Security news that informs and inspires

All Articles

1731 articles:

The Challenge of Securing Critical Operational Technology Systems at the Ground Level

As the federal government contemplates how it approaches operational technology security measures, a "big opportunity" exists as infrastructure is upgraded or replaced.

Critical Infrastructure

CISA Warns of Critical Flaw in Honeywell SoftMaster PLC Software

A critical vulnerability in the Honeywell SoftMaster PLC controller software can allow an attacker to execute arbitrary code on vulnerable machines.

Ics Security

U.S. Government Hits Alleged Iranian Hackers with Indictments, Sanctions

The U.S. government indictments, sanctions and detailing of TTPs were part of a wave of actions against Iran-linked threat actors that allegedly targeted critical infrastructure organizations since 2020.

Iran

Software Supply Chain Security Takes Center Stage in Washington

The Biden administration issued new guidance on software supply chain security for federal agencies, which includes requirements for self-attestations and SBOMs.

Government, China, Solarwinds

Microsoft Fixes Exploited Windows Bug

The vulnerability in the Windows Common Log File system could allow an authenticated attacker to execute code with elevated privileges.

Microsoft, Patch Tuesday

New Regulation May Follow Twitter Disclosures

Whistleblower disclosures by former Twitter security executive Peiter Zatko have spurred Congress to consider new regulations of platform providers and social media companies.

Government

Iranian Attackers Upgrade Social Engineering Tactics

Iranian threat actor TA453 has been sending spear-phishing emails that impersonate real individuals from Western foreign policy research institutions.

Iran

Apple Patches Zero Days in macOS Monterey, Big Sur

Apple has patched zero days in the kernel of macOS Monterey and Big Sur and also fixed 11 vulnerabilities with the release of iOS 16.

Apple, Zero Day

Expect ‘Fluidity’ From Threat Actors Ahead of the Midterm Elections

While awareness about election security has increased since 2016, threat actors launching espionage and disinformation campaigns are also leveling up, warn security experts.

Election Security, Elections

Decipher Podcast: Sneakers at 30

Dennis Fisher, Zoe Lindsey, Pete Baker, and Casey Ellis convene to honor the 30th anniversary of the release of Sneakers, the greatest hacker movie ever made, and discuss its legacy, popularity in the hacker community, and why it still holds up today.

Podcast, Hacker Movies

Iranian Actors Targeted SharePoint Flaw in Attack on Albania

The Iranian state-backed actors who attacked the Albanian government targeted an old SharePOint vulnerability for initial access.

Ransomware

U.S. Seizes $30 Million in Cryptocurrency from North Korean Hackers

Chainalysis said it worked with law enforcement to recover $30 million in stolen funds from the March Axie Infinity currency heist.

Cryptocurrency

Decipher Podcast: Source Code 9/9

Welcome back to Source Code, Decipher's weekly security news podcast.

Podcast, Source Code

Lazarus Group Exploited Log4j Flaw to Target Energy Firms

The North Korean state-sponsored group has been targeting VMware Horizon servers vulnerable to Log4j in order to infect energy firms with malware.

Lazarus

White House Plans ‘Further Action’ After Iranian Cyberattack on Albania

The White House and the Albanian government blamed Iranian government-supported actors for a July attack on Albania infrastructure, and said futrher action would be forthcoming.

Iran, Government