New & Notable
News
Spyware vendors behind 75% of zero-days targeting Google
Google observed 97 zero-day vulnerabilities exploited in the wild last year, which was more than a 50% increase over the 62 exploited zero-day vulnerabilities tracked in 2022.
News
Unpatched flaw in Anyscale's Ray AI framework under attack
Oligo Security researchers say thousands of Ray servers have been compromised through the flaw, but Anyscale said it has received no reports of exploitation.
Manage
Use sudo insults to add spice to incorrect password attempts
The life of an admin doesn't have to be dry. When a user enters a wrong password, for example, why not respond with a message that says, 'You're fired!' With sudo insults, you can.
News
Flashpoint observes 84% surge in ransomware attacks in 2023
The threat intelligence vendor anticipates that enterprises will continue to face increases in ransomware activity and data breaches in 2024, with some silver linings ahead.
Trending Topics
-
Data Security & Privacy News
Flashpoint observes 84% surge in ransomware attacks in 2023
The threat intelligence vendor anticipates that enterprises will continue to face increases in ransomware activity and data breaches in 2024, with some silver linings ahead.
-
Threats & Vulnerabilities News
'GoFetch' attack spells trouble for Apple M-series chips
Academic researchers discovered a hardware optimization feature called 'data memory-dependent prefetcher' could be abused to extract secret encryption keys from vulnerable systems.
-
IAM News
Proofpoint: 'Hundreds' of Azure accounts compromised
Proofpoint researchers found that the attackers manipulated the MFA of compromised accounts, registering their own methods to maintain persistent access.
-
Analytics & Automation Evaluate
Surprising ways Microsoft Copilot for Security helps infosec
Microsoft Copilot is the first of many GenAI tools that should help security leaders accelerate their program development and strengthen security postures.
-
Network Security Evaluate
Agent vs. agentless security: Learn the differences
Enterprises can either use an agent or agentless approach to monitor and secure their networks. Each approach has benefits and drawbacks.
-
Operations & Management News
CISA urges defensive actions against Volt Typhoon threats
The U.S. cybersecurity agency advised critical infrastructure leaders to adopt several best practices and defensive measures to protect against Chinese state-sponsored attacks.
Topics Covered
Application and platform security
Careers and certifications
Cloud security
Compliance
Data security and privacy
Identity and access management
Network security
Risk management
Security analytics and automation
Security operations and management
Threat detection and response
Threats and vulnerabilities
Find Solutions For Your Project
-
Evaluate
Top 6 data security posture management use cases
Data security posture management is a top 10 security issue for 2024, according to research. Check out the top six use cases for DSPM and weigh in on other possibilities.
-
Agent vs. agentless security: Learn the differences
-
U.S. data privacy protection laws: 2024 guide
-
EDR vs. antivirus: What's the difference?
-
-
Problem Solve
How to prevent cloud account hijacking attacks
The ability to identify the various methods of cloud account hijacking is key to prevention. Explore three ways to limit potential consequences of cloud credential compromise.
-
How to defend against phishing as a service and phishing kits
-
4 types of prompt injection attacks and how they work
-
Use cloud threat intelligence to protect critical data and assets
-
-
Manage
10 remote work cybersecurity risks and how to prevent them
Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments.
-
How to manage third-party risk in the cloud
-
How to craft a generative AI security policy that works
-
5 PaaS security best practices to safeguard the app layer
-
-
E-Handbook | July 2021
Mitigating risk-based vulnerability management challenges
Download -
E-Handbook | June 2021
Security observability tools step up threat detection, response
Download -
E-Handbook | January 2021
SolarWinds supply chain attack explained: Need-to-know info
Download -
E-Handbook | November 2020
Cyber insurance 101: Timely guidance on an essential tool
Download -
E-Zine | November 2020
AI cybersecurity raises analytics' accuracy, usability
Download
Information Security Basics
-
Get Started
How to perform a data protection impact assessment
Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information.
-
Get Started
Fuzzy about fuzz testing? This fuzzing tutorial will help
Organizations are searching for ways to automate and improve their application security processes. Fuzz testing is one way to fill in some of the gaps.
-
Get Started
virus (computer virus)
A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an infected system and it often propagates to other systems, much like a biological virus spreads from host to host.
Multimedia
-
News
View All -
Data security and privacy
Flashpoint observes 84% surge in ransomware attacks in 2023
The threat intelligence vendor anticipates that enterprises will continue to face increases in ransomware activity and data breaches in 2024, with some silver linings ahead.
-
Threat detection and response
SQL injection vulnerability in Fortinet software under attack
Fortinet and CISA confirmed CVE-2023-48788 is being actively exploited. But the Shadowserver Foundation found that many vulnerable instances remain online.
-
Application and platform security
Top.gg supply chain attack highlights subtle risks
Threat actors used fake Python infrastructure and cookie-stealing to poison multiple GitHub code repositories, putting another spotlight on supply chain risks.