Vulnerabilities/Threats

Timing of the move has evoked at least some skepticism from security experts about the country's true motives.

An attack discovered on Dec. 4, 2021 forced the Maryland Department of Health to take some of its systems offline.

The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.

The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.

A series of attacks against small and medium-sized businesses has led to major cryptocurrency losses for the victims.

Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.

The reward is always front of mind, while the potential harm of giving out a phone number doesn't immediately reveal itself.

The vulnerability was patched this week in Microsoft's set of security updates for January 2022.

In this Tech Tip, SANS Institute’s Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.

Ox4Shell exposes hidden payloads thatare actively being used to confuse security protection tools and security teams.

An attack campaign detected in October delivers variants of Nanocore, Netwire, and AsyncRATs to target user data.

The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing.

By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.

Nine of the Microsoft patches released today are classified as Critical, 89 are Important, and six are publicly known.

Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.