![zero](https://img.helpnetsecurity.com/wp-content/uploads/2019/02/09095247/zero-400x200.jpg)
The not so scary truth about zero-day exploits
We don’t know what we don’t know; this is the quintessential problem plaguing security teams and the primary reason that zero-day exploits can cause such damage. …
![Linux](https://img.helpnetsecurity.com/wp-content/uploads/2017/06/09103831/linux-400x200.jpg)
Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)
An easily exploitable vulnerability (CVE-2022-0847) in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking …
![shark](https://img.helpnetsecurity.com/wp-content/uploads/2019/03/09095053/shark-400x200.jpg)
Top threat activities this year
ZeroFox published a threat intelligence forecast for 2022, detailing expected cybercriminal behavior trends including ransomware, malware-as-a-service, vulnerabilities and …
![](https://img.helpnetsecurity.com/wp-content/uploads/2016/08/09111153/future-400x200.jpg)
Log4Shell: A retrospective
Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and …
![RDP](https://img.helpnetsecurity.com/wp-content/uploads/2022/02/09150224/rdp-brute-force-400x200.jpg)
End of 2021 witnessed an explosion of RDP brute-force attacks
RDP brute-force attacks continue to be one of the most used attack vectors for breaching enterprise networks, ESET’s latest Threat Report has revealed. RDP brute-force …
![ransomware](https://img.helpnetsecurity.com/wp-content/uploads/2021/04/27174916/ransomware-hands-400x200.jpg)
Ransomware families becoming more sophisticated with newer attack methods
Ivanti, Cyber Security Works and Cyware announced a report which identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over …
![malware](https://img.helpnetsecurity.com/wp-content/uploads/2020/08/19133655/malware-skull-red-400x200.jpg)
DazzleSpy: macOS backdoor delivered through watering hole attacks
In late 2021, a never before seen macOS backdoor was delivered to pro-democracy individuals in Hong Kong via fake and compromised sites (for example, that of local radio …
![linux tux](https://img.helpnetsecurity.com/wp-content/uploads/2016/01/09195038/linux-tux-400x200.jpg)
PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034)
A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by …
![swirl](https://img.helpnetsecurity.com/wp-content/uploads/2019/01/09095501/swirl-400x200.jpg)
Attackers bypass Microsoft patch to deliver Formbook malware
Sophos Labs researchers have detected the use of a novel exploit able to bypass a patch for a critical vulnerability (CVE-2021-40444) affecting the Microsoft Office file …
![Log4j](https://img.helpnetsecurity.com/wp-content/uploads/2021/12/15084105/log4j-hns-bw-400x200.jpg)
Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations
Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. …
![tunnel](https://img.helpnetsecurity.com/wp-content/uploads/2018/06/09100728/tunnel-400x200.jpg)
Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including …
![Windows](https://img.helpnetsecurity.com/wp-content/uploads/2018/07/09100610/windows-400x200.jpg)
After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its …
Featured news
Sponsored
Don't miss
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)