Favorite Tool of Hackers

Cobalt Strike was created a decade ago by Raphael Mudge as a tool for security professionals. It’s a comprehensive platform that emulates very realistic attacks. Indeed, the tool can assess vulnerabil...

Dirty Pipe Makes Linux Privilege Escalation Easy

A major Linux vulnerability dubbed "Dirty Pipe" could allow even the least privileged users to perform malicious actions. Researcher Max Kellermann of Ionos revealed the new vulnerability earlier t...

Latest articles