Security news that informs and inspires

All Articles

1774 articles:

Decipher Podcast: Andy Greenberg on Tracers in the Dark

Wired journalist and author Andy Greenberg joins Dennis Fisher to discuss his new book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, which tells the stories of the agents, academics, and security experts who tracked the admins of the Silk Road, AlphaBay, and other darknet markets through specialized blockchain tracing techniques.

Podcast

APT5 Exploiting New Flaw in Citrix ADC and Gateway

APT5, a Chinese threat group, has used a newly discovered flaw (CVE-2022-27518) in Citrix ADC and Gateway to target a small number of organizations.

Citrix, China

CISA Warns of Serious Flaws in Rockwell Automations PLCs

CISA is warning about a denial-of-service flaw in several lives of Rockwell Automation controllers, as well as a SQL injection bug in Advantech iView.

Iot Security

Fortinet Warns New Critical Fortigate Bug Has Been Exploited

A new critical vulnerability (CVE-2022-42475) in Fortinet's Fortigate firewall has been actively exploited.

Zero Day, Fortinet

Apple to Encrypt iCloud Backups, Enable Hardware Security Keys for 2FA

Apple plans to enable end-to-end encryption for iCloud backups and allow people to use hardware security keys for 2FA in the coming months.

Apple

Cobalt Mirage Actors Deploying Drokbk Malware in Recent Campaigns

The Iranian Cobalt Mirage threat group has been using the Drokbk malware in recent intrusions and employing GitHub repositories as dead drop resolvers.

Apt, Iran

Q&A: Haroon Meer

Haroon Meer, hacker and founder of Thinkst, talks with Dennis Fisher about the current economic downturn and its effects on the security industry, as well as the value of listening to customers.

Q&a

North Korean APT37 Used Internet Explorer Zero Day

A North Korean state-backed actor known for targeting South Korean victims recently used an Internet Explorer zero day (CVE-2022-41128).

Apt, North Korea

Decipher Podcast: Haroon Meer Returns

Haroon Meer of Thinkst joins Dennis Fisher to talk about the state of the security industry, the value of treating customers with respect, and what the economic downturn could mean for the security community.

Podcast

Trio of MegaRAC BMC Flaws Could Have Long Range Effects

Three vulnerabilities in the MegaRAC BMC firmware affect a long list of servers and could have seriious long term effects.

Hardware Security, Firmware Security

FreeBSD Patches RCE Flaw in Ping

The FreeBSD Project has released updates to fix a stack buffer overflow in the ping utility.

Linux

Q&A: Lucia Milica

Lucia Milica, global resident CISO at Proofpoint, talks about challenges that CISOs face when interacting with the leadership team.

Ciso Q&a

LastPass Says Attacker Accessed Customer Data

LastPass says an attacker used information stolen during a previous intrusion to gain access to a cloud storage service and obtain customer data.

Password Security

Google Exposes Heliconia Exploit Framework Targeting Chrome, Firefox, Windows

Google's Threat Analysis Group has exposed a new exploit framework called Heliconia that may have been used to exploit zero days in Chrome, Firefox, and Windows.

Google, Spyware

New Chinese Cyberespionage Campaign Targets Asia, US

A newly discovered cyber espionage campaign from a Chinese threat actor is targeting Asian and US organizations with self-replicating malware called MISTCLOAK.

Malware