Security news that informs and inspires

All Articles

1776 articles:

Microsoft Discloses Fixed Azure Cosmos DB RCE Flaw

Details have been disclosed on a remote code execution flaw in Azure Cosmos DB, which was previously fixed by Microsoft in October.


Critical ConnectWise Remote Code Execution Bug Fixed

Thousands of internet-exposed servers remain vulnerable to the critical-severity ConnectWise flaw.


Exploit Code Published for VMware Cloud Foundation RCE Flaw

VMware Cloud Foundation is impacted by a remote code execution vulnerability in the XStream open source library.


OpenSSL to Fix Critical Flaw

OpenSSL will patch a critical security flaw in version 3.0.x on Nov.1, though details of the bug are still private.


Decipher Podcast: Source Code 10/28

Welcome to Source Code: Decipher's behind the scenes look at the weekly news with input from our sources.

Source Code, Podcast

CISA Releases Critical Infrastructure Security ‘Performance Goals’

The voluntary goals aim to provide a security baseline, in particular for small- and medium-sized critical infrastructure organizations.


Decipher Podcast: Kelley Misata

Kelley Misata, senior director of open source of open source at Corelight and CEO of Sightline Security, joins Dennis Fisher to talk about her road to get into security, the importance of protecting at-risk populations, and the challenges of building community in the open source world.

Podcast, Open Source Security

DoJ Charges Alleged Raccoon Infostealer Operator

The DoJ said that a 26-year-old Ukrainian national, Mark Sokolovky, had been arrested in March by Dutch authorities as an alleged operator of the Raccoon Stealer malware.

Malware, Doj

Microsoft Adds New Features to Authenticator to Prevent MFA Fatigue Attacks

Microsoft is adding number matching and geographic and app context to Authenticator to defend against MFA fatigue attacks.

Mfa, Microsoft

Apple Fixes Zero Day in iOS 16.1

Apple has fixed a kernel zero day in iOS 16.1, along with a huge number of vulnerabilities in macOS Ventura.


FTC Cracks Down on Drizly, CEO For Lax Security Practices

A newly proposed order against Drizly will also bind its CEO to specific data security-related requirements after a 2020 data breach.

Ftc, Data Security

FBI, CISA Warn Healthcare Sector of Daixin Ransomware Attacks

The Daixin group has been targeting healthcare organizations with double extortion ransomware attacks, U.S. government agencies warned.

Healthcare, Cisa, Ransomware

New Data Exfiltration Tool Seen in BlackByte Ransomware Attacks

Threat actors are using customized exfiltration tools in hopes of increasing the speed for their ransomware attacks.


FBI Warns of Attacks From Iranian Threat Group Emennet Pasargad

The FBI is warning companies about hack-and-leak operations from Iranian threat actor Emennet Pasargad.


Decipher Podcast: Source Code 10/21

Welcome to Source Code: Decipher's behind the scenes look at the weekly news with input from our sources.

Source Code, Podcast