Security news that informs and inspires

All Articles

2327 articles:

Apple Sues NSO Group

Apple has sued NSO Group for allegedly abusing the company's iCloud servers and injuring its customers.

Apple

Malware Samples Target Windows Installer Flaw

Researchers have uncovered malware samples that are targeting a local privilege escalation flaw in Windows Installer.

Windows, Microsoft, Zero Day

Decipher Podcast: Casey Ellis

Casey Ellis joins Lindsey O'Donnell-Welch to discuss the evolution, adoption and standardization of vulnerability disclosure programs - both in the U.S. and across the globe.

Podcast, Vulnerability Disclosure

BazarLoader Attacks Use Compromised Software Installers

Researchers have observed the BazarLoader information stealer now being spread via compromised versions of VLC and TeamViewer packages.

Malware, Ransomware

Imunify360 Flaw Can Lead to Code Execution

CloudLinux's Imunify360 security platform has a severe flaw (CVE-2021-21956) that can lead to remote code execution in some circumstances.

Linux

Attackers Exploit Known Microsoft Exchange Server Flaws to Hijack Emails

Cybercriminals are using the known ProxyLogon and ProxyShell vulnerabilities to hijack email threads in malware attacks.

Microsoft Exchange, Proxyshell

Attackers Using Suite of Tools to Exploit ManageEngine Flaw

An APT group is using a suite of tools, including KdcSponge, Godzilla, and NGLite, to exploit a known ManageEngine flaw and move laterally.

CISA

Decipher Podcast: Source Code 11/19

This week's Source Code podcast by Decipher takes a look behind the scenes at top news with input from our sources.

Podcast

Banks Face 36-Hour Security Incident Reporting Deadline

A new Federal Deposit Insurance Corporation (FDIC) rule requires banks to notify federal regulators of security incidents within 36 hours.

Financial Regulation, Financial Institutions, Financial Data Security

APT Group Exploiting Zero Day in FatPipe Software

The FBI is warning about an APT actor that is exploiting a zero day flaw in the FatPipe software on several products, including MPVPN, WARP, and IPVPN.

APT

New Ransomware Group Retools Attacks On the Fly

A recently uncovered attack by a new ransomware group shows how cybercriminals will switch up their tactics on a whim.

Ransomware

CISA Warns Iranian APT Targeting US Infrastructure

CISA warned that an unnamed APT group associated with the Iranian government i exploiting known Fortinet and the Exchange ProxyShell bug to gain access to target networks.

CISA, Iran

U.S. Government Details Federal Agency Incident Response Plans

The U.S. government has published new playbooks with the goal of standardizing and improving how federal agencies plan for vulnerability and incident response.

Government, Government Agencies, Government Security, Incident Response

Decipher Podcast: Nick Selby

Nick Selby joins Dennis Fisher to talk about his long and varied career in security, the challenges that law enforcement faces in investigating cybercrime, and what the future may hold for enterprise security teams.

Podcast

Emotet Returns After Law Enforcement Disruption

Almost a year after law enforcement disrupted its infrastructure, the Emotet malware has returned.

Emotet, Malware