SEARCH
All Articles
U.S. Seizes Domains Used in Nobelium Phishing Campaign
The Department of Justice seized two domains used in the Nobelium spear-phishing campaign that impersonated the United States Agency for International Development.
Nobelium Phishing Campaign Targets Government Agencies, NGOs
A phishing campaign by the Russian actor known as Nobelium impersonated the United States Agency for International Development while targeting government agencies and humanitarian groups.
Chinese Cyber Espionage Actors Continue to Zero In on Pulse Secure Bugs
Two Chinese cyberespionage groups are targeting flaws in Pulse Secure VPN devices to compromise government and private networks in the U.S. and Europe.
Ingredient List Only Part of the Recipe to Fix Supply Chain Security
The requirement for vendors to provide a software bill of materials for the apps they sell to federal agencies will only address part of the supply chain risk, experts say.
Apple Fixes MacOS Flaw Abused in XCSSET Malware Attacks
Researchers uncovered a flaw in macOS that could allow attackers to access permissions, like screen recording, on victim devices - without their approval.
VMware Patches Critical Flaw in vCenter
VmWare has released updates for a critical flaw in several versions of its vCenter Server virtualization product that can be used for remote code execution.
Cyber Insurance Industry Grapples With Evolving Security Risks
As demand for cyber insurance skyrockets, insurers are scrutinizing specific security risk factors more carefully when determining the cost and affordability of coverage.
DarkSide Affiliates Looking to Get Paid in Full
The shutdown of the DarkSide ransomware group has affiliates seeking resolution for unpaid ransom fees.
Decipher Podcast: Troy Hunt
Lindsey O'Donnell-Welch talks with Troy Hunt, founder of Have I Been Pwned, about the biggest challenges facing the security industry when it comes to credential stuffing and data breaches.
Phorpiex and the Versatility of Botnets
Decade-old botnets continue to adapt to the current threat landscape, as seen through the wide-ranging malicious activities of the resilient Phorpiex botnet.
Q&A: Kimberly Goody
Kimberly Goody of the FireEye cyber crime analysis team explains the ransomware-as-a-service model and the recent changes some groups have made to their operations.
Savvy Voice-Based Attacks Add Social Engineering Layer
Attackers are building innovative voice-based social engineering tactics into their malware and phishing campaigns.
Attackers Focused on SolarWinds Network as Early as January 2019
The APT29 attackers who targeted SolarWinds were doing reconnaissance on the company's network as early as January 2019.
Decipher Podcast: Kimberly Goody
Dennis Fisher talks with Kimberly Goody from FireEye's cybercrime analysis team about the DarkSide ransomware operation, the emergence of the ransomware-as-a-service model, and what might be next for these groups.
SolarWinds: A Harbinger For a National Data Breach Reporting Law
The disclosure of the SolarWinds attack by FireEye is encouraging for the development of a national data breach reporting law, government and private-sector experts say.