All Articles

Browse by Category:

Browse by Tag:

Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware

2221 articles:

SEC: SIM Swapping Attack Led to Twitter Account Compromise

New revelations from the investigation into the SEC's Twitter account compromise reveal that it stemmed from a SIM swapping attack and that MFA had been disabled on the account.

Identity

Apple Patches WebKit Zero Day, Adds Stolen Device Protection in iOS

Apple has fixed a actively exploited WebKit bug (CVE-2024-23222) in iOS and macOS. and added a new security feature called Stolen Device Protection.

Apple

CISA Issues Emergency Directive For Ivanti Flaws, Warns of ‘Widespread Exploitation’

CISA said its new emergency directive for Ivanti zero-days is “based on widespread exploitation of vulnerabilities by multiple threat actors."

Cisa, Ivanti

Exploitation of Recently Patched VMware Bug Started in 2021

Threat actors exploited a critical-severity VMware flaw for almost two years before patches were released in October.

Exploit, Vulnerability

Decipher Podcast: Source Code 1/19

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

Russian COLDRIVER Group Uses New Backdoor to Target Governments

The Russian APT known as COLDRIVER is using a new backdoor called SPICA in phishing campaigns against NGOs and governments.

Russia, Phishing

Citrix Discloses Actively Exploited NetScaler ADC and Gateway Flaws

Flaws in Citrix NetScaler and ADC Gateway have historically been targeted by threat actors, though researchers don't believe the impact of these two bugs to match that of CitrixBleed.

Zero Day, Citrix, Citrix Netscaler

Memory Safe: Casey Ellis

In the latest Decipher Memory Safe episode, Casey Ellis, founder and CTO of Bugcrowd, talks about everything from imposter syndrome to the security concept of “building it like it’s broken.”

Memory Safe, Video

Mint Sandstorm APT Targets Universities, Researchers

A new phishing campaign by a subset of the Iranian threat group Mint Sandstorm is targeting universities and research organizations with custom backdoors.

Iran

VMware Fixes Critical Aria Automation Bug

For patching, VMware said that "this situation qualifies as an emergency change."

Vmware

GitLab Patches Critical Account Takeover Flaw

The flaw (CVE-2023-7028) stems from the fact that user account password reset emails can be delivered to unverified email addresses.

Gitlab, Account Takeover

APT Group Targets Ivanti Flaws

An unidentified APT group is actively exploiting the two recently disclosed Ivanti Pulse Secure and Connect Secure vulnerabilities (CVE-2023-46805 and CVE-2024-21887).

Ivanti

FBot Hacking Tool Targets Cloud, Payment Platforms

A new Python-based hacking tool is leveraged by cybercriminals to target cloud and SaaS platforms, and payment services, like AWS, Office365, PayPal and Twilio.

AWS, Cloud Security

Decipher Podcast: Source Code 1/12

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

Ivanti Warns of Connect Secure, Policy Secure Zero Days

Patches will be released starting Jan. 22, but until then Ivanti urges customers to apply mitigations.

Zero Day