Security news that informs and inspires

All Articles

1022 articles:

Attackers Continue to Target Accellion FTA Flaws

Attackers are exploiting four vulnerabilities in the Accellion File Transfer Appliance, weeks after patches were released.

Cisa, Vulnerability

SolarWinds Hack Leads to Calls for Confidential Data Sharing

Confidential threat intelligence sharing could help prevent the next large-scale intrusions, tech executives say.

Solarwinds, Government

Visibility, Cooperation Needed to Counter ICS Threats

Better visibility into ICS environments and increased cooperation between the private sector and government are key to defeating emerging threat actors.

Ics Security, Government

Mystery Silver Sparrow Malware Targets Macs

The Silver Sparrow malware is targeting Macs, including those with the M1 chip, but is not delivering a payload.

Macos, Apple

SolarWinds Attackers Downloaded Some Microsoft Source Code Components

Microsoft said the SolarWinds hackers were able to view and download some source code components for Azure, Exchange, and Intune.

Solarwinds, Microsoft

RDP Is Still Vulnerable, Remains Popular Target

Recent ESET research shows a staggering increase in the number of attacks against Remote Desktop Protocol in 2020--a clear sign of how effective the method is when breaching networks and compromising machines.

Rdp

White House Promises Cybersecurity Action, SolarWinds Response

The White House promised to make cybersecurity a top priority and in its first month has begun responding to the massive SolarWinds hack and appointed several people with national security experience who have also previously worked on cybersecurity issues to the Biden Administration.

Government

New DNS Abuse Institute Tackles Malicious Activity

The Public Interest Registry launched the DNS Abuse Institute to coordinate efforts by domain registrars and internet registries to stomp out abuses of the domain name system.

Dns, Internet

U.S. Indicts Three North Koreans for Broad Hacking Campaign

The U.S. Department of Justice has indicted three North Koreans for allegedly hacking banks, private companies, and government agencies for many years.

Government

So Many Stolen Passwords Make Credential Stuffing Easier

Thanks to all the data breaches and security incidents over the last few years, attackers are sitting on a gold mine of valuable credentials information which they can use to launch credential-stuffing attacks against major Web services and other applications.

Passwords

Web Shell Attacks Spike

The volume of attacks using web shells as a persistence mechanism has nearly doubled in recent months, Microsoft said.

Microsoft

Proofpoint Sues Facebook to Keep Using Lookalike Domains

Proofpoint and Facebook are in court fighting over how to handle the problem of domains that impersonate well-known brands, highlighting the difficulty in differentiating malicious activity and security awareness.

Phishing, Security Awareness

Keeping Dependencies Straight in the Software Supply Chain

The nature of modern software development is that development teams have to rely on "blind trust" for some of the code components written by someone else. A new attack method showed how build systems could be tricked into pulling code from the wrong projects.

Software Development, Supply Chain, Open Source

Decipher Podcast: Neil Daswani

Neil Daswani, co-director of the advanced security program at Stanford University and a former engineer at Twitter and Google, joins Dennis Fisher to discuss his new book, Big Breaches: Cybersecurity Lessons for Everyone, and the common root causes and effects of major data breaches.

Podcast

‘Stop Acting Like These Attacks are Special or Rare’

National security experts and policy makers say the U.S. needs to act now to raise the cost of doing business for state-backed attackers.

Cisa, Government