Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2235 articles:

Enterprises Are Patching Faster, Reducing Vulnerability Debt

Enterprises are patching more high-risk vulnerabilities faster now than just a year ago, new data from Kenna Security shows.

Vulnerability Management

Iranian APT Group Phosphorus Targets Medical Researchers

The Phosphorus attack group, also known as Charming Kitten, recently targeted medical researchers in a new spear phishing campaign.

APT, Iran

Video Game Malware Raises Unforeseen Remote Work Threats

A new malware campaign that targets gamers with the promise of cheat codes could have repercussions for enterprise employees working remotely on personal machines.

Malware, Phishing

Cybercriminals Home in on Manufacturers

Weaknesses in operational technology systems are becoming prime targets for attackers, thanks to difficulties in patching complex systems.

ICS Security

Decipher Podcast: Lindsey O’Donnell-Welch

Decipher's new executive editor, Lindsey O'Donnell-Welch, joins Dennis Fisher to talk about getting into security journalism, the challenges of telling highly technical stories, and how it can help defenders do their jobs more efficiently.

Podcast

Malicious Code Added to PHP Source

An attacker pushed two malicious commits to the PHP source code Git server on Sunday, adding a backdoor, which was quickly removed.

PHP

In Wake of SolarWinds Breach, the Challenge of Building Secure Software Remains

SolarWinds is testing a system of parallel build servers to help prevent a future supply chain attack on its infrastructure.

Solarwinds, Software Security

Deciphering Dark Web: Cicada 3301

Zoe Lindsey, Pete Baker, and Dennis Fisher dive deep into the dark web (or whatever Hollywood thinks it is) to decipher the jumbled plot and wild philosophy of Dark Web: Cicada 3301, which is a movie that definitely exists.

Podcast, Hacker Movies

OpenSSL Fixes Flaw in Certificate Checks

OpenSSL has patched a bug that could have allowed a certificate that was not issued by a valid CA to slip into the certificate chain.

Openssl

Q&A: Andrew Morris

Removing the background noise from the Internet can give security analysts the context necessary to find the attacks that matter, says GreyNoise founder Andrew Morris.

Network Security

ProxyLogon Bug Still Haunting Thousands of Exchange Servers

There are still nearly 30,000 Exchange servers vulnerable to the ProxyLogon bug, with ransomware attacks and public exploits circulating.

Microsoft

Exploits Target F5 BIG-IP Flaw

Full chain exploits are in use against a critical flaw (CVE-2021-22986) in the F5 BIG-IP system.

F5

Requiring a VDP for Suppliers Won’t Fix Supply Chain Security

Extending the requirement for vulnerability disclosure policies from federal agencies to their suppliers is not a quick fix for supply chain security issues.

Solarwinds, Government

SolarWinds Attackers Accessed Mimecast Source Code

The attackers behind the SolarWinds breach also gained access to and downloaded some Mimecast source code repositories.

Solarwinds, Email

Decipher Podcast: Andrew Morris

Andrew Morris, founder of GreyNoise, joins Dennis Fisher to talk about the unique origins of the company and the security case for removing all of the background noise from the Internet to find what really matters.

Podcast