Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2349 articles:

White House Advisory Group: Water Sector Needs Cybersecurity National Standard

The White House advisory group acknowledged that water providers face various cybersecurity workforce and budgetary issues.

White House, Critical Infrastructure

Researchers Detail New Backdoors Used in Barracuda ESG Attacks

Mandiant researchers said that a “limited number” of previously impacted victims remain at risk.

Barracuda, Backdoors

Attackers Target Juniper SRX and EX Flaws

Adversaries are targeting flaws in Juniper's EX and SRX series devices that can be chained together to gain remote code execution.

Juniper

Decipher Podcast: Danny Rogers and Rocky Cole

iVerify CEO Danny Rogers and COO Rocky Cole join Dennis Fisher to discuss the spinout of the iVerify mobile security tool as a standalone company, the scourge of mercenary spyware, and how enterprises can protect their users.

Podcast

Federal VDP Program Shows Early Success

The federal government's vulnerability disclosure policy platform has taken in more than 1,300 unique valid bug reports in its first 18 months.

Government, Vulnerabilities

China-Based APT Flies Under Radar in Espionage Attacks

While the APT has targeted dozens of organizations in Taiwan, researchers with Microsoft warn that its tactics could easily be used in campaigns in other areas.

APT

Proposed Bill Would Mandate Federal Contractor VDPs

The newly proposed Federal Cybersecurity Vulnerability Reduction Act mandate vulnerability disclosure policies for contractors.

Bug Bounty

Decipher Podcast: Source Code 8/25

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

Exploit Code Published for Ivanti Sentry Flaw

Researchers have published working exploit code for the Ivanti Sentry CVE-2023-38035 flaw.

Ivanti

Researchers Uncover New Lazarus Group Malware Details

The group reused its infrastructure in attacks against internet infrastructure and healthcare organizations in the U.S. and UK, allowing researchers to unearth details about its newest malware tools.

Lazarus Group

Ivanti Warns of Actively Exploited Flaw in Sentry

Ivanti on Tuesday said it “has been informed that CVE-2023-38035 was exploited after exploiting CVE-2023-35078 and CVE-2023-35081.”

Ivanti

Serious RCE Bug Fixed in WinRAR

The makers of WinRAR have released a new version that fixes a serious remote code execution flaw (CVE-2023-4407) in the compression utility.

Patch

Decipher Podcast: Greg Notch

At Black Hat USA, Greg Notch, CISO at Expel, talked about his previous experiences as the former NHL CISO and how to effectively communicate security risk at the board level.

Podcast

XLoader MacOS Malware Variant Resurfaces

A new version of the macOS XLoader malware has been observed.

Macos

Cuba Ransomware Attacks Reveal TTP Modifications

Researchers said they observed new tactics being used by the well-known ransomware group in attacks against a critical infrastructure entity in the U.S. and an IT integrator in Latin America.

Ransomware