Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2360 articles:

Federal VDP Program Shows Early Success

The federal government's vulnerability disclosure policy platform has taken in more than 1,300 unique valid bug reports in its first 18 months.

Government, Vulnerabilities

China-Based APT Flies Under Radar in Espionage Attacks

While the APT has targeted dozens of organizations in Taiwan, researchers with Microsoft warn that its tactics could easily be used in campaigns in other areas.

Apt

Proposed Bill Would Mandate Federal Contractor VDPs

The newly proposed Federal Cybersecurity Vulnerability Reduction Act mandate vulnerability disclosure policies for contractors.

Bug Bounty

Decipher Podcast: Source Code 8/25

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

Exploit Code Published for Ivanti Sentry Flaw

Researchers have published working exploit code for the Ivanti Sentry CVE-2023-38035 flaw.

Ivanti

Researchers Uncover New Lazarus Group Malware Details

The group reused its infrastructure in attacks against internet infrastructure and healthcare organizations in the U.S. and UK, allowing researchers to unearth details about its newest malware tools.

Lazarus Group

Ivanti Warns of Actively Exploited Flaw in Sentry

Ivanti on Tuesday said it “has been informed that CVE-2023-38035 was exploited after exploiting CVE-2023-35078 and CVE-2023-35081.”

Ivanti

Serious RCE Bug Fixed in WinRAR

The makers of WinRAR have released a new version that fixes a serious remote code execution flaw (CVE-2023-4407) in the compression utility.

Patch

Decipher Podcast: Greg Notch

At Black Hat USA, Greg Notch, CISO at Expel, talked about his previous experiences as the former NHL CISO and how to effectively communicate security risk at the board level.

Podcast

XLoader MacOS Malware Variant Resurfaces

A new version of the macOS XLoader malware has been observed.

Macos

Cuba Ransomware Attacks Reveal TTP Modifications

Researchers said they observed new tactics being used by the well-known ransomware group in attacks against a critical infrastructure entity in the U.S. and an IT integrator in Latin America.

Ransomware

Threat Actors Exploit Known Citrix ShareFile Flaw

The ShareFile flaw could allow unauthenticated attackers to remotely compromise the customer-managed ShareFile storage zone controller.

Citrix

Phishing Campaign Targets Zimbra Users

A newly identified phishing campaign is targeting Zimbra Collaboration users around the world.

Zimbra

Ivanti Fixes Flaws in Enterprise Mobile Device Management Software

One of the more serious flaws in Ivanti's enterprise mobile device management platform could allow unauthenticated, remote attackers to execute code.

Vulnerability, Ivanti

Mandiant Releases Scanner for Citrix ADC Bug

Mandiant has released a scanner to identify appliances that have been compromised through exploitation of CVE-2023-3519.

Citrix