Network security
Enterprise cyberdefense strategies must include network security best practices. Get advice on essential network security topics such as remote access, VPNs, zero-trust security, NDR, endpoint management, IoT security, hybrid security, Secure Access Service Edge, mobile security and more.
Top Stories
-
Tutorial
22 Sep 2023
How to disable removable media access with Group Policy
Removable media can pose serious security problems. But there is a way to control who has access to optical disks and USB drives through Windows' Active Directory. Continue Reading
-
News
20 Sep 2023
Okta: Caesars, MGM hacked in social engineering campaign
Identity management vendor Okta had previously disclosed that four unnamed customers had fallen victim to a social engineering campaign that affected victims' MFA protections. Continue Reading
-
News
20 Sep 2023
Cyber insurance report shows surge in ransomware claims
Coalition's H1 2023 report shows ransomware activity increased and severity reached "historic" highs as businesses lost an average of more than $365,000 following an attack. Continue Reading
-
Podcast
19 Sep 2023
Risk & Repeat: MGM, Caesars casino hacks disrupt Las Vegas
This podcast episode compares the cyber attacks suffered by casino giants MGM Resorts and Caesars Entertainment in recent weeks and the fallout from them. Continue Reading
-
News
14 Sep 2023
Caesars Entertainment breached in social engineering attack
Caesars said it took steps after the breach to "ensure that the stolen data is deleted by the unauthorized actor," suggesting it paid a ransom to the attackers. Continue Reading
-
News
14 Sep 2023
Palo Alto Networks: 80% of security exposures exist in cloud
It's no surprise that organizations struggle with cloud security, but a new report reveals an alarming split between cloud and on-premise security exposures. Continue Reading
-
News
13 Sep 2023
Browser companies patch critical zero-day vulnerability
While attack details remain unknown, Chrome, Edge and Firefox users are being urged to update their browsers as an exploit for CVE-2023-4863 lurks in the wild. Continue Reading
-
News
11 Sep 2023
Cisco VPN flaw faces attempted Akira ransomware attacks
Cisco said it became aware of 'attempted exploitation' last month and referenced an Aug. 24 security advisory saying its VPNs were under attack by the Akira ransomware gang. Continue Reading
-
News
07 Sep 2023
How Storm-0558 hackers stole an MSA key from Microsoft
Microsoft detailed a series of errors that led to a consumer account signing key accidentally being included in a crash dump that was later accessed by Storm-0558 actors. Continue Reading
-
News
05 Sep 2023
Ransomware attacks on education sector spike in August
While data breach notifications for MoveIt Transfer customers continued to rise, August also saw ransomware ramp up against schools and universities as classes resumed. Continue Reading
-
News
30 Aug 2023
FBI, Justice Department dismantle Qakbot malware
The FBI operation, one of the largest U.S.-led botnet disruption efforts ever, included international partners such as France, Germany, the Netherlands and the United Kingdom. Continue Reading
-
News
29 Aug 2023
Microsoft Teams attack exposes collab platform security gaps
Criminal and state-sponsored hackers are ramping up cyberattacks on instant messaging platforms and other workplace collaboration tools. Meanwhile, enterprises' readiness lags. Continue Reading
-
News
29 Aug 2023
Mandiant reveals new backdoors used in Barracuda ESG attacks
Further investigations show threat actors were prepared for Barracuda Networks' remediation efforts, including an action notice to replace all compromised devices. Continue Reading
-
News
24 Aug 2023
FBI: Suspected Chinese actors continue Barracuda ESG attacks
The alert comes after Barracuda Networks issued an advisory stating that patches for CVE-2023-2868 were insufficient and all affected ESG devices need to be replaced. Continue Reading
-
News
23 Aug 2023
Sophos: RDP played a part in 95% of attacks in H1 2023
While Sophos observed increasing activity around Active Directory and Remote Desktop Protocol abuse, it recommended simple mitigation steps can limit the attack surface. Continue Reading
-
News
17 Aug 2023
CISA, vendors warn Citrix ShareFile flaw under attack
A vulnerability in the managed file transfer product that enterprises use is being actively exploited two months after Citrix released a fix. Continue Reading
-
News
09 Aug 2023
Onapsis researchers detail new SAP security threats
At Black Hat 2023, Onapsis researchers demonstrated how attackers could chain a series of SAP vulnerabilities impacting the P4 protocol to gain root access to a target network. Continue Reading
-
Tip
09 Aug 2023
Types of Nmap scans and best practices
Nmap scanning helps network teams with network reconnaissance and vulnerability discovery. Common types of scans include TCP SYN, OS detection, vulnerability and version detection. Continue Reading
-
News
03 Aug 2023
MoveIt Transfer attacks dominate July ransomware disclosures
Traditional ransomware attacks took a back seat last month, as Clop operators continued to claim victims from the zero-day attacks on MoveIt Transfer customers. Continue Reading
-
Tip
01 Aug 2023
Top 5 benefits of SASE to enhance network security
A cloud-based distributed architecture, centralized management and endpoint-specific security policies are just some of the benefits of Secure Access Service Edge. Continue Reading
-
News
27 Jul 2023
Google: 41 zero-day vulnerabilities exploited in 2022
While attackers increasingly exploited zero-day flaws last year, one of the most notable findings from the report emphasized how inadequate patches led to new variants. Continue Reading
-
News
25 Jul 2023
Thoma Bravo sells Imperva to Thales Group for $3.6B
With the acquisition, Thales looks to expand its Digital Security and Identity business with an increased focus on protecting web applications and API. Continue Reading
-
Tip
25 Jul 2023
5 steps to approach BYOD compliance policies
It can be difficult to ensure BYOD endpoints are compliant because IT can't configure them before they ship to users. Admins must enforce specific policies to make up for this. Continue Reading
-
News
20 Jul 2023
Cyber insurers adapting to data-centric ransomware threats
Cyber insurance carriers and infosec vendors weigh in on how the shift in ransomware tactics is affecting policies and coverage, presenting challenges for enterprises. Continue Reading
-
News
17 Jul 2023
Microsoft still investigating stolen MSA key from email attacks
While Microsoft provided additional attack details and techniques used by Storm-0558, it remains unclear how the Microsoft account signing key was acquired. Continue Reading
-
News
13 Jul 2023
Microsoft: Government agencies breached in email attacks
While Microsoft mitigated the attacks and found no evidence of further access beyond the email accounts, the Outlook breaches raised questions for the software giant. Continue Reading
-
News
12 Jul 2023
Russia-based actor exploited unpatched Office zero day
Microsoft investigated an ongoing phishing campaign that leverages Word documents to deliver malicious attachments to targeted organizations in the U.S. and Europe. Continue Reading
-
Podcast
11 Jul 2023
Risk & Repeat: How bad is Clop's MoveIt Transfer campaign?
Clop's data theft and extortion campaign against MoveIt Transfer customers marks some of the most high-profile threat activity this year, but its success level remains unclear. Continue Reading
-
News
10 Jul 2023
TPG Capital acquires Forcepoint's government unit for $2.45B
Forcepoint's Global Governments and Critical Infrastructure unit will operate independently under TPG, while the commercial business will remain at Francisco Partners. Continue Reading
-
Feature
10 Jul 2023
Wi-Fi AP placement best practices and security policies
From a security standpoint, Wi-Fi network designers should consider the physical and logical placement of APs, as well as management, segmentation and rogue devices. Continue Reading
-
News
05 Jul 2023
June saw flurry of ransomware attacks on education sector
As the school year culminated, ransomware attacks surged across K-12 schools and universities, causing class disruptions and putting sensitive data at risk. Continue Reading
-
Tutorial
05 Jul 2023
3 ways to troubleshoot using Wireshark and tcpdump
Protocol analyzer tools, such as Wireshark and tcpdump, can help network administrators identify protocols in the network, analyze network performance and discover network devices. Continue Reading
-
News
28 Jun 2023
DDoS attacks surging behind new techniques, geopolitical goals
A rise in massive DDoS attacks, some of which target the application layer and cause significant disruptions, might require new defense strategies from cybersecurity vendors. Continue Reading
-
News
27 Jun 2023
Censys finds hundreds of exposed devices in federal orgs
Censys found exposed instances of Progress Software's MoveIt Transfer and Barracuda Networks' Email Security Gateway appliances during its analysis of FCEB agency networks. Continue Reading
-
News
21 Jun 2023
Critical VMware Aria Operations bug under active exploitation
Reports of exploitation for a critical command injection flaw in VMware Aria Operations for Networks came roughly a week after a researcher published a proof-of-concept for it. Continue Reading
-
News
21 Jun 2023
May ransomware activity rises behind 8base, LockBit gangs
LockBit was the most active group last month, but NCC Group researchers were surprised by 8base, which started listing victims from attacks that occurred beginning in April 2022. Continue Reading
-
Podcast
20 Jun 2023
Risk & Repeat: More victims emerge from MoveIt Transfer flaw
CISA last week said several federal agencies suffered data breaches resulting from a MoveIt Transfer zero-day vulnerability, though it's unclear what type of data was stolen. Continue Reading
-
News
19 Jun 2023
Microsoft: DDoS attacks caused M365, Azure disruptions
Microsoft confirmed widespread service disruptions earlier this month were caused by layer 7 DDoS attacks by a threat group it identified as Storm-1359. Continue Reading
-
Tip
16 Jun 2023
Use IoT hardening to secure vulnerable connected devices
IoT and industrial IoT innovation continue to thrive, but IoT device security continues to be an afterthought. Companies should harden connected devices to remain protected. Continue Reading
-
Podcast
15 Jun 2023
Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks
Barracuda Networks attempted to fix the critical ESG zero-day vulnerability, but a Chinese nation-state threat actor was able to maintain access on compromised devices. Continue Reading
-
News
15 Jun 2023
Chinese nation-state actor behind Barracuda ESG attacks
Mandiant said the zero-day attacks on Barracuda Email Security Gateway appliances were part of a 'wide-ranging campaign in support of the People's Republic of China.' Continue Reading
-
Opinion
14 Jun 2023
Cisco releases new security offerings at Cisco Live 2023
At Cisco Live 2023, Cisco emphasized its plans to emphasize security, rolling out a host of new initiatives from secure access to AI-aided security to cloud-native app security. Continue Reading
-
News
13 Jun 2023
Fortinet warns critical VPN vulnerability 'may' be under attack
Fortinet said the heap buffer overflow flaw might have been exploited already and warned that Chinese nation-state threat group Volt Typhoon would likely attack the vulnerability. Continue Reading
-
News
08 Jun 2023
Barracuda: Replace vulnerable ESG devices 'immediately'
Customers with email security gateway appliances affected by a recent zero-day flaw, CVE-2023-2868, are being urged to replace devices, even if the hardware has been patched. Continue Reading
-
Tip
07 Jun 2023
6 blockchain use cases for cybersecurity
Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
-
News
06 Jun 2023
Ransomware takes down multiple municipalities in May
City and local governments experienced severe disruptions to public services due to ransomware attacks in May, particularly from the Royal ransomware group. Continue Reading
-
News
01 Jun 2023
Zyxel vulnerability under 'widespread exploitation'
Researchers warn that threat actors are widely exploiting an unauthenticated command injection vulnerability to target multiple Zyxel network devices. Continue Reading
-
News
01 Jun 2023
Mitiga warns free Google Drive license lacks logging visibility
The ability to view logs is critical for enterprises to detect and attribute malicious activity. Mitiga said the Google Drive issue allows data exfiltration without a trace. Continue Reading
-
News
31 May 2023
Barracuda zero-day bug exploited months prior to discovery
Barracuda said a zero-day flaw used to target its email security gateway appliance customers is a remote command injection vulnerability exploited since at least October 2022. Continue Reading
-
Feature
31 May 2023
An overview of 802.1X authentication methods and EAP
Enterprises use 802.1X authentication to manage their wireless LANs, and that process relies on the Extensible Authentication Protocol and its various types. Continue Reading
-
News
31 May 2023
Many Gigabyte PC models affected by major supply chain issue
Eclypsium researchers say the insecure implementation of PC hardware manufacturer Gigabyte's App Center could potentially result in supply chain attacks. Continue Reading
-
News
25 May 2023
Chinese hackers targeting U.S. critical infrastructure
Microsoft uncovered a Chinese nation-state threat group that is compromising Fortinet FortiGuard devices to gain access to critical infrastructure entities in the U.S. and Guam. Continue Reading
-
News
24 May 2023
Updated 'StopRansomware Guide' warns of shifting tactics
CISA's updates to the 'StopRansomware Guide' address shifts in the threat landscape as more threat actors skip the encryption step and focus on data theft and extortion. Continue Reading
-
News
24 May 2023
Barracuda discloses zero-day flaw affecting ESG appliances
Barracuda Networks said threat actors exploited the zero-day to gain 'unauthorized access to a subset of email gateway appliances,' though it did not say how many. Continue Reading
-
News
23 May 2023
Threat actors leverage kernel drivers in new attacks
Fortinet detailed a campaign using a malicious driver in attacks against organizations in the Middle East, and Trend Micro detailed a driver-based attack by BlackCat ransomware. Continue Reading
-
News
22 May 2023
Iowa hospital discloses breach following Royal ransomware leak
Clarke County Hospital revealed that it took network services offline after an attack in April, but did not address the reported data leak by the Royal ransomware gang. Continue Reading
-
Guest Post
22 May 2023
Follow a 6-phase roadmap to secure cyber-physical systems
Cyber-physical systems help bridge the digital world with the physical world, but they introduce cybersecurity risks that must be addressed. Continue Reading
-
News
18 May 2023
Gentex confirms data breach by Dunghill ransomware actors
The Dunghill ransomware gang last month claimed responsibility for an attack against Gentex Corporation, which confirmed this week that it suffered a breach several months ago. Continue Reading
-
Tip
18 May 2023
4 key unified communications security threats to watch for
Keeping your unified communications system safe requires tools that are specifically geared to voice and video apps. Learn how to take a multilayered approach to UC security. Continue Reading
-
Tip
18 May 2023
Understand the uses of blockchain in data centers
Blockchain is most famous for its cryptocurrency applications, but data centers can employ it for a variety of business-related reasons -- including increased security. Continue Reading
-
News
16 May 2023
Chinese APT exploits TP-Link router firmware via implant
Check Point Software Technologies said the malicious implant, which it attributed to Chinese APT "Camaro Dragon," was firmware agnostic and could be used against other vendors. Continue Reading
-
News
16 May 2023
Coalition: Employee actions are driving cyber insurance claims
After analyzing cyber insurance claims data, Coalition determined that phishing escalated in 2022, ransomware dropped and timely patching remained a consistent problem. Continue Reading
-
News
08 May 2023
Western Digital confirms ransomware actors stole customer data
Western Digital issued an update late Friday that confirmed customer data was stolen in an attack for which Alphv ransomware actors claimed responsibility. Continue Reading
-
Feature
05 May 2023
How to start handling Azure network security
Before adopting Microsoft Azure, it's important to consider how to secure the cloud network. That's where network security groups and Azure Firewall come in. Continue Reading
-
News
04 May 2023
Ransomware gangs display ruthless extortion tactics in April
Ransomware groups are pressuring enterprises into paying with harsher extortion tactics, contacting individual victims directly and leaking stolen photos and video footage. Continue Reading
-
Tip
04 May 2023
Review the components of VMware SASE Platform
VMware SASE Platform provides many strong networking and security capabilities, but it comes in an offering that feels like many individual products packaged together. Continue Reading
-
Tip
28 Apr 2023
The pros and cons of VPNs for enterprises
VPNs use different protocols and encryption to protect data and prevent unauthorized users from accessing company resources. But those protocols come with their own benefits and challenges. Continue Reading
-
News
25 Apr 2023
Google, Mandiant highlight top threats, evolving adversaries
Enterprises are struggling to keep up as adversary groups improve tactics. But one of the most difficult groups to defend against, according to Google and Mandiant, was a surprise. Continue Reading
-
News
19 Apr 2023
Point32Health confirms service disruption due to ransomware
A ransomware attack interrupted access to services provided by one of New England's largest healthcare insurers, though the scope of affected customers and data remains unknown. Continue Reading
-
Tutorial
17 Apr 2023
Examine a captured packet using Wireshark
Wireshark is a useful tool for capturing network traffic data. Network pros can make the most of the tool by analyzing captured packets to see what that data means for troubleshooting. Continue Reading
-
News
12 Apr 2023
Nokoyawa ransomware exploits Windows CLFS zero-day
The Nokoyawa ransomware attacks highlight the growing use of zero-day exploits by a variety of threat groups, including financially motivated cybercriminals. Continue Reading
-
News
11 Apr 2023
Recorded Future launches OpenAI GPT model for threat intel
The new OpenAI GPT model was trained on Recorded Future's large data set and interprets evidence to help support enterprises struggling with cyberdefense. Continue Reading
-
Tip
11 Apr 2023
SD-WAN vs. VPN: How do they compare?
When comparing SD-WAN and VPN, enterprises choosing between the two technologies should consider factors like cost, management and routing intelligence. Continue Reading
-
News
05 Apr 2023
42% of IT leaders told to maintain breach confidentiality
While transparency and prompt reporting are important steps following an attack, Bitdefender found that many IT professionals were told to maintain confidentiality after a breach. Continue Reading
-
Feature
05 Apr 2023
ICS kill chain: Adapting the cyber kill chain to ICS environments
As IT/OT convergence continues to gain traction, industrial control system security cannot be ignored. Performing pen tests based on the ICS Kill Chain can help. Continue Reading
-
Feature
05 Apr 2023
An intro to the IDMZ, the demilitarized zone for ICSes
Setting up an IDMZ -- a demilitarized zone between enterprise and industrial networks -- can prevent operational environments from becoming compromised by IT threats. Continue Reading
-
Feature
05 Apr 2023
Reinforce industrial control system security with ICS monitoring
Monitoring an industrial control system environment isn't that different from monitoring a traditional IT environment, but there are some considerations to keep in mind. Continue Reading
-
News
04 Apr 2023
March ransomware disclosures spike behind Clop attacks
The Clop ransomware gang claimed responsibility for several disclosed ransomware attacks on major enterprises, which stemmed from a zero-day flaw in Fortra's GoAnywhere software. Continue Reading
-
Tip
22 Mar 2023
How network perimeters secure enterprise networks
Network perimeters serve as essential network security to block unwanted traffic. Find out how they differ from the network edge and how they help secure enterprise networks. Continue Reading
-
News
16 Mar 2023
U.S. federal agency hacked via 3-year-old Telerik UI flaw
A CISA advisory said multiple threat actors recently exploited a Progress Telerik UI vulnerability, first disclosed in 2019, to breach an unnamed federal civilian agency. Continue Reading
-
News
15 Mar 2023
Dell launches new security offerings for data protection, MDR
Dell's new and expansive services focus on top security challenges enterprises face, such as data protection, ransomware recovery and supply chain threats. Continue Reading
-
News
14 Mar 2023
Magniber ransomware actors exploiting Microsoft zero day
Magniber ransomware actors discovered a way to bypass Microsoft's remediation for a previous SmartScreen vulnerability to attack enterprises, according to Google researchers. Continue Reading
-
Feature
13 Mar 2023
How to apply and edit Wireshark display filters
Wireshark display filters enable users to narrow the scope of a network traffic scan. Use this tutorial to apply and edit display filters to make detailed network sniffing easier. Continue Reading
-
Feature
13 Mar 2023
Customize workflows with Wireshark profiles
Wireshark has a variety of uses, which is why creating multiple personalized Wireshark profiles is important. Learn about Wireshark profiles, how to share them and more. Continue Reading
-
News
09 Mar 2023
IceFire ransomware targets Linux, exploits IBM vulnerability
IceFire ransomware actors have shifted their attention to Linux servers and are actively exploiting a known vulnerability in IBM's Aspera Faspex file sharing software. Continue Reading
-
News
09 Mar 2023
Flashpoint: Threat vectors converging, increasing damage
The threat intelligence vendor warned that threat actors are increasingly combining known vulnerabilities, stolen credentials and exposed data to wreak maximum damage. Continue Reading
-
News
08 Mar 2023
Cisco, HPE plug holes in cloud security portfolios
Hewlett Packard Enterprise also unveiled plans to acquire Athonet, an Italian company that provides cellular technology for private 4G and 5G networks. Continue Reading
-
News
06 Mar 2023
Police raids target 'core' DoppelPaymer ransomware members
A coordinated law enforcement effort last week resulted in raids and arrest warrants against 'core members' of the infamous DoppelPaymer ransomware group. Continue Reading
-
Opinion
02 Mar 2023
Accurately assessing the success of zero-trust initiatives
Zero-trust preparation can be difficult. Measuring how well the model provides security and business benefits after implementation is even more difficult. Continue Reading
-
Feature
23 Feb 2023
Inside the PEIR purple teaming model
Want to try purple team exercises but aren't sure how to do so? Try the 'Prepare, Execute, Identify and Remediate' purple teaming model. Continue Reading
-
Feature
23 Feb 2023
Understanding purple teaming benefits and challenges
Blue teams and red teams are coming together to form purple teams to improve their organization's security posture. What does this mean for the rivals? And how does it work? Continue Reading
-
Feature
13 Feb 2023
How to become an incident responder: Requirements and more
Incident response is a growth field that provides career growth options and a good salary. Here's an in-depth look at job requirements, salaries and available certifications. Continue Reading
-
News
06 Feb 2023
Vastaamo hacking suspect arrested in France
The suspect in the infamous cyber attack, Julius Kivimäki, is a 25-year-old Finnish man who was arrested after being remanded in absentia in October 2022. Continue Reading
-
News
02 Feb 2023
Threat activity increasing around Fortinet VPN vulnerability
Following public disclosure of the critical VPN flaw in December, multiple reports show threat actors are exploiting it to target high-profile organizations. Continue Reading
-
News
02 Feb 2023
HeadCrab malware targets Redis to mine cryptocurrency
Aqua Security said the HeadCrab botnet has taken control of at least 1,200 servers via internet-facing instances of the opensource DBMS Redis and is using them for cryptomining. Continue Reading
-
News
02 Feb 2023
Ransomware attacks on public sector persist in January
Many of the attacks disclosed or reported in January occurred against the public sector, including multiple school districts that were hit within days of one another. Continue Reading
-
Tip
01 Feb 2023
What reverse shell attacks are and how to prevent them
Attackers use reverse shells to covertly attack an organization's environment. Discover what a reverse shell is and how to mitigate such attacks. Continue Reading
-
News
25 Jan 2023
Contractor error led to Baltimore schools ransomware attack
A security contractor for Baltimore County Public Schools mistakenly opened a suspicious phishing email attachment in an unsecure environment, leading to the ransomware attack. Continue Reading
-
Tip
18 Jan 2023
Top 10 ICS cybersecurity threats and challenges
Industrial control systems are subject to both unique and common cybersecurity threats and challenges. Learn about the top ones here and how to mitigate them. Continue Reading
-
News
10 Jan 2023
BitSight, Schneider Electric partner to quantify OT risk
The new partnership aims to provide organizations with increased visibility and risk detection capabilities for operational technology environments and critical infrastructure. Continue Reading
-
Opinion
09 Jan 2023
3 enterprise network security predictions for 2023
It's shaping up to be another banner year for network security. 2023 may see decryption-less threat detection, connected home-caused enterprise breaches and new SASE drivers. Continue Reading
-
News
04 Jan 2023
December ransomware disclosures reveal high-profile victims
Cloud provider Rackspace was just one of several major enterprises to suffer a ransomware attack, according to public disclosures and reports in December. Continue Reading