Security Labs
CrowdStrike Software Update Triggers Global Outage
A software update from cybersecurity vendor CrowdStrike prompted a global computer outage impacting Microsoft Windows operating systems.
Remove Polyfill.io to Prevent Malicious Attacks
Researchers published new information about the open-source code Polyfill leading to malicious attacks. Learn more about prevention.
SEO Poisoning Attacks Demand More Scrutiny from Search Engine Users
Threat actors are capitalizing on the trust we put in search engines by hiding malicious websites in plain sight using a tactic known as SEO poisoning.
Threat Actor Claims 100% Success With SIM-Swapping Extortion
SIM-swapping extortion attacks are on the rise due to self-service password resets, which help threat actors bypass interaction with their victims.
Not All Endpoint Security Solutions Are Created Equal
As more businesses adopt endpoint security solutions, a clear disconnect has emerged between how they’re marketed and how they truly function.
XZ Near Miss Sheds Light on Vulnerability, Patching Issues
The recent XZ Utils backdoor uncovered the potential risks associated with vulnerabilities in open-source systems.
Palo Alto Networks: Patch Available for PAN-OS Zero-day
A patch is now available for a command injection zero-day vulnerability impacting Palo Alto Networks PAN-OS. Learn what actions you need to take.
LockBit Ransomware Used in Exploitation of ConnectWise ScreenConnect
Coalition Incident Response has discovered a link between the LockBit ransomware gang and the ConnectWise ScreenConnect vulnerabilities.
MFA Bypass Attacks: Weak MFA Implementation Welcomes Intrusion
Threat actors are increasingly targeting multi-factor authentication (MFA). Learn the most effective types of MFA and how to avoid MFA bypass attacks.
Cyber Threat Index 2024: Scans, Honeypots, and CVEs
The Coalition Cyber Threat Index uses our data derived from internet scans, honeypots, and vulnerabilities to provide in-depth cyber insights for 2024.
FortiOS SSL VPN Vulnerability Actively Exploited in the Wild
Fortinet disclosed a critical remote code execution (RCE) vulnerability impacting FortiOS SSL VPN. Learn what actions you need to take.
SonicWall Firewall Devices Vulnerable to DoS Attacks
SonicWall NGFW series 6 and 7 devices are vulnerable to two critical CVEs that can lead to denial-of-service attacks. Learn what steps businesses should take.
Ivanti VPN Zero-Day Avoided with Device Isolation
Two zero-day vulnerabilities are impacting Ivanti VPN devices. Learn how proactive outreach to Coalition policyholders is helping mitigate the threat.
QR Codes Increasingly Used in Phishing Attacks
Threat actors are using QR codes in phishing attacks to gain access to business networks. Learn the risks and how to evaluate a QR code for legitimacy.
From Blockchain to the Dark Web: Cybersecurity Buzzword Myths Debunked
New tech is worthy of promotion, but when buzzwords and FOMO define purchasing decisions, your cybersecurity program is likely to be a patchwork affair of half-useful tools.
