Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2349 articles:

Russia Arrests Alleged REvil Ransomware Members at U.S. Urging

The Russian FSB has arrested 14 alleged members of the REvil ransomware group after U.S. officials urged the country to move against the group.

Ransomware, Governance

Tech Leaders, Federal Officials Seek a Way Forward for Open Source Security

White House officials and leaders from Apple, Google, GitHub, and other companies met to discuss ways to improve the security of open source projects critical to national security.

Open Source, Log4j

US Cyber Command Discloses MuddyWater Malware Samples

The U.S. government gave details on 17 MuddyWater samples and linked the threat group to the Iranian intelligence service.

APT, Iran, Malware

Attackers Deploy Multiple RATs in Phishing Campaign

The Nanocore RAT, Netwire RAT and AsyncRAT are being spread through a phishing email that contains a downloader with multiple layers of obfuscation.

Remote Access Trojan, Phishing

APT35 Executes PowerShell-Based Malware in Log4j Flaw Attacks

The Iran-linked threat actor is exploiting the infamous Log4j bug in order to execute a new PowerShell data exfiltration toolkit.

Apt35, Log4j, Malware

China-Based Actors Using Log4Shell Bug for Ransomware Deployment

Threat actors known as DEV-0401 based in China are exploiting the Log4Shell vulnerability to deploy the NightSky ransomware.

Log4j

Q&A: Crane Hassold

Crane Hassold, with Abnormal Security, recently joined Lindsey O’Donnell-Welch on the Decipher podcast to talk about why business email compromise attacks are still a top financially damaging threat today.

Business Email Compromise, Email, Q&a

Microsoft Details Previously Fixed MacOS Flaw

Apple fixed the macOS vulnerability in a December security update.

Apple, Microsoft, Macos, Macos Security

Decipher Podcast: Crane Hassold

In a podcast discussion with Lindsey O'Donnell-Welch, Crane Hassold with Abnormal Security discusses how business email compromise attackers are getting savvier and best practices to defend against BEC attacks.

Podcast, Business Email Compromise

Researchers Find Log4Shell Type Flaw in H2 Database Console

Researchers have found a Log4Shell-like flaw in the H2 database console, which allows remote code execution.

Log4j

Attacks Target Log4j Bug in VMware Horizon

An unknown threat group is exploiting the Log4j vulnerability in VMware Horizon servers to install webshells for further malicious activity.

Log4j, Vmware

CISA: Federal Agencies Taking Steps to Address Log4j Flaw

CISA said that thousands of internet-connected assets have been mitigated by federal agencies under its Emergency Directive that addressed the Log4j flaw.

CISA, Government Agencies, Log4j

Meta Lawsuit Cracks Down on Facebook Phishing Scams

A new lawsuit from Meta seeks to uncover the operators behind 39,000 phishing sites that have attempted to steal Facebook, Instagram and WhatsApp users' credentials.

Facebook, Phishing

Decipher Podcast: 2021 Year in Review

Lindsey O'Donnell-Welch and Dennis Fisher look back on a wild year in cybersecurity and discuss the ongoing ransomware problem, the increase in zero days used in the wild, our favorite stories and podcasts of the year, and more.

Podcast

AvosLocker Ransomware Attacks Spike

The emergence of AvosLocker is part of an overarching shift in the RaaS ecosystem over the latter half of 2021.

Ransomware