Threats

Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.

  • Main Targets of Ransomware Attacks & What They Look For

    Ransomware has become a potent tool for cybercriminals looking to exploit companies’ sensitive data for profit. Ransomware attacks have affected businesses across all sizes, locations, and industries, from banking and financial services to utilities to education. When trying to keep your business safe from potential attacks, just as important as any kind of ransomware protection…

  • Almost Half of All Chrome Extensions Are Potentially High-Risk

    In a recent study of 1,237 Chrome extensions with a minimum of 1,000 downloads, Incogni researchers found that nearly half ask for permissions that could potentially expose personally identifiable information (PII), distribute adware and malware, or even log everything users do online, including accessing passwords and financial data. Almost half (48.66 percent) of all Chrome…

  • Russian Infostealer Gangs Steal 50 Million Passwords

    Group-IB cybersecurity researchers recently identified several Russian-speaking cybercrime groups offering infostealing malware-as-a-service (MaaS), resulting in the theft of more than 50 million passwords thus far. The cybercrime groups are using Raccoon and Redline malware to steal login credentials for Steam, Roblox, Amazon and PayPal, as well as payment records and crypto wallet information. In the…

  • Microsoft Warns of Surge in Token Theft, Bypassing MFA

    The Microsoft Detection and Response Team (DART) recently warned that attackers are increasingly using token theft to circumvent multi-factor authentication (MFA). “By compromising and replaying a token issued to an identity that has already completed multifactor authentication, the threat actor satisfies the validation of MFA and access is granted to organizational resources accordingly,” the team…

  • Vulnerability Patching: How to Prioritize and Apply Patches

    Every IT environment and cybersecurity strategy has vulnerabilities. To avoid damage or loss, organizations need to find and eliminate those vulnerabilities before attackers can exploit them. Some of those vulnerabilities will be found and fixed by vendors, who will provide patches and updates for their products. Other vulnerabilities cannot be patched and will require coordination…

  • Major TTE Flaw Could Threaten Critical Infrastructure, Including Aircraft

    Researchers at the University of Michigan and NASA are warning of a major flaw in the TTE (Time-Triggered Ethernet) protocol, which is used in a wide range of critical infrastructure, including spacecraft, aircraft, energy generation systems, and industrial control systems. TTE reduces cost and improves efficiency by allowing mission-critical devices (like flight controls) to leverage…

  • Azov ‘Ransomware’ Wipes Data, Blames Security Researchers

    Check Point security researchers recently described the Azov ransomware as an “effective, fast, and unfortunately unrecoverable data wiper,” noting that the malware seems far more focused on destroying data than on any effort to demand a ransom. As Check Point’s Jiří Vinopal put it, “Be careful about this one… If you get infected -> System…

  • ProxyNotShell Finally Gets Patched by Microsoft

    Microsoft’s November 2022 Patch Tuesday includes fixes for more than 60 vulnerabilities affecting almost 40 different products, features and roles – including patches for CVE-2022-41040 and CVE-2022-41082, the ProxyNotShell flaws disclosed last month. “It took Microsoft more than two months to provide the patch, even though the company admitted that ProxyNotShell actively exploited the vulnerabilities…

  • Threat Group Continuously Updates Malware to Evade Antivirus Software

    Kaspersky researchers recently found evidence of an advanced threat group continuously updating its malware to evade security products, similar to a release cycle for developers. Kaspersky revealed that APT10, also known as the Cicada hacking group, has successfully deployed the LODEINFO malware in government, media, public sector, and diplomatic organizations in Japan. LODEINFO has been…

  • The History of Computer Viruses & Malware

    If you’ve used a computer for more than 5 minutes, you probably know a thing or two about computer viruses and malware. On the modern Internet, malware is a near-constant presence. Whether it’s infected emails stealing employee access credentials or the plague of ransomware that has menaced the business world in recent years, there are…

Get the free newsletter

Subscribe to Cybersecurity Insider for top news, trends & analysis

This field is required This field is required

IT Security Resources

Top Cybersecurity Companies

See Full List