SEARCH
All Articles
Decipher Podcast: Dan Lorenc
Dan Lorenc, CEO and founder of Chainguard, joins Dennis Fisher to talk about supply chain security, asset inventory, Sigstore, and the challenges of helping developers write more secure code.
U.S. DoD Struggles With Cyber Incident Reporting Gaps
A watchdog report highlighted weaknesses in the Department of Defense's cyber incident reporting procedures, particularly for the critical defense industrial base sector.
Resilience Seen as a Key to Critical Infrastructure Security
Attackers are focusing their attention on critical infrastructure operators, and building resilience into those networks is a key to defending them, experts say.
Stealthy BatLoader Malware Seen in Dozens of Attacks
VMware researchers said the malware has appeared in at least 43 infections that have primarily targeted business services, financial services, manufacturing and education organizations.
U.S. Justice Department Charges LockBit Ransomware Suspect
A 33-year-old dual Russian and Canadian national was arrested this week for allegedly participating in LockBit ransomware attacks.
GitHub Launches Private Vulnerability Reporting
GitHub has launched a new feature that enables researchers to privately report vulnerabilities to repository maintainers.
Threat Actors Abuse InterPlanetary File System Protocol to Spread Malware
Threat actors leveraged an emerging distributed file storage protocol in attacks deploying a Python-based information stealer called Hannabi Grabber.
Citrix Warns of Critical Authentication Bypass Flaw in Gateway, ADC
Attackers have historically exploited vulnerabilities in Citrix Gateway and ADC in order to target organizations.
Lenovo Patches BIOS Flaws That Lead to Secure Boot Modification
Lenovo has patched three vulnerabilities in the BIOS in many of its laptops that could allow an attacker to modify the secure boot process.
Microsoft Fixes Six Actively Exploited Flaws
Microsoft did not give further details about the exploitation efforts against the flaws disclosed on Tuesday.
Apple Fixes Code Execution Flaw in Xcode
Apple has fixed four flaws in its Xcode IDE, including a remote code execution flaw in Git (CVE-2022-39260).
Microsoft: Nation-State Actors Zero in on Critical Infrastructure, Unpatched Flaws
Nation-state actors are targeting critical infrastructure, the IT supply chain and unpatched flaws in an effort to advance evolving strategic political objectives and to reach a wider set of targets.
UK-Based Threat Actors Impersonate Global Law Firms in BEC Attacks
Researchers have uncovered a new business email compromise group impersonating well-known law firms and attorneys to trick targets into paying fake invoices.
Decipher Podcast: Source Code 11/4
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
Threat Actors Pivot to Credential Theft in Government Mobile Phishing Attacks
A new Lookout report highlights a tangle of government mobile device security challenges, including the use of outdated or unmanaged devices, and a rise in phishing attacks targeting credentials.