Our news

Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, discusses best practices for securing healthcare data against the modern threat landscape.

READ MORE →

REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks, the ransom note suggests.

READ MORE →

In this Threatpost podcast, Fortinet’s top researcher sketches out the ransom landscape, with takeaways from the DarkSide attack on Colonial Pipeline.

READ MORE →

Original release date: June 2, 2021 As part of an effort to encourage a common language in threat actor analysis, CISA has released Best Practices for MITRE ATT&CK® Mapping. The guide shows analysts—through instructions and examples—how to map adversary behavior to the MITRE ATT&CK framework. CISA created this guide in partnership with the Homeland Security…

READ MORE →

Some criminals package exploits into bundles to sell on cybercriminal forums years after they were zero days, while others say bounties aren’t enough .

READ MORE →

Companies relying on their cyber-insurance policies to pay off ransomware criminals are being blamed for a recent uptick in ransomware attacks.

READ MORE →

Original release date: May 31, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info aioseo — all_in_one_seo The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with “aioseo_tools_settings” privilege (most of the time admin) to execute…

READ MORE →

The bug in HPE SIM makes it easy as pie for attackers to remotely trigger code, no user interaction necessary.

READ MORE →

Original release date: May 28, 2021 CISA and the Federal Bureau of Investigation (FBI) are responding to an ongoing spearphishing campaign targeting government organizations, intergovernmental organizations, and non-governmental organizations. A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact—a legitimate email marketing software company—to spoof a U.S. government organization and distribute links…

READ MORE →

Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact, a legitimate email marketing software…

READ MORE →