Security news that informs and inspires

All Articles

1889 articles:

Apple Fixes Code Execution Flaw in Xcode

Apple has fixed four flaws in its Xcode IDE, including a remote code execution flaw in Git (CVE-2022-39260).


Microsoft: Nation-State Actors Zero in on Critical Infrastructure, Unpatched Flaws

Nation-state actors are targeting critical infrastructure, the IT supply chain and unpatched flaws in an effort to advance evolving strategic political objectives and to reach a wider set of targets.

Nation State, Microsoft

UK-Based Threat Actors Impersonate Global Law Firms in BEC Attacks

Researchers have uncovered a new business email compromise group impersonating well-known law firms and attorneys to trick targets into paying fake invoices.

Bec, Business Email Compromise

Decipher Podcast: Source Code 11/4

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Podcast, Source Code

Threat Actors Pivot to Credential Theft in Government Mobile Phishing Attacks

A new Lookout report highlights a tangle of government mobile device security challenges, including the use of outdated or unmanaged devices, and a rise in phishing attacks targeting credentials.

Mobile Security, Phishing

Decipher Podcast: Dave Lewis

Dave Lewis, Global Advisory CISO at Cisco, talks about the top takeaways of the 2022 Duo Trusted Access Report and the driving factors behind increased adoption of WebAuthn, MFA and biometrics.


New Analysis Ties Black Basta Ransomware to FIN7 Tools

Researchers at SentinelLabs have identified several links between the Black Basta ransomware actors and the FIN7 cybercrime group.


OpenSSL 3.0.7 Fixes Two Buffer Overflows

OpenSSL 3.0.7 fixes two high-risk buffer overflows in Punycode decoding (CVE-2022-3786 and CVE-2022-3602), one of which can lead to remote code execution.


Microsoft Discloses Fixed Azure Cosmos DB RCE Flaw

Details have been disclosed on a remote code execution flaw in Azure Cosmos DB, which was previously fixed by Microsoft in October.


Critical ConnectWise Remote Code Execution Bug Fixed

Thousands of internet-exposed servers remain vulnerable to the critical-severity ConnectWise flaw.


Exploit Code Published for VMware Cloud Foundation RCE Flaw

VMware Cloud Foundation is impacted by a remote code execution vulnerability in the XStream open source library.


OpenSSL to Fix Critical Flaw

OpenSSL will patch a critical security flaw in version 3.0.x on Nov.1, though details of the bug are still private.


Decipher Podcast: Source Code 10/28

Welcome to Source Code: Decipher's behind the scenes look at the weekly news with input from our sources.

Source Code, Podcast

CISA Releases Critical Infrastructure Security ‘Performance Goals’

The voluntary goals aim to provide a security baseline, in particular for small- and medium-sized critical infrastructure organizations.


Decipher Podcast: Kelley Misata

Kelley Misata, senior director of open source of open source at Corelight and CEO of Sightline Security, joins Dennis Fisher to talk about her road to get into security, the importance of protecting at-risk populations, and the challenges of building community in the open source world.

Podcast, Open Source Security