CISA hopes the new directive will improve and provide measurable processes for asset detection and vulnerability discovery across U.S. federal agencies.
The Bumblebee malware loader is delivering separate payloads for different machines and using new evasion techniques.
Researchers said the Lazarus Group attacks were the first recorded abuse of the known Dell driver flaw (CVE-2021-21551) in the wild.
Attackers are exploiting two new Microsoft Exchange zero days ( CVE-2022-41040 and CVE-2022-41082) in the wild. Microsoft is working on a patch.
Welcome back to Source Code, Decipher's weekly security news podcast.
The trojanized file was identified at organizations in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe, according to researchers.
Attackers used a unique tactic to install backdoors after compromising multiple organizations' VMware ESXi servers.
Zinc, a Lazarus group offshoot, is using trojanized versions of open source apps such as KiTTY and PuTTY in a new phishing campaign.
A new piece of malware known as Chaos that is built for Windows and Linux systems is infecting home routers, enterprise servers, and other devices and launching DDoS attacks.
The attack was first discovered in August after victims received phishing emails containing malicious document attachments.
An update for the Node.js framework includes fixes for DNS rebinding and HTTP smuggling vulnerabilities.
The Government Accountability Office criticized the National Nuclear Security Administration's mixed risk management practices around operational technology devices and its lax oversight of subcontractor cybersecurity practices.
The critical-severity unauthenticated remote code execution flaw is now being actively exploited, according to CISA.
Welcome to Source Code: Decipher's behind-the-scenes look at the weekly news with input from our sources.
The NSA's new Cybersecurity Collaboration Center is the centerpiece of an effort to provide more information and context for private sector defenders.