Public Redis exploit used by malware gang to grow botnet
Threat analysts report having spotted a change in the operations of the Muhstik threat group, which has now switched to actively exploiting a Lua sandbox escape flaw in Redis. [...]
Reports provide structured accounts of cyber incidents, vulnerabilities, and controls, helping readers assess security risks and responses.
Search across headline titles and summaries.
Background for this topic.
A report is a documented account of an event, investigation, assessment, or analysis, supported by evidence and presented for others to review. In information security, the term commonly covers incident findings, vulnerability research, threat-intelligence assessments, audit results, and surveys of security practices. A useful report states its scope, methods, evidence, timeframe, and level of confidence rather than presenting conclusions without context.
Reports help practitioners prioritize remediation, validate controls, and improve incident response, but their details require careful interpretation. A vulnerability report should identify affected versions, exploit conditions, and mitigation steps; an incident report should distinguish confirmed facts from assumptions and protect sensitive personal or investigative data. Threat reports may contain indicators of compromise that need verification before being used in detection systems. Reports used for compliance or executive decisions should preserve a clear evidence trail, since incomplete scope, outdated findings, or undisclosed conflicts can lead to misplaced security priorities.
Threat analysts report having spotted a change in the operations of the Muhstik threat group, which has now switched to actively exploiting a Lua sandbox escape flaw in Redis. [...]
Security teams must shift away from saying no, align security initiatives to business goals, and report metrics in a way business leaders can understand.
Researchers report a new version of the JSSLoader remote access trojan being distributed malicious Microsoft Excel addins. [...]
Recently, FortiGuard Labs released the latest Global Threat Landscape Report for the second half of 2021. There is a ton of data in it and several key takeaways. The main themes that weave through this report are about the increase in cybercriminal sophistication as well as speed. [...]
Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.
ISACA's State of Cybersecurity 2022 report revealed ongoing struggles to hire and retain skilled cybersecurity professionals
FBI report finds BEC still the biggest earner for cyber-criminals
The Federal Bureau of Investigation (FBI) says ransomware gangs have breached the networks of at least 649 organizations from multiple US critical infrastructure sectors last year, according to the Internet Crime Complaint Center (IC3) 2021 Internet Crime Report. [...]
Another year, another batch of record-setting cybercrime losses The FBI's latest yearly cybercrime report is bad news for those of us trying to stay safe: The criminals continue to have a leg up, leading to record financial losses.…
Report analyzes 30,000 threats in customer environments to uncover the trends, threats and techniques that comprised the 2021 threat landscape.
Given that passwords have had such unprecedented longevity, it would seem that password security best practices would be refined to the point of perfection. Even so, Specops Software's first annual Weak Password Report has yielded some interesting results that may cause you to rethink the way that your organization manages passwords. [...]
Cloudflare takes no chances, hits the identity reset button The Lapsus$ extortion crew has turned its attention to identity platform Okta and published screenshots purportedly showing the group gaining access to the company's internals.…
Moscow-based meat producer and distributor Miratorg Agribusiness Holding has suffered a major cyberattack that encrypted its IT systems, according to a report from Rosselkhoznadzor - the Russian federal veterinary and phytosanitary supervision service. [...]
Warn users there's no E2EE when using it via the browser, DPIA tells institutions Hot on the heels of Microsoft's report card from the Dutch department of Justice and Security comes news of rival messaging platform Zoom receiving a nod via a renewed Data Protection Impact Assessment (DPIA).…