All Articles

Browse by Category:

Browse by Tag:

Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware

2327 articles:

Google Fixes Zero Day in Chrome

Google has released an emergency update for Chrome to fix a vulnerability (CVE-2022-3075) that has been actively exploited.

Google

Decipher Podcast: Meg Gardiner on Heat 2

Dennis Fisher talks with Meg Gardiner, the coauthor of Heat 2, the bestselling sequel and prequel to Heat, the greatest crime movie ever made. They discuss the infosec and hacking subplot of the novel, where that idea came from, and how the research into the hacking scene worked.

Podcast

Decipher Podcast: Source Code 9/2

Welcome back to Source Code, Decipher’s weekly news podcast with input from our sources.

Source Code, Podcast

CISA Warns of Flaws in Contec Health Patient Monitoring Devices

CISA is warning customers about several locally exploitable flaws in Contec Health CMS8000 devices.

ICS

Microsoft Discloses Previously Fixed Azure Synapse Bug

Microsoft quietly fixed the elevation of privilege flaw in June.

Microsoft, Azure

Apple Fixes Zero Day in Older iOS Devices

Apple has released an update for older iOS devices and iPhones to address an actively exploited WebKit zero day (CVE-2022-32893).

Apple

Google Launches Bug Bounty Program For Open Source Projects

Google will reward the discoveries of flaws found in its open source software projects, such as Golang, Angular and Fuchsia.

Google, Bug Bounty

China-Based Group Uses ScanBox Framework in Espionage Attacks

The group activity has overlaps with APT40, which has continued its “operational tempo” despite a previous indictment by the U.S. Department of Justice in 2021.

Phishing

FTC Sues Data Broker For Selling Sensitive Location Data

The lawsuit against data broker Kochava is another step by the FTC to crack down on invasive data collection and sharing practices.

Data Privacy, FTC

Attacker Stole Portion of LastPass Source Code

An attacker was able to compromise a developer account and steal a portion of the LastPass source code recently, the company said. But no customer data was affected.

Passwords

Phishing Campaign Targets PyPI Project Maintainers

The PyPI maintainers say a new phishing campaign is targeting Python project maintainers and aiming to steal credentials and compromise projects.

Open Source Security, Pypi, Github

Iranian APT Using Custom Tool to Scrape Gmail, Outlook Inboxes

The Iranian APT group known as Charming Kitten has been using a new tool called HYPERSCRAPE to steal the contents of Gmail, Yahoo, and Outlook 365 inboxes.

Google, Iran

Bug in CrowdStrike Falcon Allows Removal of Security Agent

Researchers have disclosed a bug in some versions of CrowdStrike Falcon that allows an attacker with admin privileges to uninstall the security agent.

Crowdstrike

Cryptojacking Not Dead Yet

Microsoft has been tracking a recent cryptojacking campaign that abuses Windows binaries to stay hidden.

Cryptojacking

Russian APT Targets Microsoft 365 Features to Muddle Detection

APT29, the threat actor linked to the SolarWinds hack, is abusing various Azure features in recent attacks against organizations that influence the foreign policy of NATO countries.

Solarwinds, Microsoft