All Articles

Browse by Category:

Browse by Tag:

Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware

2239 articles:

The Emergence of Security Flaws as a ‘National Resource’ in China

An Atlantic Council report looks at the impact of China's regulation - in effect now for two years - that requires organizations to submit notice of a software vulnerability to the Chinese government within two days of discovery.

China

Iranian Threat Group Targets Cloud With Password Spraying Attacks

An Iran state-backed group called Peach Sandstorm is using password spraying attacks to target cloud environments in organizations across many industries.

Microsoft, Iran

DBatLoader Leverages OneDrive to Deliver Commodity Malware

The malware loader was recently observed in almost two dozen email campaigns that appeared to target English speakers and involved lures related to shipping orders and billing, invoice and purchase requests or inquiries.

Malware

Caesars Says Cyberattack Stemmed From Third-Party Vendor Compromise

Public disclosure of the Caesars cyberattack comes as MGM Resorts continues to face disruption across its hotels and casinos due to a separate cyber incident.

Cyberattack, Ransomware

Decipher Podcast: Source Code 9/15

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Podcast, Source Code

Microsoft Warns of Teams-Based Phishing Campaign

Microsoft is warning enterprises about a recent Teams-based phishing campaign operated by a developing thrat group known as Storm-0342.

Microsoft, Phishing

Microsoft Warns of Two Zero Day Flaws

The Microsoft flaws join a rash of zero days disclosed over the past week by various companies, including Apple, Google and Adobe.

Microsoft, Patch Tuesday

CISA Outlines Plans to Tackle Open Source Software Security

In an Open Source Software Security Roadmap released on Tuesday, the agency said it wants to build up the capabilities to better understand the complex open source ecosystem and create visibility around the security risks in this landscape.

Log4j, Cisa

Adobe Patches Actively Exploited Reader Zero Day

Adobe is warning Acrobat and Acrobat Reader users about an actively exploited vulnerability in those products.

Adobe

Google Fixes Critical Chrome Zero Day

Google said that the flaw was reported by Apple’s Security Engineering and Architecture team and Citizen Lab on Sept. 6.

Google Chrome

New MetaStealer Malware Targets macOS Users

A new strain of infostealer targeting Macs, known as MetaStealer, is hitting enterprises.

Apple

Decipher Podcast: Trickbot Sanctions, Apple Zero Days, and a Stolen Microsoft Key

Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch break down a busy news week, including Microsoft's revelations about the theft of its signing key, the Trickbot group sanctions, and some new Apple iOS zero days.

Apple, Podcast, Microsoft, Trickbot

Apple Fixes Two Actively Exploited Flaws

Apple has rolled out iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS Ventura 13.5.2 to address the security flaws.

Apple, Zero Day

APT Actors Exploited Known Zoho, Fortinet Flaws to Hit Aeronautical Org

Fixes for both the Zoho and Fortinet vulnerabilities have been available since last year.

APT, Fortinet

U.S., U.K. Hit Trickbot Group With Fresh Sanctions

The Department of the Treasury and the U.K. government have sanctioned 11 alleged members of the Trickbot group and say the group is allied with Russian intelligence.

Trickbot, Russia