Exploits underway for Microsoft zero day leveraging Office documents

Until a patch is developed, the company recommends disabling ActiveX in Internet Explorer. But Huntress researchers found the workaround is not functional in all cases.

By Samantha Schwartz , David Jones • Updated Sept. 10, 2021

Are you ready for the second wave of digital transformation?

In the second wave of digital transformation, understanding Insider Risk is more important than ever.  

Sept. 7, 2021

Cyber Command urges immediate patching for Atlassian Confluence bug

Atlassian Cloud customers are not impacted by the vulnerability.

By Samantha Schwartz • Sept. 3, 2021

Machine identity remains a mystery, threatening digital security

As organizations undergo digital transformation, security often depends on authenticating the identity of connected machines. 

By David Jones • Sept. 2, 2021

Azure flaw exposes enterprise databases, raising questions on cloud security

The flaw dates back to 2019, when Microsoft added a data-visualization feature called Jupyter Notebook to the Cosmos DB, Wiz researchers said.

By David Jones • Aug. 30, 2021

More threats target Linux, a foundation for the cloud, report finds

As enterprises embrace cloud, malicious actors are finding sophisticated methods to threaten users for computing power and data theft. 

By David Jones • Aug. 25, 2021

Microsoft Exchange vulnerabilities targeted in ProxyShell attacks

Conti affiliates are now using ProxyShell exploits to target organizations during ransomware attacks, researchers found. 

By David Jones • Updated Sept. 7, 2021

Men more likely to engage in risky online behavior: report

Male employees are three times as likely to click on phishing emails, forget passwords or stream pirated content, SecurityAdvisor's research shows. 

By David Jones • Aug. 20, 2021

FDA warns of BlackBerry OS vulnerability in medical devices

The OS is often deployed in cardiac and patient monitors, drug infusion pumps, imaging, and surgical robots, according to the CEO of security consultancy Harbor Labs.

By Greg Slabodkin • Aug. 19, 2021

The most vulnerable ICS assets: operations management

A vulnerability's complexity is irrelevant if an exploit exists to sidestep security layers.

By Samantha Schwartz • Aug. 18, 2021

Up to 83M IoT devices at risk of remote access

With a risk score of 9.6 out of 10, the ThroughTek "Kalay" vulnerability could allow malicious actors to watch real-time video or gain access to credentials usable in future attacks.

By David Jones • Aug. 18, 2021

How much does phishing really cost the enterprise?

Ransomware and business email compromise are adding layers of risk, slowing productivity at U.S. companies.

By David Jones • Aug. 17, 2021

Researchers withholding vulnerabilities can create path to supply chain hacks

Bug bounty programs incentivize researchers to fully develop vulnerabilities by offering higher payouts. But that can create risk for the enterprise, Corellium's Matt Tait said.

By Samantha Schwartz • Aug. 5, 2021

Decade-old router flaw allows cross-network access, Tenable finds

Threat actors are actively exploiting the vulnerability, which impacts millions of devices across 11 countries and raises questions about the extent of undiscovered supply chain weaknesses.

By David Jones • Updated Aug. 10, 2021

A security expert's guide to the top-exploited vulnerabilities

The biggest and baddest ransomware groups love an easy vulnerability.

By Samantha Schwartz • Aug. 4, 2021

Security leaders don't control budgets, even with mounting threats

The majority of security leaders say their budget is insufficient to invest in the right technologies, research from LogRhythm and Ponemon Institute shows.

By Jen A. Miller • July 29, 2021

How 3 critical infrastructure security executives manage vulnerabilities

Assessment of risk and strategy depends on the technologies or services companies use for vulnerability alerts, according to executives during a Dragos webcast.

By Samantha Schwartz • July 26, 2021

Lack of visibility leaves critical infrastructure vulnerable to ransomware

Corporate executives approve massive payouts to attackers because they see few options to quickly restore business operations, according to security experts.

By David Jones • July 22, 2021

WFH shift tests resilience of financial services amid surge in phishing, ransomware

The Financial Stability Board warned the sector must remain vigilant amid new cyber risks and dependence on third-party technologies.

By David Jones • July 16, 2021

Failure to patch could unleash a real (print)nightmare

If the vulnerability remains unpatched, it's a ripe target for malicious actors to escalate privileges and the perfect ingredient for an exploit kit.

By Naomi Eide • Updated Aug. 11, 2021

Kaseya postpones service restoration, apologizes for attack

Outside engineers warned that Kaseya needs additional layers of protection as pre-existing vulnerabilities are revealed.

By David Jones • July 8, 2021

34% of health organizations hit by ransomware last year, report finds

Of those attacked, 65% said the cybercriminals were successful in encrypting their data, according to the report from cybersecurity company Sophos.

By Rebecca Pifer • June 30, 2021

Gaps in DOD supply chain leave Pentagon vulnerable: report

SMBs in the defense industry remain vulnerable to persistent threats, and research shows a large percentage are missing the security basics, including data storage security.

By David Jones • June 24, 2021

Legacy medical devices, growing hacker threats create perfect storm of cybersecurity risks

Hospitals are using more connected devices, many of which were not built with cybersecurity in mind, leaving healthcare organizations highly vulnerable to attacks.

By Greg Slabodkin • June 23, 2021

Attacks against container supply chains grow more sophisticated

Bad actors are finding novel methods of attacking cloud-native environments, raising new security challenges for developers. 

By David Jones • June 21, 2021