Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2349 articles:

LastPass Attacker Compromised Employee’s Personal Machine

An attacker who stole corporate and customer data from LastPass in 2022 gained initial access by compromising an engineer's personal computer.

Lastpass, Data Breach

CISA Director: ‘Strong Security Has to Be a Standard Feature’

CISA Director Jen Easterly called on technology companies to focus on building products more securely and to stop shifting the burden for safety to customers.

Government, SBOM, Software Security

Possible New Lazarus Group Backdoor Found

A new backdoor called WinorDLL that is potentially the work of the Lazarus Group has been found onn victim machines in several countries.

North Korea, Lazarus Group

New Attack Group Focuses on Asian Medical and Shipping Companies

A newly identified attack group known as Hydrochasma has targted medical and shipping companies in Asia with spear phishing campaigns that use freely available tools.

Phishing

Fortinet Fixes Critical Flaw in FortiNAC

Fortinet has patched a critical remote code execution bug in its FortiNAC product.

Fortinet

Critical RCE Bug Fixed in ClamAV

A critical remote code execution vulnerability has been fixed in the ClamAV anti-malware engine.

Vulnerability

Q&A: J Wolfgang Goerlich

J Wolfgang Goerlich, Advisory CISO for Cisco Security, talks about why relationships are so important for CISOs when interacting with organizational leadership teams.

CISO Q&a

ESXiArgs Ransomware Infections Spike

A new spike in ESXiArgs ransomware infections has emerged in the last couple of days, targeting servers in the UK and Europe.

Vmware, Ransomware

Microsoft Patches Three Actively Exploited Bugs

In its February patch release, Microsoft fixed three vulnerabilities in Windows that have been actively exploited.

Microsoft

CISA Warns of Ongoing Ransomware Attacks by North Korean Actors

CISA, the FBI, and NSA are warning about ongoing ransomware attacks by North Korean groups that target government agencies and defense companies.

North Korea, Ransomware

‘We Are at the Time’s Up Phase for Industrial Security’

New data from Dragos shows that ransomware attacks against ICS systems are increasing, and sophisticated malware designed for those environments is now a reality.

Ransomware, ICS

Attacker Accessed Some Reddit Code, Business Systems

A phishing attack allowed an attacker to steal a Reddit employee's credentials and gain access to some internal company systems last week.

2fa

U.S., U.K. Governments Sanction Alleged Members of Trickbot Malware Group

The U.S. and U.K. governments have sanctioned seven Russian men whom they allege are members of the Trickbot cybercrime group.

Ransomware, Russia

Fortra Patches Actively Exploited Zero Day in GoAnywhere MFT

Fortra has released version 7.12 of its GoAnywhere mFT file transfer tool to fix a zero day that has been under active attack.

Zero Day

OpenSSL Fixes Serious Issue That Could Lead to Memory Disclosure

New versions of OpenSSL fix several vulnerabilities, including one high-severity bug that could lead to memory disclosure.

Openssl