Collaborate Disseminate
In this Help Net Security video, we take you inside Black Hat USA 2022 at the Mandalay Bay Convention Center in Las Vegas. The video features the following vendors: Abnormal Security, Adaptive Shield, Airgap, Akamai, Anomali, Arctic Wolf Networks, Aris… Continue reading Black Hat USA 2022 video walkthrough
Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from enterprise defenders as diverse vulnerable applications are being targeted in at… Continue reading Log4Shell exploitation: Which applications may be targeted next?
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began… Continue reading Spring4Shell: No need to panic, but mitigations are advised
The existence of a critical RCE vulnerability (CVE-2021-3064) affecting certain versions of Palo Alto Networks (PAN) firewalls using the GlobalProtect Portal VPN has been revealed by a cybersecurity company that exploited it during red team engagements… Continue reading Critical RCE in Palo Alto Networks (PAN) firewalls revealed, patch ASAP! (CVE-2021-3064)
Randori released a report that identifies the most tempting IT assets that an attacker is likely to target and exploit. Leading up to the anniversary of the Solarwinds hack, and after a very tumultuous year in cybersecurity—especially with ransomware a… Continue reading List of IT assets an attacker is most likely to target for exploitation
The U.S. Government has set up a cross-agency ransomware task force, a hub for ransomware resources, and is offering $10 million for information on state-sponsored cyber attackers. “Ransomware is a long-standing problem and a growing national sec… Continue reading U.S. Government sets up ransomware task force, offers $10 million reward for info
It’s easy to see why ransomware aimed at businesses is such a cash cow for criminals: for every Norsk Hydro and Fujifilm that refuses to pay the ransom, there is a Colonial Pipeline and JBS USA that pays up millions. A recent Randori survey that … Continue reading Ransomware has become a cost of doing business
2020 has ended with a stunning display of nation-state cyber capabilities. The Kremlin’s SVR shocked the cybersecurity industry and U.S. government with its intrusions into FireEye and the U.S. Office of the Treasury by way of SolarWinds, revealing onl… Continue reading A hacker’s predictions on enterprise malware risk
David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding “hacker logic” can help prioritize defenses. Continue reading 6 Questions Attackers Ask Before Choosing an Asset to Exploit
Randori announced that it raised $9.75M in funding led by Accomplice, with participation from .406 Ventures and Legion Capital. The company will use the capital to fuel development of a nation-state caliber attack platform designed to emulate the behav… Continue reading Randori secures $9.75M to build a nation-state caliber attack platform