Security news that informs and inspires

All Articles

1278 articles:

Q&A: Casey Ellis

Casey Ellis, founder, chairman and CTO of Bugcrowd, discusses the future of vulnerability disclosure programs.

Q&a, Vulnerability Disclosure

Malware Samples Target Windows Installer Flaw

Researchers have uncovered malware samples that are targeting a local privilege escalation flaw in Windows Installer.

Windows, Microsoft, Zero Day

Apple Sues NSO Group

Apple has sued NSO Group for allegedly abusing the company's iCloud servers and injuring its customers.

Apple

Decipher Podcast: Casey Ellis

Casey Ellis joins Lindsey O'Donnell-Welch to discuss the evolution, adoption and standardization of vulnerability disclosure programs - both in the U.S. and across the globe.

Podcast, Vulnerability Disclosure

BazarLoader Attacks Use Compromised Software Installers

Researchers have observed the BazarLoader information stealer now being spread via compromised versions of VLC and TeamViewer packages.

Malware, Ransomware

Imunify360 Flaw Can Lead to Code Execution

CloudLinux's Imunify360 security platform has a severe flaw (CVE-2021-21956) that can lead to remote code execution in some circumstances.

Linux

Attackers Exploit Known Microsoft Exchange Server Flaws to Hijack Emails

Cybercriminals are using the known ProxyLogon and ProxyShell vulnerabilities to hijack email threads in malware attacks.

Microsoft Exchange, Proxyshell

Attackers Using Suite of Tools to Exploit ManageEngine Flaw

An APT group is using a suite of tools, including KdcSponge, Godzilla, and NGLite, to exploit a known ManageEngine flaw and move laterally.

Cisa

Decipher Podcast: Source Code 11/19

This week's Source Code podcast by Decipher takes a look behind the scenes at top news with input from our sources.

Podcast

Banks Face 36-Hour Security Incident Reporting Deadline

A new Federal Deposit Insurance Corporation (FDIC) rule requires banks to notify federal regulators of security incidents within 36 hours.

Financial Regulation, Financial Institutions, Financial Data Security

New Ransomware Group Retools Attacks On the Fly

A recently uncovered attack by a new ransomware group shows how cybercriminals will switch up their tactics on a whim.

Ransomware

APT Group Exploiting Zero Day in FatPipe Software

The FBI is warning about an APT actor that is exploiting a zero day flaw in the FatPipe software on several products, including MPVPN, WARP, and IPVPN.

Apt

CISA Warns Iranian APT Targeting US Infrastructure

CISA warned that an unnamed APT group associated with the Iranian government i exploiting known Fortinet and the Exchange ProxyShell bug to gain access to target networks.

Cisa, Iran

U.S. Government Details Federal Agency Incident Response Plans

The U.S. government has published new playbooks with the goal of standardizing and improving how federal agencies plan for vulnerability and incident response.

Government, Government Agencies, Government Security, Incident Response

‘We Have to Change the Decision Calculus’ to Stop Ransomware

Ransomware groups such as REvil have take some hits recently, but the broader landscape has continued to expand and experts say defenders need to change their thinking in order to address the problem.

Ransomware, Governance, Cisa