Security news that informs and inspires

All Articles

2201 articles:

Serious Privilege Escalation Flaw in Linux Component Patched

A local privilege escalation bug in the Polkit Linux component could allow an attacker to gain root privileges with a simple exploit.

Linux

White House Orders Federal Agencies to Adopt Zero-Trust Strategy

The White House has outlined a number of cybersecurity measures that federal agencies must adopt - as part of an overall zero-trust strategy - though it acknowledges that the transition "will not be a quick or easy task."

Government Agencies, Zero Trust

Q&A: Timo Steffens

Timo Steffens, private security researcher and author of Attribution of Advanced Persistent Threats, discusses some of the top roadblocks that researchers face during attribution.

Q&a, Malware, Cyberattack

LockBit Ransomware Variant Targets VMware ESXi Servers

Researchers found an announcement on an underground forum for LockBit Linux-ESXi Locker version 1.0 in October.

Ransomware, Linux, Vmware

Remote Code Execution Bugs Fixed in PrinterLogic Platform

Three remote code execution bugs in the PrinterLogic platform have been patched. The bugs could allow an attacker to run arbitrary code on any connected endpoint.

Vulnerability

Concerns Grow Over Potential New Russian Cyberattacks

The Russian incursion into Ukraine is prompting warnings from the DHS and security researchers about the potential for Russian cyberattacks on U.S. companies.

Russia, Malware

DTPacker Malware Steals Data, Loads Second-Stage Payloads

Researchers have been tracking the malware packer since 2020 in dozens of campaigns that have impacted hundreds of victims.

Malware

Decipher Podcast: Source Code 1/21

Welcome to Source Code, Decipher’s weekly news podcast with input from our sources.

Podcast, Source Code

Emotet Spam Attacks Use Hexadecimal, Octal IP Addresses

The known tactic, which helps attackers sidestep detection, has been observed in spam messages that deploy Emotet.

Emotet, Malware, Spammers

Flaw in Rust Could Lead to File, Directory Deletion

A bug in many version of the Rust programming language could allow an attacker to trick a program into deleting files and directories.

Vulnerabilities, Rust

Failed Attacks Target SolarWinds Serv-U Bug in Log4Shell Campaigns

Microsoft researchers observed attackers exploiting the Log4Shell bug in the SolarWinds Serv-U software.

Log4j

MoonBounce UEFI Malware Uncovered in Targeted Attack

Researchers believe that China-linked threat group APT41 is behind the highly targeted attack.

UEFI, Malware

Biden Memo Orders Cybersecurity Mandates For National Security Systems

A National Security Memorandum signed Wednesday by President Joe Biden addresses various cybersecurity mandates - including MFA and encryption - for national security systems.

Government Agencies, Government Security

Decipher Podcast: Robert Hansen Returns

Robert Hansen (aka RSnake) joins Dennis Fisher to talk about his new research on NaN injection in Python and the issues with the software supply chain.

Podcast

Europol Takes Down VPN Service Used by Cybercriminals

A coordinated law enforcement operation seized 15 servers of a VPN provider that was a “popular choice for cybercriminals.”

Vpn, Cybercrime, Ransomware