Security news that informs and inspires

All Articles

2041 articles:

FBI: Ransomware Actors Launching ‘Dual’ Attacks

Threat actors have deployed two different ransomware variants against victims, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum and Roya.


Critical Flaw Patched in Progress File Transfer Server

Progress Software has fixed a critical pre-authentication remote code execution bug in its WS_FTP Server product.

Progress Software

Decipher Podcast: Source Code 9/29

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

Google Issues Fix For High-Severity Chrome Zero Day

The flaw is the second Chrome zero day fixed by Google this month.


MOVEit Bug’s Ripple Effect Still Unfolding

The full impact of the flaw is still being mapped out, but current estimates show that 2,120 organizations have been impacted by MoveIT Transfer exploits - resulting in the data of at least 62 million individuals being compromised.


‘Marriages of Convenience’ Between State Actors and Cybercriminals Provide Cover for Both

U.S. authorities warn that cooperative efforts between state-sponsored actors and cybercrime groups make life more difficult for defenders and law enforcement.

Government, Ransomware

TeamCity Users Urged to Apply Fix For Critical Flaw

Software development company JetBrains is urging customers to apply updates that fix a critical-severity authentication bypass flaw in the TeamCity CI/CD server.


Pair of Serious Flaws Patched in BIND 9

A pair of serious vulnerabilities have been fixed in the widely deployed BIND 9 DNS server.


Apple Fixes Trio of Actively Exploited Bugs

The three zero days (CVE-2023-41991, CVE-2023-41992 and CVE-2023-41993) impact various versions of macOS, iOS, iPadOS and watchOS.

Apple, Zero Day

Decipher Podcast: Source Code 9/22

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

DHS Wants to Simplify Mishmash of Cyber Incident Reporting Guidelines

The DHS proposed a single cyber incident reporting portal in an effort to make the process of reporting a cyberattack easier.


New Threat Group Targets Middle Eastern Telcos

A new attack group named ShroudedSnooper is targeting telecom providers in Middle Eastern countries with custom tools called HTTPSnoop and PipeSnoop.


The Emergence of Security Flaws as a ‘National Resource’ in China

An Atlantic Council report looks at the impact of China's regulation - in effect now for two years - that requires organizations to submit notice of a software vulnerability to the Chinese government within two days of discovery.


Iranian Threat Group Targets Cloud With Password Spraying Attacks

An Iran state-backed group called Peach Sandstorm is using password spraying attacks to target cloud environments in organizations across many industries.

Microsoft, Iran

DBatLoader Leverages OneDrive to Deliver Commodity Malware

The malware loader was recently observed in almost two dozen email campaigns that appeared to target English speakers and involved lures related to shipping orders and billing, invoice and purchase requests or inquiries.