Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2236 articles:

Log4j Attacks Spread as State Actors Target Bug

State actors from China, Iran, North Korea and other countries are targeting the Log4j (CVE-2021-44228) flaw.

Log4j, Apache

Microsoft Fixes Spoofing Flaw Used in Emotet Attacks

Attackers were attempting to exploit the flaw to distribute the Emotet, Trickbot and Bazaloader malware.

Microsoft, Patch Tuesday

Q&A: John Hammond

John Hammond of Huntress discusses the seriousness of the Apache Log4j vulnerability, the community response, and how attackers are exploiting it.

Log4j, Apache

Apple Fixes Critical Kernel Flaws in iOS and macOS

Apple has released iOS 15.2 and macOS Monterey 12.1, which both include dozens of security fixes for critical flaws.

Apple

Google Fixes High-Severity Chrome Zero Day

The use-after-free flaw (CVE-2021-4102) has been fixed in Chrome version 96.0.4664.110 for Windows, Mac and Linux. Learn more about it.

Google Chrome, Google, Chrome Security, Zero Day

Critical Log4j Flaw Fallout Continues

The widespread usage of Log4j is adding complexity to organizations attempting to apply patches.

Vulnerability, Java, Java Vulnerabilities, Java Exploit

Decipher Podcast: John Hammond

John Hammond of Huntress joins Dennis Fisher to discuss the critical Log4j vulnerability, the community response, and the potential long-term effects of the bug.

Podcast

Decipher Podcast: Source Code 12/10

This week's Source Code podcast by Decipher takes a look behind the scenes at top news with input from our sources.

Podcast, Source Code

Exploitation Attempts Ramp Up Against Critical Log4j Flaw

While a patch is available from the Apache Software Foundation, researchers say that numerous companies may need to wait until vendors push security updates out to their own products.

Apache, Java Exploit, Exploit Defense

Q&A: Wade Baker and Ben Edwards

Wade Baker and Ben Edwards of Cyentia Institute discuss the design and analysis of the data from the Cisco Security Outcomes Study.

Data Science

Emotet Shifts Gears, Drops Cobalt Strike Directly

New versions of Emotet have been dropping Cobalt Strike beacons directly, rather than relying on intermediate payloads such as Trickbot.

Emotet, Trickbot

Phishing Attacks Abuse Microsoft OAuth Implementations

Starting in February 2020, attackers have leveraged weaknesses that occur “by design” in OAuth 2.0 implementations from Microsoft and GitHub.

Oauth, Oauth Phishing, Microsoft

Decipher Podcast: Wade Baker and Ben Edwards

Wade Baker and Ben Edwards of the Cyentia Institute join Dennis Fisher to discuss the process of designing and interpreting the data from the Cisco Security Outcomes study, what surprised them from the data, and how organizations can use the study.

Podcast, Data Science

Mirai-Based Botnet Infects Vulnerable Surveillance Cameras

The Moobot botnet has been infecting popular surveillance cameras and using them in distributed denial-of-service (DDoS) attacks.

Botnet, Mirai

Google Disrupts Massive Glupteba Botnet

Google has taken down servers associated with the huge Glupteba botnet and also sued two alleged operators of the network.

Google, Botnet