Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2349 articles:

Meta: Bitter APT Espionage Attack Leveraged Apple’s TestFlight Service

Meta said it took down the accounts linked to the APT attacks, blocked their domain infrastructure from being shared on its services and notified victims.

APT

F5 Patches Serious Flaws in BIG-IP

F5 has patched more than 20 vulnerabilities in BIG-IP, including one that an attacker could use to take complete control of a target appliance.

F5

NVIDIA Fixes High-Severity Flaws in Graphics Drivers For Windows, Linux

The flaws could lead to denial-of-service attacks, information disclosure, privilege escalation, and in some cases, code execution.

Nvidia, Vulnerability

VMware Warns of Critical Authentication Bypass Flaw

VMware said it has not observed exploitation of the vulnerability in the wild.

Vmware

Firefox 103 Fixes Serious Memory Safety Flaws

Firefox 103 fixes a number of security vulnerabilities, including several memory safety flaws.

Mozilla, Firefox

Manjusaka Attack Framework Primed For Cybercriminal Adoption

The attack framework's C2 is freely available and its implants contain various credential theft capabilities.

Cybercrime

Qakbot Attack Uses Email Threads Hijacked From ProxyLogon Compromises

The Qakbot emails show the long tail of exploitation efforts against the Microsoft ProxyLogon flaw.

Malware, Email

Decipher Podcast: Source Code 7/29

Welcome to Source Code: Decipher's behind-the-scenes look at the weekly news with input from our sources.

Source Code, Podcast

Samba Fixes Serious Password-Reset Flaws

Samba has fixed several bugs, including two serious password-reset flaws, one of which could allow a user to take complete control of the domain.

Samba

Atlassian Confluence Hardcoded Credentials Bug Actively Exploited

Researchers urged impacted organizations to “take steps immediately to mitigate the vulnerability" in Atlassian's Confluence Server and Data Center.

Atlassian

Decipher Podcast: Sean Zadig

Sean Zadig, CISO of Yahoo and head of the Paranoids, talks with Dennis Fisher about his start in the security field, protecting a massive user base, and thinking about security critically.

Podcast

North Korean Attackers Use Malicious Browser Extension to Steal Email

The Kimsuky threat group based in North Korea is using a malicious browser extension to steal email from active user sessions in Chrome and Edge.

North Korea

Experts Urge Congress to Pressure Commercial Spyware Vendors

Researchers from Google and Citizen Lab urged Congress to use intelligence agencies, diplomatic, and economic means to pressure commercial spyware vendors such as NSO Group.

Spyware, Government

Cyber Mercenary Leveraged Windows Zero Day in Subzero Malware Attack

Microsoft exposed an Austria-based private-sector offensive actor that has been observed both selling the Subzero malware to third parties, but also using its own infrastructure in some attacks.

Hack for Hire

U.S. Government Grapples With Cyber Incident Reporting Pain Points

The U.S. government wants cyber incident reporting to be more consistent, but it must work through several challenges, including the stigma around the repercussions of reporting.

Government Agencies