Security news that informs and inspires

All Articles

2263 articles:

Change Healthcare Says Attackers Accessed PHI and PII

The ransomware attack on Change Healthcare included the theft of PHI and PII, the company said.

Healthcare

Nation-State Actors Exploited Ivanti Bugs to Hit MITRE

The MITRE Corporation has disclosed a breach impacting one of its collaborative networks used for research, development and prototyping.

Ivanti, MITRE Att&ck

Russian Group Forest Blizzard Deploying GooseEgg Tool to Exploit CVE-2022-38028

A Russian threat group known as Forest Blizzard has been using a custom tool called GooseEgg to exploit a Windows Print Spooler (CVE-2022-38028) for several years.

Microsoft, Russia

A Decade of Sandworm: Digging into APT44’s Past and Future

Decipher’s Lindsey O’Donnell-Welch and Mandiant analysts Dan Black and Gabby Roncone reflect on the most pivotal moments from Sandworm over the last decade, from NotPetya to the Ukraine electric power grid attacks.

APT, Video

Decipher Podcast: Source Code 4/19

Welcome back to the Source Code podcast, Decipher’s weekly news wrap podcast with input from our sources.

Source Code

OpenMetadata Bugs Enable Kubernetes Cryptomining Attacks

Threat actors have been exploiting known vulnerabilities in open-source platform OpenMetadata in order to access Kubernetes workloads and use them for cryptomining.

Kubernetes

Phishing Attack Targets LastPass Users’ Master Passwords

In order to convince LastPass users to hand over their passwords, attackers used a mix of phone calls, phishing emails and a phishing page under the domain “help-lastpass[.]com,” which has since been taken down.

Phishing

UK Police Take Down LabHost Phishing Service

Europol and a collection of UK law enforcement agencies have disrupted the LabHost phishing platform, which targeted victims globally.

Ransomware, Labhost

Decipher Podcast: Cody Stokes

Cody Stokes, a security leader at Procellis Technology, joins Dennis Fisher to talk about his time in the Marine Corps, the challenges of breaking into the cybersecurity field, and the fulfillment he gets from helping to protect users.

Podcast

Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas

Recent activity by the well-known Sandworm group - which researchers with Mandiant have started calling APT44 - relies on a mix of espionage efforts and hacktivist personas.

APT

UnitedHealth Took $872M Hit From Change Cyberattack

UnitedHealth Group reports that the Change Healthcare ransomware attack has had an $872 million financial hit on its business, so far.

Ransomware

Critical Crypto Bug Fixed in PuTTY

Many versions of the PuTTY client have a weakness that can generate biased ECDSA nonces and enable an attacker to eventually recover private encryption keys.

Encryption

CISA Warns of Sisense Breach

CISA is warning of a customer data breach at Sisense, a provider of business data analytics platforms, but the details of the incident are scarce still.

Sisense

Palo Alto Networks Discloses Critical PAN-OS Zero Day

The flaw is being exploited in the wild, and no patches will be available until Sunday.

Zero Day

CISA Emergency Directive Orders Mitigations After Microsoft Breach

The U.S. government has made public an emergency directive that it issued last week for federal agencies, ordering them to take various mitigation measures after Microsoft's compromise last year.

Microsoft