CISA urges immediate action on actively exploited Fortinet flaws
CISA on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform. [...]
Threat detection identifies suspicious activity early, limiting attacker dwell time and damage when logs, alerts, and response procedures are maintained.
Search across headline titles and summaries.
Background for this topic.
Threat detection is the defensive process of finding signs that an attacker may be present or attempting to gain access. In a threat model, it is a monitoring control that uses endpoint, identity, network, application, and cloud telemetry—often enriched with threat intelligence—to identify suspicious behavior, such as credential misuse, unexpected privilege changes, or lateral movement. Its purpose is to reduce the time an attacker can operate and limit the scope of an incident; missing logs, evasive activity, and unmonitored assets can leave important attacks unseen.
The most relevant practice is to design detections around credible attack paths and the organization’s highest-value systems, then protect and retain the logs needed to investigate them. Detections should be tested against realistic activity, tuned to reduce false positives, and linked to clear triage and containment actions. Alert volume, poor data quality, or unvalidated rules can overwhelm analysts and delay response, so coverage and detection effectiveness should be reviewed as systems and attacker behavior change.
Weekly headline count for the current query.
CISA on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform. [...]
Attackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. [...]
AI-powered attacks and shadow AI adoption are creating new security risks inside the browser. Push Security explains why browser visibility is becoming critical for both threat detection and AI governance. [...]
Android 17, expected to roll out next month, will introduce several security and privacy features focused on device theft, threat detection, and banking scam calls. [...]
Identity-based attacks are one of the primary paths attackers use to breach corporate networks. Tenfold shows how Identity Threat Detection helps spot suspicious account activity before real damage occurs. [...]
Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. [...]
Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. [...]
Designing a security-focused Windows Service? Learn more from ThreatLocker about the core components for real-time monitoring, threat detection, and system hardening to defend against malware and ransomware. [...]
Designing a security-focused Windows Service? Learn more from ThreatLocker about the core components for real-time monitoring, threat detection, and system hardening to defend against malware and ransomware. [...]
Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle. [...]
The addition of Criminal IP as a new contributor to PolySwarm's malicious URL detection represents a significant leap in specialized threat identification. Learn more from Criminal IP about this new collaboration. [...]
Security researchers have discovered Daxin, a China-linked stealthy backdoor specifically designed for deployment in hardened corporate networks that feature advanced threat detection capabilities. [...]
Microsoft announced today that Microsoft Defender for Cloud now also comes with native protection for Google Cloud Platform (GCP) environments, providing security recommendations and threat detection across clouds. [...]
Google has announced the public preview of a new Virtual Machine Threat Detection (VMTD) system that can detect cryptocurrency miners and other malware without the need for software agents. [...]