A perspective on security threats and trends, from inception to impact
Sophos published a report which flags how ransomware and fast-changing attacker behaviors, from advanced to entry level, will shape the threat landscape and IT security in …
70% of organizations experienced a public cloud security incident in the last year
70% of organizations experienced a public cloud security incident in the last year – including ransomware and other malware (50%), exposed data (29%), compromised accounts …
Fake “DNS Update” emails targeting site owners and admins
Attackers are trying to trick web administrators into sharing their admin account login credentials by urging them to activate DNSSEC for their domain. Scam emails lead to …
Paying the ransom = paying double
Paying cybercriminals to restore data encrypted during a ransomware attack is not an easy and inexpensive path to recovery, a Sophos survey reveals. In fact, the total cost of …
Attackers exploiting a zero-day in Sophos firewalls, have yours been hit?
Sophos has released an emergency hotfix for an actively exploited zero-day SQL injection vulnerability in its XG Firewalls, and has rolled it out to all units with the …
No, Corona Antivirus can’t fight COVID-19
COVID-19-themed scams are exploding both online and offline. Hijacked Twitter accounts peddling fake cures, scammy sites offering emergency supplies, misinformation campaigns, …
Microsoft releases patch for leaked SMBv3 RCE flaw
After the inadvertent leaking of details about a wormable Windows SMBv3 RCE flaw (CVE-2020-0796) on Tuesday, Microsoft has rushed to release a patch (i.e., security updates). …
Coronavirus-themed scams and attacks intensify
Scammers and other criminals are always quick to take advantage of crises, and this latest – centered around the spread of the deadly Covid-19 coronavirus around the …
Google fixes another Chrome zero-day exploited in the wild
For the third time in a year, Google has fixed a Chrome zero-day (CVE-2020-6418) that is being actively exploited by attackers in the wild. About CVE-2020-6418 No details have …
What is flowing through your enterprise network?
Since Edward Snowden’s revelations of sweeping internet surveillance by the NSA, the push to encrypt the web has been unrelenting. Bolstered by Google’s various initiatives …
Ransomware uses vulnerable, signed driver to disable endpoint security
Ransomware-wielding attackers have devised a novel tactic for disabling security protections that might get in their way: they are using a deprecated, vulnerable but signed …
Phishers impersonate WHO, exploit coronavirus-related anxiety
Media outlets are reporting daily on the coronavirus outbreak in Wuhan and the emergency repatriation of foreign citizens that found themselves in the thick of it. As cases of …
Featured news
Resources
Don't miss
- Apple offers $2 million for zero-click exploit chains
- Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371)
- October 2025 Patch Tuesday forecast: The end of a decade with Microsoft
- From theory to training: Lessons in making NICE usable
- Securing agentic AI with intent-based permissions