Vulnerabilities/Threats

Employees don't have to be paralyzed by fear to keep the company safe. They just have to understand what threats look like and how to stop them.

Variants of the Mirai codebase are still a popular way to compromise and subvert Internet of Things devices, but experts fear more serious threats may be ahead.

The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.

Recent "BadUSB" attacks serve as a reminder of the big damage that small devices can cause.

As hostilities mount between Russia and Ukraine, new and more dangerous cyberattacks are likely to develop. Pinpointing sources and motives will remain elusive, but enterprises should prepare for an escalation in cyberspace.

Threat actors from Eastern Europe seen expressing some concern about Russia being a safe place for them to continue operating, researchers say.

Implementing these and other security procedures will greatly improve the security posture of the United States and its private partners.

New Cybersecurity National Security Memorandum will let the spy agency "identify vulnerabilities, detect malicious threat activity and drive mitigations," agency cybersecurity director says.

MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).

The incident compromised the personal data and confidential information of more than 515,000 "highly vulnerable people," the Red Cross reports.

Policy as code and other techniques can help enterprises steer clear of the dangers that have befallen otherwise sophisticated cloud customers.

Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.

Using blockchain, multifactor authentication, or signatures can help boost authentication security and reduce fraud.

"WhisperGate" malware was used to overwrite Master Boot Record and other files to render systems inoperable at several organizations in Ukraine, Microsoft says.

VirusTotal can be used to collect large amounts of credentials without infecting an organization or buying them online, researchers found.