Security news that informs and inspires

All Articles

1493 articles:

QNAP Warns of Deadbolt Ransomware Targeting NAS Devices

QNAP is urging customers to remove NAS devices from the Internet amid a new wave of Deadbolt ransomware intrusions.

Ransomware

CISA: Federal Agencies Must Fix VMware Bugs Within Five Days

CISA is mandating federal agencies to apply updates that fix several serious VMware bugs.

Vmware, Cisa

Biden’s Cyber EO Ushered in Era of ‘Renewed Focus,’ But Challenges Remain

Government officials cited progress a year after Biden's executive order, but stressed that "there's more work to do."

Mfa, Zero Trust

NVIDIA Fixes Serious Flaws in GPU Driver

NVIDIA has released an update to fix a number of serious code-execution flaws in its GPU display driver that could be used to perform guest-to-host escapes.

Vulnerability

DoJ: Venezuelan Doctor Behind Thanos Ransomware Builder

A 55-year-old Venezuelan cardiologist is allegedly behind the Jigsaw v.2 ransomware and the Thanos builder.

Ransomware

Exploitation Attempts Start for Zyxel RCE Bug

A recently patched Zyxel firewall bug can allow bad actors to launch remote code execution attacks.

Rce

Researchers Demo Relay Attack Against Bluetooth LE Systems

NCC Group researchers have shown a novel relay attack against Bluetooth Low Energy proximity authentication systems.

Bluetooth Security

Trio of Serious Bugs Fixed in SonicWall SSL VPNs

Three serious flaws, including an authentication bypass, a shared hard-coded encryption key, and an open redirect, have been patched in the SonicWall SMA 1000 SSL VPNs.

Vulnerabilities, Sonicwall

Iran-Linked Threat Group Targeted U.S. Orgs in Financially Motivated Attacks

A local government and philanthropic company have been targeted by the known Cobalt Mirage Iran-linked threat group in recent months.

Cybercrime

Decipher Podcast: Source Code 5/13

Welcome back to Source Code, Decipher’s weekly security news podcast.

Source Code, Podcast

New Google Team to Help Critical Open Source Projects Improve Security

Google is creating a new Open Source Maintenance Crew to aid critical open source projects up their security game.

Google, Open Source Security

IceApple Post-Exploitation Framework Deployed on Exchange Servers

Researchers have discovered a sophisticated post-exploitation framework being deployed on Microsoft Exchange servers to assist threat actors with credential harvesting and local reconnaissance.

Malware, Microsoft

Cyberattacks Against MSPs Continue to Escalate

Cybersecurity authorities from numerous counties warn that cybercriminals are increasingly targeting managed service providers (MSPs).

Managed Service Providers

White House Adds Three Key Cybersecurity Officials

National Cyber Director Chris Inglis has added three officials to his team, including Kemba Eneas Walden, Rob Knake, and Neal Higgins.

Government, Ransomware

After Microsoft Macro Malware Crackdown, Attackers Explore New Options

After Microsoft started blocking macros obtained from the internet by default, email attackers are exploring alternative techniques to distribute Emotet, Qakbot, IcedID and other payloads.

Malware, Microsoft