All Articles

Browse by Category:

Browse by Tag:

Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware

2237 articles:

Researchers Warn of Unpatched, Actively Exploited Zimbra Flaw

Zimbra has published mitigations against the actively exploited flaw (CVE-2022-41352) in Zimbra Collaboration Suite; however, it has yet to issue a fix.

Zimbra, Vulnerability

Decipher Podcast: Source Code 10/7

Welcome back to Source Code, Decipher’s weekly news wrap podcast.

Podcast, Source Code

Decipher Podcast: Juan Andres Guerrero-Saade

Dennis Fisher talks with Juan Andres Guerrero-Saade, senior director at SentinelLabs, about the investigation into the new Metador APT group that he and his colleagues unveiled at LabsCon recently.

Podcast

APTs Stole Sensitive Data From Defense Industrial Base Facility

The FBI, NSA and CISA are highlighting IoCs and TTPs used in an attack on a defense industrial base organization that leveraged compromised credentials, a custom data exfiltration tool and the Impacket open-source toolkit.

APT

CISA Directive Aims to Help Federal Agencies Detect Flaws on Network

CISA hopes the new directive will improve and provide measurable processes for asset detection and vulnerability discovery across U.S. federal agencies.

Federal Cybersecurity

Bumblebee Loader Evolves to Drop New Payloads

The Bumblebee malware loader is delivering separate payloads for different machines and using new evasion techniques.

Malware

Lazarus Group Exploited Dell Driver Flaw to Disable Windows Monitoring Features

Researchers said the Lazarus Group attacks were the first recorded abuse of the known Dell driver flaw (CVE-2021-21551) in the wild.

Dell, Windows

Attackers Exploiting Two Microsoft Exchange Zero Days

Attackers are exploiting two new Microsoft Exchange zero days ( CVE-2022-41040 and CVE-2022-41082) in the wild. Microsoft is working on a patch.

Microsoft, Zero Day

Decipher Podcast: Source Code 9/30

Welcome back to Source Code, Decipher's weekly security news podcast.

Podcast, Source Code

Threat Actor Delivered Malware Via Trojanized Live Chat Installer

The trojanized file was identified at organizations in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe, according to researchers.

Malware

Novel Malware Installed in VMware ESXi Attacks

Attackers used a unique tactic to install backdoors after compromising multiple organizations' VMware ESXi servers.

Vmware

Lazarus Group Affiliate Uses Trojanized Open Source Apps in New Campaigns

Zinc, a Lazarus group offshoot, is using trojanized versions of open source apps such as KiTTY and PuTTY in a new phishing campaign.

North Korea, Microsoft

New Chaos Malware Targets Windows and Linux Devices

A new piece of malware known as Chaos that is built for Windows and Linux systems is infecting home routers, enterprise servers, and other devices and launching DDoS attacks.

Malware, Botnet, China

Phishing Attack Targets Microsoft Flaw to Deliver Cobalt Strike

The attack was first discovered in August after victims received phishing emails containing malicious document attachments.

Phishing

Node.js Update Fixes High Severity Flaws

An update for the Node.js framework includes fixes for DNS rebinding and HTTP smuggling vulnerabilities.

Vulnerabilities, Javascript