Security news that informs and inspires

All Articles

2185 articles:

Decipher Podcast: Source Code 3/15

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code

HHS to Probe Change Healthcare Attack

The Department of Health and Human Services will investigate the ransomware attack on Change Healthcare to see whether any consumer health information was compromised.

Government, Ransomware

No Easy Fix For Untangling Web of Critical Dependencies

The Change Healthcare ransomware attack shows it's difficult to map out - or even identify - the systems that would have the biggest impact if attacked.

Cisa

Microsoft Fixes Critical Windows Hyper-V Flaws

Microsoft has patched critical-severity flaws in Windows Hyper-V as part of its regularly scheduled updates, which contained no zero-day flaws this month.

Microsoft

QNAP Fixes Critical Flaws Impacting NAS Devices

QNAP is warning of three new vulnerabilities in QTS, QuTS hero, QuTScloud and myQNAPcloud.

Vulnerability

The Far-Reaching Impacts of the Change Healthcare Attack

With a ransomware attack still impacting its payment and claims systems across the country, Change Healthcare said on Thursday that it doesn't expect key system functionalities to be restored until mid-March.

Healthcare Data Security

Microsoft Says Russian APT29 Accessed Source Code, Other Secrets

The Russian threat group known as Midnight Blizzard and APT29 gained access to some Microsoft source code repositories and other sensitive data, the company said.

Russia, Microsoft

BEC, Credential Theft Attacks Spoof U.S. Government Agencies

Attackers are targeting U.S. organizations with phishing emails spoofing U.S. government entities and private sector companies.

Business Email Compromise

Decipher Podcast: Change Healthcare Attack Fallout

Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch talk about the BlackCat ransomware attack on Change Healthcare that has crippled the company and affected the ability of thousands of health care providers, pharmacies, and hospitals to get paid and submit claims.

Podcast, Ransomware

VMware Fixes Critical ESXi, Workstation and Fusion Flaws

Two of the more severe flaws could each allow attackers with local administrative privileges on virtual machines to execute code as the virtual machine's VMX process running on the host.

Vmware

Memory Safe: Daniel Cuthbert

Daniel Cuthbert, global head of cybersecurity research at Banco Santander, joins Dennis Fisher to talk about getting his first computer, a ZX Spectrum that he still owns(!), finding his way into hacking through IRC, his passion for photography, and his surprising alternate career path.

Podcast

New Malware Variant Deployed in ScreenConnect Flaw Exploits

“The list of threat actors utilizing the ScreenConnect vulnerability CVE-2024-1709 for initial access is growing," researchers say.

Malware

U.S. Sanctions Makers of Predator Spyware

The Department of the Treasury has sanctioned five entities and two people associated with the sale of the Predator spyware.

Government

JetBrains Fixes TeamCity Authentication Bypass Flaws

The flaws, which exist in all TeamCity on-premises versions through 2023.11.3, have been fixed in version 2023.11.4.

Vulnerability

DoJ Charges Iranian After Campaigns Targeting U.S. Defense Contractors

An Iranian national has been charged over a cyberattack that attempted to compromise both private sector companies and U.S. government entities, including the Treasury Department and State Department.

Justice Department