Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2349 articles:

Decipher Podcast: Source Code 9/9

Welcome back to Source Code, Decipher's weekly security news podcast.

Podcast, Source Code

Lazarus Group Exploited Log4j Flaw to Target Energy Firms

The North Korean state-sponsored group has been targeting VMware Horizon servers vulnerable to Log4j in order to infect energy firms with malware.

Lazarus

White House Plans ‘Further Action’ After Iranian Cyberattack on Albania

The White House and the Albanian government blamed Iranian government-supported actors for a July attack on Albania infrastructure, and said futrher action would be forthcoming.

Iran, Government

Iranian APT Targets Email Credentials in Espionage Attacks

APT42 is creative in its social engineering efforts and steals credentials and MFA authentication codes in order to compromise targets and conduct espionage.

APT

Q&A: Meg Gardiner

Meg Gardiner recently joined Dennis Fisher on the Decipher podcast to talk about the hacking and security aspects of her new novel, Heat 2.

Cybercrime, Books

CISA, FBI Warn of Vice Society Ransomware Attacks on Schools

The U.S. government security advisory comes the same week that the Los Angeles Unified School District, the second-largest U.S. school district, said it was hit by ransomware.

Ransomware, Vice Society

A Look Inside TA505’s ServHelper Malware Control Panel

The control panels show how TA505 is “highly proactive” in updating its malware and has the ability to run multiple malware campaigns at the same time.

Banking Malware

Google Fixes Zero Day in Chrome

Google has released an emergency update for Chrome to fix a vulnerability (CVE-2022-3075) that has been actively exploited.

Google

Decipher Podcast: Meg Gardiner on Heat 2

Dennis Fisher talks with Meg Gardiner, the coauthor of Heat 2, the bestselling sequel and prequel to Heat, the greatest crime movie ever made. They discuss the infosec and hacking subplot of the novel, where that idea came from, and how the research into the hacking scene worked.

Podcast

Decipher Podcast: Source Code 9/2

Welcome back to Source Code, Decipher’s weekly news podcast with input from our sources.

Source Code, Podcast

CISA Warns of Flaws in Contec Health Patient Monitoring Devices

CISA is warning customers about several locally exploitable flaws in Contec Health CMS8000 devices.

ICS

Microsoft Discloses Previously Fixed Azure Synapse Bug

Microsoft quietly fixed the elevation of privilege flaw in June.

Microsoft, Azure

Apple Fixes Zero Day in Older iOS Devices

Apple has released an update for older iOS devices and iPhones to address an actively exploited WebKit zero day (CVE-2022-32893).

Apple

Google Launches Bug Bounty Program For Open Source Projects

Google will reward the discoveries of flaws found in its open source software projects, such as Golang, Angular and Fuchsia.

Google, Bug Bounty

China-Based Group Uses ScanBox Framework in Espionage Attacks

The group activity has overlaps with APT40, which has continued its “operational tempo” despite a previous indictment by the U.S. Department of Justice in 2021.

Phishing