Security news that informs and inspires

All Articles

1651 articles:

Decipher Podcast: Source Code 7/29

Welcome to Source Code: Decipher's behind-the-scenes look at the weekly news with input from our sources.

Source Code, Podcast

Atlassian Confluence Hardcoded Credentials Bug Actively Exploited

Researchers urged impacted organizations to “take steps immediately to mitigate the vulnerability" in Atlassian's Confluence Server and Data Center.

Atlassian

Decipher Podcast: Sean Zadig

Sean Zadig, CISO of Yahoo and head of the Paranoids, talks with Dennis Fisher about his start in the security field, protecting a massive user base, and thinking about security critically.

Podcast

North Korean Attackers Use Malicious Browser Extension to Steal Email

The Kimsuky threat group based in North Korea is using a malicious browser extension to steal email from active user sessions in Chrome and Edge.

North Korea

Experts Urge Congress to Pressure Commercial Spyware Vendors

Researchers from Google and Citizen Lab urged Congress to use intelligence agencies, diplomatic, and economic means to pressure commercial spyware vendors such as NSO Group.

Spyware, Government

Cyber Mercenary Leveraged Windows Zero Day in Subzero Malware Attack

Microsoft exposed an Austria-based private-sector offensive actor that has been observed both selling the Subzero malware to third parties, but also using its own infrastructure in some attacks.

Hack for Hire

U.S. Government Grapples With Cyber Incident Reporting Pain Points

The U.S. government wants cyber incident reporting to be more consistent, but it must work through several challenges, including the stigma around the repercussions of reporting.

Government Agencies

TSA Updates Security Requirements For Pipeline Operators

The revised Security Directive aims to give natural gas and oil pipeline operators more flexibility in how they implement security measures.

Tsa, Operational Technology

New CosmicStrand UEFI Rootkit Variant Found

Kaspersky researchers have found a new UEFI rootkit called CosmicStrand that infects the firmware of some specific motherboards.

Malware, China

Decipher Podcast: Source Code 7/22

Welcome back to Source Code, Decipher’s weekly security news podcast with input from our sources.

Podcast, Source Code

Atlassian Warns Confluence Users of Critical Hardcoded Credentials Bug

After an external party publicly disclosed the hardcoded password on Twitter, Atlassian said the issue is "likely to be exploited in the wild."

Flaw, Atlassian

Threat Actor Targets Financial Entities With Evilnum Malware

The threat actor has been observed targeting companies with operations supporting foreign exchanges and cryptocurrency, and organizations in the Decentralized Finance (DeFi) industry.

Malware

Justice Department Seizes $500K From North Korean Ransomware Group

U.S. authorities seized a half million dollars and disrupted the activities of a North Korean state-sponsored group.

North Korea, Ransomware

CloudMensis macOS Malware Steals Sensitive Data

The previously undisclosed macOS malware was observed as part of a targeted operation with the end goal of exfiltrating sensitive information from victims.

Macos, Macos Security, Apple

Decipher Podcast: Mark Arena

Intel 471 CEO Mark Arena talks about the process behind monitoring threat actors and how cybercrime is evolving.

Podcast