All Articles

Browse by Category:

Browse by Tag:

Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware

2237 articles:

Lazarus Group Log4j Attacks Spread New Malware Families

The campaign indicates a “definitive shift” in the threat group’s tactics as it continues to rely on non-traditional technologies and frameworks for developing its malware.

Malware, Lazarus

Apache Fixes Critical Struts Flaw

The Apache Software Foundation has released updates to address a critical file upload vulnerability (CVE-2023-50164) in Struts.

Apache

Decipher Podcast: Source Code 12/8

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code

U.S., UK Sanction Russian APT Members

The NSA, UK's National Cyber Security Centre (NCSC) and Microsoft detailed recent changes in TTPs from a known Russian threat group.

Russia, Government Agencies

Decipher Podcast: Nathan Hamiel

Nathan Hamiel, senior director of research at Kudelski Security, talks about the intersection between AI and cybersecurity.

Researchers Detail Sierra Wireless Router Bugs

Researchers are detailing 21 recently patched vulnerabilities that impact certain Sierra Wireless routers, including one critical-severity and nine high-severity flaws.

Flaw

ColdFusion Exploit Used to Access Federal Agency

In two separate intrusions, attackers exploited a ColdFusion vulnerability (CVE-2023-26360) to compromise an unnamed federal government agency.

Government

Russian Group Targeting Exchange Flaw

Fancy Bear, also known as APT28 and Forest Blizzard, has been targeting a Microsoft Exchange flaw (CVE-2023-23397) against targets in Poland.

Russia, Microsoft

VMware Patches Critical Authentication Bypass Bug

The patch is available two weeks after the vulnerability was first disclosed on Nov. 14.

Vmware

Apple Fixes Two Actively Exploited WebKit Bugs

The bugs (CVE-2023-42916 and CVE-2023-42917) enable sensitive information disclosure and arbitrary code execution.

Apple

U.S. and Allies Sanction Kimsuky Actors

The US and several allies have sanctioned eight North Korean nationals, including alleged members of the Kimsuky APT group.

North Korea

CISA: Threat Actors Targeting Unitronics Devices Used in Water Facilities

CISA is urging water facilities in the critical infrastructure sector to change the default passwords on their Unitronics devices and disconnect them from the internet after a water treatment facility in Pennsylvania was hit by a cyberattack.

OT, Cisa

Okta Says Breach Affected All Support Customers

Okta officials said that the September intrusion in its customer support system affected every company in the Okta system.

Data Breach, Okta

Memory Safe: Shamla Naidoo

Shamla Naidoo of Netskope joins Dennis Fisher to discuss her journey from network admin to CISO.

Podcast

International Operation Leads to Ransomware Ringleader Arrest

In a series of raids across Ukraine, the agencies apprehended several individuals that allegedly belong to the group, which has encrypted over 250 servers and cost large corporations several hundreds of millions of euros.

Cybercrime