All Articles

Browse by Category:

Browse by Tag:

Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware

2327 articles:

Decipher Podcast: Source Code 8/19

Welcome back to Source Code, Decipher’s news wrap podcast that includes input from our sources.

Podcast, Source Code

Cybercrime Group TA558 Ramps Up Email Attacks Against Hotels

The small cybercrime actor is upping its operational tempo in 2022 against hospitality organizations like hotels and travel companies.

Cybercrime

Decipher Podcast: Chester Wisniewski and Peter Mackenzie

Peter Mackenzie, director of incident response at Sophos, and Chester Wisniewski, principal research scientist at Sophos, talk about why more ransomware attackers are clustering onto vulnerable networks - sometimes simultaneously.

Podcast

Apple, Google Fix Zero Days Under Active Attack

Apple and Google have released fixes for iOS and macOS, and Chrome, respectively, to address bugs that have been exploited in the wild.

Apple, Google

CISA Warns of Ongoing Exploitation Against Zimbra Flaws

Attackers are eyeing known vulnerabilities in the Zimbra collaboration suite to target government and private sector organizations.

Vulnerability, CISA

RubyGems Requires MFA for Popular Projects

RubyGems is now requiring projects with more than 180 million downloads to use MFA, and may extend the requirement to other projects.

Supply Chain

Microsoft Disables Accounts Abused By Russian Threat Actor

Microsoft observed the threat actor, which it tracks as Seaborgium, targeting over 30 organizations since 2022 started.

Microsoft

FTC Moves to Address Pervasive Commercial Surveillance

The FTC may consider rules to address the abuses of commercial surveillance by ad tech companies and platform providers.

Privacy, FTC

Zero Day Initiative Changes Disclosure Policy For Faulty Patches

The Zero Day Initiative cited a decrease in patch quality that is leading to many issued fixes being faulty or incomplete.

Zdi, Patch

Decipher Podcast: Source Code 8/12

Welcome back to Source Code, Decipher’s weekly news wrap podcast with input from our sources.

Podcast, Source Code

For Bug Bounties, ‘Knowing is Less Than Half the Battle’

Bug bounty programs can be invaluable, but without the proper resources in place, they will fail hard.

Black Hat, Bug Bounty

Long Before Colonial Pipeline, Red Flags Foreshadowed Hack

“There’s a lack of imagination or… anticipation about the next move that hackers will make," warned investigative journalist Kim Zetter during Black Hat this week.

Colonial Pipeline, Black Hat

Krebs: ‘We’ve Over-Fetishized the APT Threat’

Former CISA director Chris Krebs said at Black Hat that the community may have focused too much on APT groups in recent years.

Black Hat, Government

After Log4j, Efforts to ‘Uplift’ Open Source Ecosystem Continue

At Black Hat USA this week, Cyber Safety Review Board members tasked with looking at key lessons learned from Log4j talked about continued security issues facing the open source community.

Log4j

Microsoft Fixes Known, Exploited Flaw in Windows Diagnostic Tool

The flaw was first reported to Microsoft in 2019, but at the time it said it did not consider the issue to be a vulnerability.

Microsoft, Windows