SEARCH
All Articles
BazarLoader Attacks Use Compromised Software Installers
Researchers have observed the BazarLoader information stealer now being spread via compromised versions of VLC and TeamViewer packages.
Imunify360 Flaw Can Lead to Code Execution
CloudLinux's Imunify360 security platform has a severe flaw (CVE-2021-21956) that can lead to remote code execution in some circumstances.
Attackers Exploit Known Microsoft Exchange Server Flaws to Hijack Emails
Cybercriminals are using the known ProxyLogon and ProxyShell vulnerabilities to hijack email threads in malware attacks.
Attackers Using Suite of Tools to Exploit ManageEngine Flaw
An APT group is using a suite of tools, including KdcSponge, Godzilla, and NGLite, to exploit a known ManageEngine flaw and move laterally.
Decipher Podcast: Source Code 11/19
This week's Source Code podcast by Decipher takes a look behind the scenes at top news with input from our sources.
Banks Face 36-Hour Security Incident Reporting Deadline
A new Federal Deposit Insurance Corporation (FDIC) rule requires banks to notify federal regulators of security incidents within 36 hours.
APT Group Exploiting Zero Day in FatPipe Software
The FBI is warning about an APT actor that is exploiting a zero day flaw in the FatPipe software on several products, including MPVPN, WARP, and IPVPN.
New Ransomware Group Retools Attacks On the Fly
A recently uncovered attack by a new ransomware group shows how cybercriminals will switch up their tactics on a whim.
CISA Warns Iranian APT Targeting US Infrastructure
CISA warned that an unnamed APT group associated with the Iranian government i exploiting known Fortinet and the Exchange ProxyShell bug to gain access to target networks.
U.S. Government Details Federal Agency Incident Response Plans
The U.S. government has published new playbooks with the goal of standardizing and improving how federal agencies plan for vulnerability and incident response.
Decipher Podcast: Nick Selby
Nick Selby joins Dennis Fisher to talk about his long and varied career in security, the challenges that law enforcement faces in investigating cybercrime, and what the future may hold for enterprise security teams.
Emotet Returns After Law Enforcement Disruption
Almost a year after law enforcement disrupted its infrastructure, the Emotet malware has returned.
‘We Have to Change the Decision Calculus’ to Stop Ransomware
Ransomware groups such as REvil have take some hits recently, but the broader landscape has continued to expand and experts say defenders need to change their thinking in order to address the problem.
CISA Warns of Serious Flaws in Many DDS Implementations
CISA is warning ICS operators of a number of vulnerabilities in some open-source and proprietary data distribution service implementations that can lead to remote code execution.
DHS Program Aims to Recruit Cybersecurity Talent
The Cybersecurity Talent Management System from the Department of Homeland Security (DHS) aims to overhaul the government's efforts in recruiting - and retaining - top cyber talent.