Security news that informs and inspires

All Articles

2037 articles:

MOVEit Bug Attacks Continue By Cl0p Ransomware Group, Other Actors

The MOVEit Transfer bug that researchers say allows remote code execution, is being exploited by the Cl0p ransomware group and other actors to steal data and deploy ransomware.

Moveit

Google Patches Type Confusion Zero Day in Chrome

The type confusion bug is the third zero day that Google has addressed this year.

Zero Day, Google, Google Chrome

Apple Enables Third-Party Management for Passkeys

In upcoming software releases, Apple will change the way passkeys are managed, allowing third-party apps to sync and share them.

Apple

North Korean Attackers Target Google Account Credentials

The North Korean Kimsuky group has targeted think tanks, academic institutions and news media organizations in order to steal their credentials and gather intelligence.

Kimsuky, North Korea

UNC4857 Exploits MOVEit Transfer Flaw in Data Extortion Attacks

Threat actors continue to target the critical-severity file transfer bug to launch data exfiltration attacks, and researchers say organizations should potentially expect ransom emails in the coming weeks.

Zero Day, Exploit

MOVEit Transfer Zero Day Under Attack

A critical zero day flaw in all version of MOVEit Transfer is under active attack by multiple threat actors.

Vulnerability, Zero Day

Threat Actors Exploit Critical Zyxel Flaw in Botnet Attacks

Researchers warn that they are seeing widespread exploitation of the critical-severity Zyxel flaw.

Zyxel, Exploit, Mirai

Qakbot Ducks for Cover With New Tactics

The Qakbot malware operators have shifted tactics again to adapt to changes in defenses.

Malware, Qakbot

Decipher Podcast: Source Code 6/2

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

New SeroXen RAT Emerges

A new RAT known as SeroXen is for sale on forums and social media platforms and has the ability to evade EDR and delivers a rootkit.

Malware

BlackCat Ransomware Improves Capabilities With Sphynx Variant

A BlackCat ransomware version announced in February includes new abilities allowing attackers to evade detection and analysis.

Ransomware

Q&A: Megan Stifel

From safe haven countries to crackdowns on cryptocurrency exchanges used for ransomware payments, Megan Stifel talks about how the security ecosystem is putting pressure on ransomware threat groups.

Q&a, Ransomware

Decipher Podcast: Hazel Burton

Dennis Fisher is joined by Hazel Burton from the Cisco Talos team to talk about the importance of empathy in communications, her non-linear path to infosec, and how her improv comedy training has helped her in her roles.

Podcast

New Ransomware Group Uses Repurposed LockBit, Babuk Variants

Researchers with Symantec said the threat actor behind the campaign, Blacktail, hasn’t been linked to any existing cybercrime group.

Ransomware

Barracuda Fixes RCE Flaw in Email Security Gateway

Barracuda has patched a remote code execution vulnerability in its Email Security Gateway appliances.

Email