Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2237 articles:

TinyTurla-NG Backdoor Has Big Capabilities

New research shows the TinyTurla-NG backdoor uses the Chisel open-source attack framework for some communications and has a variety of post-compromise capabilities.

Russia

Threat Actor Exploits F5, ConnectWise Flaws to Target U.S. Orgs

A threat actor has been observed exploiting various previously disclosed flaws to gain access to various U.S. governments and research organizations.

Exploit

Ivanti Patches Critical RCE Standalone Sentry Flaw

At the time of disclosure, Ivanti said it is not currently aware of the flaw being exploited.

Vulnerability

U.S. Government Doubles Down on Chinese APT Warnings

“The PRC’s inside the house,” said Andrew Scott, associate director for China operations with the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

China

New AcidPour Wiper Malware Found in Ukraine

SentinelLabs researchers have discovered a new wiper malware called AcidPour in Ukraine, which appears to be a new version of the AcidRain malware.

Russia, Malware

Decipher Podcast: Brian Donohue on the 2024 Threat Detection Report

Brian Donohue of Red Canary joins Dennis Fisher to talk about some of the surprising findings from the company's new 2024 Threat Detection Report, including why identity based attacks continue to work so well and how attackers are approaching the shift to the cloud.

Podcast

DHS Charts Out AI Security Strategy

The Department of Homeland Security said cybersecurity is a significant challenge for AI and it plans to work to identify the security risks that are associated with these technologies.

AI

Decipher Podcast: Source Code 3/15

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code

HHS to Probe Change Healthcare Attack

The Department of Health and Human Services will investigate the ransomware attack on Change Healthcare to see whether any consumer health information was compromised.

Government, Ransomware

No Easy Fix For Untangling Web of Critical Dependencies

The Change Healthcare ransomware attack shows it's difficult to map out - or even identify - the systems that would have the biggest impact if attacked.

Cisa

Microsoft Fixes Critical Windows Hyper-V Flaws

Microsoft has patched critical-severity flaws in Windows Hyper-V as part of its regularly scheduled updates, which contained no zero-day flaws this month.

Microsoft

QNAP Fixes Critical Flaws Impacting NAS Devices

QNAP is warning of three new vulnerabilities in QTS, QuTS hero, QuTScloud and myQNAPcloud.

Vulnerability

The Far-Reaching Impacts of the Change Healthcare Attack

With a ransomware attack still impacting its payment and claims systems across the country, Change Healthcare said on Thursday that it doesn't expect key system functionalities to be restored until mid-March.

Healthcare Data Security

Microsoft Says Russian APT29 Accessed Source Code, Other Secrets

The Russian threat group known as Midnight Blizzard and APT29 gained access to some Microsoft source code repositories and other sensitive data, the company said.

Russia, Microsoft

BEC, Credential Theft Attacks Spoof U.S. Government Agencies

Attackers are targeting U.S. organizations with phishing emails spoofing U.S. government entities and private sector companies.

Business Email Compromise