Security news that informs and inspires

All Articles

1164 articles:

More Malware Targets M1-Based Macs

A recent variant of the XCSSET malware has the capability to infect ARM M1-based Macs in addition to x86-based machines.

Macos, Apple

Decipher Podcast: Steve Ragan

Steve Ragan, security researcher with Akamai, joins Lindsey O’Donnell-Welch to discuss the evolution of phishing kits over the past year, and how attacks on the identity and trust model will change as employees start to go back into the office.

Podcast

New Bill Would Curb the Export of Americans’ Data

The newly-proposed U.S. draft bill would introduce a license requirement for foreign companies to trade U.S. citizens’ personal information.

Data Privacy, Government, Regulation

Popular Codecov Bash Uploader Tool Compromised

The Codecov Bash Uploader tool, used widely in ,any development environments, was compromised in January, potentially causing serious downstream problems.

Supply Chain

Russian APT Group Actively Exploiting Flaws, U.S. Agencies Warn

The U.S. federal agency advisory on the active exploits of five flaws comes in tandem with the U.S. government formally attributing the SolarWinds supply-chain attack to Russian Foreign Intelligence Service (SVR) actors.

Apt, Solarwinds, Government Agencies, Government

U.S. Sanctions Russia in Wake of Recent Cyber Attacks

The U.S. has imposed new economic sanctions against the Russian government and several IT security companies in the wake of the SolarWinds intrusion and other attacks.

Government, Russia

Lazarus Group Adds JavaScript Sniffer to Cryptocurrency-Stealing Arsenal

The Lazarus threat group utilized a modified JavaScript sniffer to steal cryptocurrency from unsuspecting e-commerce website consumers.

Threat Actors, Apt, Ecommerce Security, Cryptocurrency

Microsoft Fixes Windows Zero Day Exploited in the Wild, Four More Exchange Flaws

Microsoft has released patches for a Windows bug that is being exploited in the wild and for four new Exchange vulnerabilities.

Microsoft, Patch Tuesday

IoT, Industrial Devices Impacted By Name:Wreck Vulnerabilities

Researchers found nine flaws that highlight the weaknesses of DNS protocol implementations in TCP/IP network communication stacks.

Iot Security, Dns Security, Dns

FBI Uses Warrant to Remove Webshells From Compromised Exchange Servers

The FBI issued remote commands to compromised Exchange servers to remove webshells with the authority of a court order.

Government, Microsoft

Decipher Podcast: Patrick Wardle Returns

Mac security researcher Patrick Wardle joins Dennis Fisher to talk about the evolution of Mac malware, the relative security of macOS to other platforms, and Apple's current approach to platform safety.

Podcast

Threat Groups Prey on Mobile With Evolving Malware, Tactics

Up to 97 percent of organizations reported facing mobile threats that used multiple attack vectors during 2020, as cybercriminals continue to adopt new tactics to target mobile devices.

Mobile, Malware, Banking Malware, Android

Biden to Nominate Former NSA Official Easterly to Head CISA

President Biden plans to nominate Jen Easterly, a former Army officer and NSA official, to head the Cybersecurity and Infrastructure Security Agency.

Government, Cisa

IcedID Trojan Finding New Ways to Slip Past Defenses

The IcedID trojan is taking up come of the slack left behind when the Emotet botnet was taken down, with new evasion and infection flows.

Malware

Iron Tiger APT Updates Toolkit in 18-Month Malware Campaign

An 18-month malware campaign on a gambling company reveals how the Iron Tiger threat group has updated its toolkit.

Apt, Malware, Attacker, Remote Access Trojan, Backdoors