Threat detection and response

Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.

Top Stories

Tip 22 Oct 2024
Threat intelligence vs. threat hunting: Better together

Understanding and using threat intelligence and threat hunting together provides enterprises with a well-rounded security posture. Find out how to build your plan. Continue Reading
By
- Amanda Scheldt
News 22 Oct 2024
Thoma Bravo-owned Sophos to acquire Secureworks for $859M

Sophos said it plans to integrate Secureworks' products into a broader portfolio that serves both large enterprises and small and medium-sized businesses. Continue Reading
By
- Alexander Culafi, Senior News Writer

News 21 Oct 2024
Cisco confirms attackers stole data from DevHub environment

While Cisco said its systems were not breached, the vendor did confirm that attackers stole sensitive information from the public-facing portal. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Oct 2024
DOJ charges alleged Anonymous Sudan ringleaders

Two Sudanese brothers are accused of leading the cybercriminal group that caused significant damage to healthcare organizations as well as other high-profile victims. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Oct 2024
September a quiet month for ransomware attacks

Notable ransomware attacks in September involved a Rhode Island public school district, a Texas hospital system, and Kawasaki Motors' European branch. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 16 Oct 2024
Microsoft: Nation-state activity blurring with cybercrime

Microsoft's Digital Defense Report 2024 noted that Russia 'outsourced some cyberespionage operations' against Ukraine to otherwise independent cybercrime gangs. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 16 Oct 2024
How to build an incident response plan, with examples, template

With cyberthreats and security incidents growing by the day, every organization needs a solid incident response plan. Learn how to create one for your company. Continue Reading
By
- Paul Kirvan
Definition 11 Oct 2024
What is the Mitre ATT&CK framework?

The Mitre ATT&CK -- pronounced miter attack -- framework is a free, globally accessible knowledge base that describes the latest behaviors and tactics of cyberadversaries to help organizations strengthen their cybersecurity strategies. Continue Reading
By
- Paul Kirvan
- Kinza Yasar, Technical Writer
- Ben Lutkevich, Site Editor
Definition 10 Oct 2024
What is threat intelligence?

Threat intelligence, also known as cyberthreat intelligence, is information gathered from a range of sources about current or potential attacks against an organization. Continue Reading
By
Definition 10 Oct 2024
What is extended detection and response (XDR)?

Extended detection and response (XDR) is a technology-driven cybersecurity process designed to help organizations detect and remediate security threats across their entire IT environment. Continue Reading
By
- Paul Kirvan
- Sean Michael Kerner
Definition 09 Oct 2024
What is user behavior analytics (UBA)?

User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems. Continue Reading
By
- Cameron Hashemi-Pour, Site Editor
- Peter Loshin, Former Senior Technology Editor
- Madelyn Bacon, TechTarget
News 08 Oct 2024
High-severity Qualcomm zero-day vulnerability under attack

Qualcomm urges customers to patch the memory corruption vulnerability as Google researchers have observed targeted exploitation in the wild against the flaw. Continue Reading
By
- Arielle Waldman, News Writer
Tip 04 Oct 2024
Contact center fraud: How to detect and prevent it

Contact centers can be sitting ducks for fraudsters, but comprehensive agent training, authentication techniques and advanced technologies can protect businesses and customers. Continue Reading
By
- Kathleen Richards
- Andrew Froehlich, West Gate Networks
Feature 03 Oct 2024
'Defunct' DOJ ransomware task force raises questions, concerns

A report from the Office of the Inspector General reviewed the U.S. Department of Justice's efforts against ransomware and found its task force was largely ineffective. Continue Reading
By
- Arielle Waldman, News Writer
News 01 Oct 2024
Law enforcement agencies arrest 4 alleged LockBit members

Operation Cronos' efforts to disrupt the LockBit ransomware gang continue as authorities announced the arrests of four alleged members, including one developer. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Sep 2024
Onapsis debuts SAP security capabilities for BTP

New capabilities from Onapsis are aimed at enabling customers to assess security for and protect SAP Business Technology Platform from configuration and other vulnerabilities. Continue Reading
By
- Jim O'Donnell, News Writer
News 26 Sep 2024
Ransomware Task Force finds 73% attack increase in 2023

The Institute for Security and Technology's Ransomware Task Force says a shift to big game hunting tactics led to a significant rise in attacks last year. Continue Reading
By
- Arielle Waldman, News Writer
News 24 Sep 2024
Arkansas City water treatment facility hit by cyberattack

While disruptions are limited, the attack on the water treatment facility highlights how the critical infrastructure sector remains a popular target for threat actors. Continue Reading
By
- Arielle Waldman, News Writer
News 19 Sep 2024
Microsoft warns of Russian election threats, disinformation

As the 2024 U.S. presidential election nears, Microsoft detailed new influence campaigns, such as fake videos aimed at discrediting Vice President Kamala Harris. Continue Reading
By
- Arielle Waldman, News Writer
News 19 Sep 2024
FBI disrupts another Chinese state-sponsored botnet

The FBI said the massive botnet, which included 260,000 connected devices, was developed and operated by a publicly traded Chinese company named Integrity Technology Group. Continue Reading
By
- Rob Wright, Senior News Director
News 18 Sep 2024
Huntress warns of attacks on Foundation Software accounts

The cybersecurity company observed a brute force attack campaign targeting Foundation customers that did not change default credentials in their accounting software. Continue Reading
By
- Arielle Waldman, News Writer
Feature 17 Sep 2024
Infosec experts detail widespread Telegram abuse

Cybersecurity vendors say threat activity on Telegram has grown rapidly in recent years, and they don't expect the arrest of founder and CEO Pavel Durov to change that trend. Continue Reading
By
- Arielle Waldman, News Writer
Answer 16 Sep 2024
How important is authentication in email marketing?

Marketers who have email strategies must understand the importance of authentication protocols to ensure campaigns are successful and bad actors don't reach customers. Continue Reading
By
- Griffin LaFleur, Swing Education
Tip 16 Sep 2024
Explaining cybersecurity tabletop vs. live-fire exercises

Tabletop games and live-fire exercises are two ways to test the effectiveness of enterprise security controls and defenses. Discover how each works and how they differ. Continue Reading
By
- Rob Shapland
News 16 Sep 2024
Windows spoofing flaw exploited in earlier zero-day attacks

Microsoft reveals that CVE-2024-43461, which was disclosed in September's Patch Tuesday, was previously exploited as a zero-day vulnerability in an attack chain. Continue Reading
By
- Rob Wright, Senior News Director
Tip 13 Sep 2024
How AI could change threat detection

AI is changing technology as we know it. Discover how it's already improving organizations' ability to detect cybersecurity threats and how its benefits could grow as AI matures. Continue Reading
By
- Mary K. Pratt
News 12 Sep 2024
Mastercard to acquire Recorded Future for $2.65B

Mastercard says the addition of threat intelligence vendor Recorded Future will bolster its cybersecurity services as threats against the financial sector continue to rise. Continue Reading
By
- Arielle Waldman, News Writer
Definition 12 Sep 2024
What is threat detection and response (TDR)? Complete guide

Threat detection and response (TDR) is the process of recognizing potential cyberthreats and reacting to them before harm can be done to an organization. Continue Reading
By
- Phil Sweeney, Industry Editor
News 11 Sep 2024
Microsoft: Zero-day vulnerability rolled back previous patches

On Patch Tuesday, Microsoft addresses a critical zero-day vulnerability that reversed previous fixes for older vulnerabilities and put Windows 10 systems at risk. Continue Reading
By
- Arielle Waldman, News Writer
Tip 11 Sep 2024
How to prevent vendor email compromise attacks

Vendor email compromise is one of the latest email attacks to hit headlines. Learn how to prevent becoming a victim to this potentially expensive scheme. Continue Reading
By
- Amanda Scheldt
News 09 Sep 2024
Akira ransomware gang targeting SonicWall VPN accounts

Arctic Wolf recently observed the Akira ransomware gang compromising SonicWall SSL VPN accounts, which could be connected to a critical vulnerability in SonicOS. Continue Reading
By
- Arielle Waldman, News Writer
Definition 06 Sep 2024
What is network detection and response (NDR)?

Network detection and response (NDR) technology continuously scrutinizes network traffic to identify suspicious activity and potentially disrupt an attack. Continue Reading
By
- Michael Levan
Tip 06 Sep 2024
Threat hunting frameworks, techniques and methodologies

Threat hunting's proactive approach plays a vital role in defending against cyberattacks. Learn about the frameworks, methodologies and techniques that make it so effective. Continue Reading
By
- Dave Shackleford, Voodoo Security
Definition 06 Sep 2024
What is identity threat detection and response (ITDR)?

Identity threat detection and response (ITDR) is a collection of tools and best practices aimed at defending against cyberattacks that specifically target user identities or identity and access management (IAM) infrastructure. Continue Reading
By
- Mary K. Pratt
Definition 06 Sep 2024
What is MXDR, and do you need it?

Managed extended detection and response (MXDR) is an outsourced service that collects and analyzes threat data from across an organization's IT environment. Continue Reading
By
- Char Sample, ICF International
Tip 05 Sep 2024
What is threat hunting? Key strategies explained

If you are ready to take a more proactive approach to cybersecurity, threat hunting might be a tactic to consider. Here's what security teams should know. Continue Reading
By
- Ed Moyle, Drake Software
Feature 28 Aug 2024
Halliburton cyberattack explained: What happened?

Oil field services provider Halliburton reported on Aug. 23, 2024, that it was the victim of a cyberattack, adding another to the growing list of cyberincidents. Continue Reading
By
- Sean Michael Kerner
News 28 Aug 2024
Volt Typhoon exploiting Versa Director zero-day flaw

Lumen Technologies researchers have observed exploitation of CVE-2024-39717 against four U.S. organizations in the ISP, MSP and IT sectors. Continue Reading
By
- Rob Wright, Senior News Director
Feature 27 Aug 2024
Infosec industry calls for more public sector collaboration

As cyberattacks continue to rise, infosec professionals address the need to increase private and public sector partnerships to assist law enforcement operations. Continue Reading
By
- Arielle Waldman, News Writer
Tip 26 Aug 2024
How to use the NIST CSF and AI RMF to address AI risks

Companies are increasingly focused on how they can use AI but are also worried about their exposure to AI-fueled cybersecurity risks. Two NIST frameworks can help. Continue Reading
By
- Matthew Smith, Seemless Transition LLC
Tip 26 Aug 2024
5 open source Mitre ATT&CK tools

Security teams that use the Mitre ATT&CK framework should consider using these open source tools to help map attacker techniques to the knowledge base. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Answer 26 Aug 2024
How does DMARC affect email marketing?

Marketers must prepare for DMARC to ensure their emails reach customers' inboxes -- rather than their spam or junk folders -- and to build trust between consumers and the brand. Continue Reading
By
- Griffin LaFleur, Swing Education
Conference Coverage 23 Aug 2024
The latest from Black Hat USA 2024

Use this guide to Black Hat 2024 to keep up on breaking news, trending topics and expert insights from one of the world's top cybersecurity conferences. Continue Reading
By
- Sharon Shea, Executive Editor
Definition 20 Aug 2024
What is cloud detection and response (CDR)?

Cloud computing requires a security approach that is different than traditional protections. Where does cloud detection and response fit into a cybersecurity strategy? Continue Reading
By
- Michael Levan
Tip 19 Aug 2024
Guide to data detection and response (DDR)

Data is one of the most important assets in any organization. To truly protect it, you need a DDR strategy. Here's what you need to know, with tips on buying DDR tools. Continue Reading
By
- Sean Michael Kerner
Tip 19 Aug 2024
EDR vs. MDR vs. XDR: Key differences

One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
By
- Paul Kirvan
Opinion 16 Aug 2024
Cyber-risk management: Key takeaways from Black Hat 2024

Product updates announced at Black Hat USA 2024 can help security teams better manage constantly changing attack surfaces and ensure new AI projects won't pose security risks. Continue Reading
By
- David Vance
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 15 Aug 2024
New deepfake audio detector released as U.S. election nears

The tool can identify AI-generated speech. The release follows wide circulation of deepfakes of vice president Kamala Harris and X owner Elon Musk. Continue Reading
By
- Esther Ajao, News Writer
Tip 15 Aug 2024
How to select an MDR security service

With the threat landscape as challenging as it is, organizations are looking for reinforcements. One option is to bolster detection and response via third-party MDR services. Continue Reading
By
- Sean Michael Kerner
Tip 13 Aug 2024
SIEM vs. SOAR vs. XDR: Evaluate the key differences

SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs. Continue Reading
By
- Paul Kirvan
News 12 Aug 2024
Flashpoint CEO: Cyber, physical security threats converging

Although Flashpoint is known for their cybersecurity threat intelligence services, the vendor also provides physical security intelligence to its clientele. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 12 Aug 2024
EDR testing: How to validate EDR tools

Cutting through an EDR tool's marketing hype is difficult. Ask vendors questions, and conduct testing before buying a tool to determine if it solves your organization's pain points. Continue Reading
By
- Rob Shapland
News 07 Aug 2024
Veracode highlights security risks of GenAI coding tools

At Black Hat USA 2024, Veracode's Chris Wysopal warned of the downstream effects of how generative AI tools are helping developers write code faster. Continue Reading
By
- Arielle Waldman, News Writer
News 07 Aug 2024
Researchers unveil AWS vulnerabilities, 'shadow resource' vector

During a Black Hat USA 2024 session, Aqua Security researchers demonstrated how they discovered six cloud vulnerabilities in AWS services and a new attack vector. Continue Reading
By
- Rob Wright, Senior News Director
Definition 02 Aug 2024
What is endpoint security? How does it work?

Endpoint security is the protection of endpoint devices against cybersecurity threats. Continue Reading
By
- Sean Michael Kerner
News 31 Jul 2024
Microsoft confirms DDoS attack disrupted cloud services

Microsoft suffered a DDoS attack on Tuesday that caused massive outages for customers around the world. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 30 Jul 2024
Be prepared for breach disclosure and a magnitude assessment

Organizations need to take a proactive approach to monitoring data stores continuously, and in the case of a breach, assess the magnitude quickly and accurately. DSPM can help you. Continue Reading
By
- Todd Thiemann, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 29 Jul 2024
6 types of DNS attacks and how to prevent them

DNS servers are vulnerable to a variety of attacks, but there are steps you can take to secure them from danger. Continue Reading
By
- Ravi Das, ML Tech Inc.
Feature 25 Jul 2024
The differences between open XDR vs. native XDR

Extended detection and response tools are open or native. Learn the differences between them, and get help choosing the right XDR type for your organization. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 25 Jul 2024
EDR vs. SIEM: What's the difference?

Endpoint detection and response and security information and event management tools offer organizations benefits, but each plays a specific role, so it's worth having both. Continue Reading
By
- Ravi Das, ML Tech Inc.
News 24 Jul 2024
KnowBe4 catches North Korean hacker posing as IT employee

KnowBe4 says it hired a new principal security engineer for its internal AI team, but quickly detected suspicious activity originating from the employee's workstation. Continue Reading
By
- Arielle Waldman, News Writer
Feature 24 Jul 2024
AT&T data breach: What's next for affected customers?

Another breach has affected millions of people -- this time it is AT&T customers. Learn more about this AT&T breach and what to do if you were part of this attack. Continue Reading
By
- Amanda Hetler, Senior Editor
Tip 24 Jul 2024
How to implement an attack surface management program

Keeping attackers away from corporate assets means keeping constant vigilance over the organization's attack surface. An attack surface management program can help. Continue Reading
By
- Michael Cobb
Tutorial 23 Jul 2024
Intro: How to use BlackArch Linux for pen testing

BlackArch Linux offers a lot of pen testing and security benefits, but it requires knowledgeable and independent professionals who can put the distribution to work. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Feature 23 Jul 2024
The ultimate guide to cybersecurity planning for businesses

This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
By
- Craig Stedman, Industry Editor
Tip 22 Jul 2024
Cloud detection and response: CDR vs. EDR vs. NDR vs. XDR

Cloud detection and response is the latest detection and response tool. Explore how it differs from endpoint, network and extended detection and response tools. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 18 Jul 2024
Fin7 helps ransomware gangs with EDR bypass

SentinelOne found the Russia-based cybercriminal group is helping other threat actors, including ransomware gangs, to evade detection with a custom tool named AvNeutralizer. Continue Reading
By
- Arielle Waldman, News Writer
Tutorial 18 Jul 2024
How to use Pwnbox, the cloud-based VM for security testing

Pwnbox offers users the chance to hone their skills about security concepts and tools without having to build a costly lab environment. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Definition 15 Jul 2024
What is an intrusion detection system (IDS)?

An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered. Continue Reading
By
- Cameron Hashemi-Pour, Site Editor
- Ben Lutkevich, Site Editor
News 11 Jul 2024
Ransomware gangs increasingly exploiting vulnerabilities

New research from Cisco Talos highlighted three of the most popular known vulnerabilities that were exploited by ransomware gangs for initial access during 2023 and 2024. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Jul 2024
Check Point sheds light on Windows MSHTML zero-day flaw

A Check Point Software Technologies researcher who discovered CVE-2024-38112 said the Windows spoofing vulnerability may have been exploited as far back at January 2023. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 09 Jul 2024
CISOs on how to improve cyberthreat intelligence programs

Organizations need to take a focused approach to gain visibility into targeted threats for cyber-risk mitigation and incident response. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 09 Jul 2024
Governments issue warning on China's APT40 attacks

Government agencies say APT40 continues to pose significant risk to organizations across the globe by exploiting vulnerabilities in public-facing applications. Continue Reading
By
- Arielle Waldman, News Writer
Feature 08 Jul 2024
How AI-driven SOC tech eased alert fatigue: Case study

Alert fatigue is real, and it can cause big problems in the SOC. Learn how generative AI can improve security outcomes and reduce analysts' frustration in this case study. Continue Reading
By
- Alissa Irei, Senior Site Editor
Definition 05 Jul 2024
What is a cyber attack? How they work and how to stop them

A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Mary K. Pratt
Tip 05 Jul 2024
16 common types of cyberattacks and how to prevent them

To stop cybercrime, companies must understand how they're being attacked. Here are the most damaging types of cyberattacks and what to do to prevent them. Continue Reading
By
- Michael Cobb
News 01 Jul 2024
Critical OpenSSH vulnerability could affect millions of servers

Exploitation against CVE-2024-6387, which Qualys nicknamed 'regreSSHion,' could let attackers bypass security measures and gain root access to vulnerable servers. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Jun 2024
TeamViewer breached by Russian state actor Midnight Blizzard

TeamViewer says a Russian state-sponsored threat actor known as Midnight Blizzard gained accessed to the company's corporate network via compromised employee credentials. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tutorial 28 Jun 2024
How to use Social-Engineer Toolkit

Testing system components for vulnerabilities is just one part of the network security equation. What's the best way to measure users' resilience to social engineering threats? Continue Reading
By
- Ed Moyle, Drake Software
News 26 Jun 2024
LockBit claim about hacking U.S. Federal Reserve fizzles

Evolve Bank & Trust confirmed that it was affected by a cybersecurity-related incident, but has not yet said whether the LockBit ransomware gang was responsible. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 26 Jun 2024
MoveIt Transfer vulnerability targeted amid disclosure drama

Progress Software's MoveIt Transfer is under attack again, just one year after a Clop ransomware actor exploited a different zero-day MoveIt flaw against thousands of customers. Continue Reading
By
- Arielle Waldman, News Writer
Answer 26 Jun 2024
SPF, DKIM and DMARC: What are they and how do they work together?

Internet protocols for email authentication -- SPF, DKIM and DMARC -- coordinate defense against spammers, phishing and other spoofed email problems. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 25 Jun 2024
CISA discloses breach of Chemical Security Assessment Tool

The breach, which CISA first disclosed in March, stemmed from Ivanti zero-day vulnerabilities that a Chinese nation-state threat actor first exploited in January. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 25 Jun 2024
What is security information and event management (SIEM)?

Security information and event management (SIEM) is an approach to security management that combines security information management (SIM) and security event management (SEM) functions into one security management system. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
Video 21 Jun 2024
Benefits of dark web monitoring

Dark web monitoring helps organizations stay ahead of cybersecurity threats by detecting proprietary data breaches, securing accounts and ensuring compliance. Continue Reading
By
- Sabrina Polin, Managing Editor
News 20 Jun 2024
SolarWinds Serv-U vulnerability under attack

The Centre for Cybersecurity Belgium observed exploitation against CVE-2024-28995, a high-severity vulnerability in SolarWind's Serv-U file transfer product. Continue Reading
By
- Arielle Waldman, News Writer
Answer 20 Jun 2024
Port scan attacks: What they are and how to prevent them

Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and defend against port scan attacks. Continue Reading
By
- Michael Cobb
News 12 Jun 2024
Black Basta might have exploited Microsoft flaw as zero-day

While investigating a ransomware attack, Symantec found evidence that suggests Black Basta threat actors exploited a Microsoft vulnerability as a zero-day. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Jun 2024
Acronis XDR expands endpoint security capabilities for MSPs

Extended detection and response capabilities for the Acronis platform can automatically lock accounts and generate incident summaries for MSPs looking for additional security. Continue Reading
By
- Tim McCarthy, News Writer
Definition 10 Jun 2024
communications intelligence (COMINT)

Communications intelligence (COMINT) is information gathered from the communications between individuals or groups of individuals, including telephone conversations, text messages, email conversations, radio calls and online interactions. Continue Reading
By
- Rahul Awati
Definition 07 Jun 2024
electronic intelligence (ELINT)

Electronic intelligence (ELINT) is intelligence gathered using electronic sensors, usually used in military applications. Continue Reading
By
- Rahul Awati
Tip 07 Jun 2024
How to conduct an API risk assessment and improve security

APIs are essential, but hackers find them attractive targets. A comprehensive API risk assessment strategy helps you identify potential vulnerabilities. Continue Reading
By
- Paul Kirvan
News 06 Jun 2024
Critical Progress Telerik vulnerability under attack

Threat actors are targeting vulnerable Progress Telerik Report Server systems just days after a proof of concept was published detailing a vulnerability exploit chain. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Jun 2024
Mandiant: Ransomware investigations up 20% in 2023

The cybersecurity company observed a sharp rise in activity on data leak sites in 2023 as well as an increase in ransomware actors using legitimate commercial tools during attacks. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Jun 2024
Hugging Face tokens exposed, attack scope unknown

After detecting unauthorized access on its Spaces platform, Hugging Face disclosed that customer secrets might have been exposed and began revoking access tokens. Continue Reading
By
- Arielle Waldman, News Writer
Tip 03 Jun 2024
Using ChatGPT as a SAST tool to find coding errors

ChatGPT is lauded for its ability to generate code for developers, raising questions about the security of that code and the tool's ability to test code security. Continue Reading
By
- Matthew Smith, Seemless Transition LLC
News 30 May 2024
Law enforcement conducts 'largest ever' botnet takedown

An international law enforcement effort called 'Operation Endgame' disrupted several infamous malware loaders and botnets used by ransomware gangs and other cybercriminals. Continue Reading
By
- Arielle Waldman, News Writer
News 23 May 2024
93% of vulnerabilities unanalyzed by NVD since February

New research from VulnCheck shows the NIST's National Vulnerability Database has struggled to manage a growing number of reported vulnerabilities this year. Continue Reading
By
- Arielle Waldman, News Writer
Tip 21 May 2024
5 Mitre ATT&CK framework use cases

The Mitre ATT&CK framework helps security teams better protect their organizations. Read up on five Mitre ATT&CK use cases to consider adopting, from red teaming to SOC maturity. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
News 21 May 2024
Rapid7 warns of alarming zero-day vulnerability trends

The cybersecurity vendor tracked vulnerabilities that were used by threat actors in mass compromise events and found more than half were exploited as zero days. Continue Reading
By
- Arielle Waldman, News Writer
Definition 20 May 2024
ATM jackpotting

ATM jackpotting is the exploitation of physical and software vulnerabilities in automated banking machines that result in the machines dispensing cash. Continue Reading
By
- Rahul Awati
News 16 May 2024
What LockBitSupp charges mean for ransomware investigations

At RSA Conference 2024, Recorded Future's Allan Liska discussed evolving ransomware trends and how authorities recently exposed the LockBit ransomware group ringleader. Continue Reading
By
- Arielle Waldman, News Writer