Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2349 articles:

FBI Says Lazarus Group Behind $100 Million Harmony Bridge Heist

The FBI says the North Korean threat actor Lazarus Group is responsible for the theft of $100 million in cryptocurrency from Harmony Horizon Bridge in June.

Cryptocurrency, Fbi, North Korea

OpenText Fixes RCE Flaws in Extended ECM

OpenText has fixed two remote code execution vulnerabilities in its Extended ECM content management server.

Vulnerability

Q&A: Rick Holland

Rick Holland, CISO at Digital Shadows, talks about the role of empathy in building out an organization’s security program.

CISO Q&a

Attackers Exploiting ManageEngine CVE-2022-47966 Flaw

Active exploitation of the CVE-2022-47966 ManageEngine flaw is underway.

Vulnerability, Exploit

U.S. Arrests Alleged Operator of Bitzlato Crypto Exchange

U.S. authorities have arrested Anatoly Legkodymov, the Russian alleged operator of the Bitzlato cryptocurrency exchange, which they say was a major hub for cybercriminal activity.

Cryptocurrency, Russia

LNK Files Link Bumblebee With Qakbot, IcedID Malware

By looking at metadata in LNK files in recent campaigns, Talos researchers have linked the Bumblebee malware with the Qakbot and IcedID malware groups.

Malware

CISA Warns of Serious Flaws in CONPROSYS HMI Software

A set of serious flaws in the Contec CONPROSYS HMI software that could allow remote code execution have been addressed in an update.

ICS

Bill Would Provide Funding for Security Research on Energy Infrastructure

A new bill would provide funding for security research at the university level into threats to the energy sector.

Critical Infrastructure, Government

Attacks Target Control Web Panel Flaw

Exploit attempts are ramping up against a flaw in Control Web Panel that allows unauthenticated remote code execution.

Linux

Decipher Podcast: Chris Eng on the State of Software Security

Chris Eng, chief research officer at Veracode, joins Dennis Fisher to discuss the company's new State of Software Security report, whether we're getting better at fixing bugs, and the fragility of open source projects an the software supply chain.

Podcast

MegaCortex Ransomware Decryptor Released

BitDefender has released a decryption tool for the MegaCortex ransomware variant.

Ransomware

Q&A: Sounil Yu

Sounil Yu, CISO at JupiterOne, talks about imposter syndrome and pinpointing gaps in organizations’ security programs.

CISO Q&a

CircleCI Warns Customers to Rotate Secrets After Security Incident

CircelCI said it is investigating a security incident and warned customers to rotate all of the secrets stored in the service.

Supply Chain Security

Fortinet Fixes Serious Flaw in FortiADC

Fortinet has patched a serious bug (CVE-2022-39947) in its FortiADC application delivery controllers.

Fortinet

Deciphering Home Alone

Kevin McCallister may not be a hacker or even own a computer (as far as we know), but no one embodies the hacker ethic better than he does, an eight-year-old boy left alone at Christmas who is forced to use his imagination and creativity to defend a prime target and lure his adversaries into his trap. This is Deciphering Home Alone.

Podcast, Hacker Movies