Threats
Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.
-
How Cobalt Strike Became a Favorite Tool of Hackers
Cobalt Strike was created a decade ago by Raphael Mudge as a tool for security professionals. It’s a comprehensive platform that emulates very realistic attacks. Indeed, the tool can assess vulnerabilities and run penetration tests, while most tools on the market cannot do both. Vulnerability assessment and pentesting are two different things. The first consists…
-
Russia, China May Be Coordinating Cyber Attacks: SaaS Security Firm
A SaaS security company says a spike in cyber attacks from Russia and China in recent weeks suggests the two countries may be coordinating their cyber efforts. SaaS Alerts, which helps managed service providers (MSPs) manage and protect customers’ SaaS apps, mentioned the finding in conjunction with the release of its annual SaaS Application Security…
-
U.S. Security Agencies Release Network Security, Vulnerability Guidance
The U.S. National Security Agency (NSA) released comprehensive network security guidance on March 3, on the same day that the Cybersecurity and Infrastructure Security Agency (CISA) released its longest-ever list of exploited vulnerabilities. With organizations around the world on heightened alert in the wake of Russia’s unprovoked war against Ukraine, government agencies have stepped up…
-
Newly Discovered Malware Evades Detection by Hijacking Communications
While the cybersecurity world is focused on the Russian invasion of Ukraine, new research from Symantec serves as a reminder that significant threats remain elsewhere too. Symantec this week reported a highly sophisticated malware called “Backdoor.Daxin” that “appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets” and…
-
Rainbow Table Attacks and Cryptanalytic Defenses
Rainbow table attacks are an older but still effective tactic for threat actors targeting password database vulnerabilities. Today’s advanced persistent threats might elect for more sophisticated methods like remote desktop protocol (RDP) attacks, but cryptanalytic attacks – the inspection of cryptographic systems for vulnerabilities – remain a legitimate concern in the landscape of cybersecurity threats.…
-
Doxing Attacks: From Hacker Tool to Societal Problem
The malicious attack known as doxing has gone far beyond hacker tool, with the threat now extending to most digital platforms and making nearly anyone a target. Today, doxing continues to be an intimidating prospect for digital users and is a mainstream data security problem. Online users can have a great deal of anonymity, but…
-
SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats
Critical infrastructure security has moved to the forefront of cybersecurity concerns amid the Russian invasion of Ukraine – and in at least one case has led to some pretty unique cybersecurity advice. Despite Russia and the U.S. trading cyber threats – and one disputed NBC News report that outlined possible options presented to U.S. President…
-
Zero-Click Attacks a Growing Threat
Most attacks make would-be victims click to install malware or redirect them to a phishing page to steal their credentials. Zero-click attacks remove this hurdle. They can compromise the targeted device despite a victim’s good security hygiene and practices. There is no need for social engineering, as the program can implant backdoors directly without forced…
