Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2349 articles:

In Wake of SolarWinds Breach, the Challenge of Building Secure Software Remains

SolarWinds is testing a system of parallel build servers to help prevent a future supply chain attack on its infrastructure.

Solarwinds, Software Security

Deciphering Dark Web: Cicada 3301

Zoe Lindsey, Pete Baker, and Dennis Fisher dive deep into the dark web (or whatever Hollywood thinks it is) to decipher the jumbled plot and wild philosophy of Dark Web: Cicada 3301, which is a movie that definitely exists.

Podcast, Hacker Movies

OpenSSL Fixes Flaw in Certificate Checks

OpenSSL has patched a bug that could have allowed a certificate that was not issued by a valid CA to slip into the certificate chain.

Openssl

Q&A: Andrew Morris

Removing the background noise from the Internet can give security analysts the context necessary to find the attacks that matter, says GreyNoise founder Andrew Morris.

Network Security

ProxyLogon Bug Still Haunting Thousands of Exchange Servers

There are still nearly 30,000 Exchange servers vulnerable to the ProxyLogon bug, with ransomware attacks and public exploits circulating.

Microsoft

Exploits Target F5 BIG-IP Flaw

Full chain exploits are in use against a critical flaw (CVE-2021-22986) in the F5 BIG-IP system.

F5

Requiring a VDP for Suppliers Won’t Fix Supply Chain Security

Extending the requirement for vulnerability disclosure policies from federal agencies to their suppliers is not a quick fix for supply chain security issues.

Solarwinds, Government

SolarWinds Attackers Accessed Mimecast Source Code

The attackers behind the SolarWinds breach also gained access to and downloaded some Mimecast source code repositories.

Solarwinds, Email

Decipher Podcast: Andrew Morris

Andrew Morris, founder of GreyNoise, joins Dennis Fisher to talk about the unique origins of the company and the security case for removing all of the background noise from the Internet to find what really matters.

Podcast

Microsoft Releases One-Click Mitigation for Exchange Flaw

Microsoft has published a new tool that installs a mitigation for the CVE-2021-26855 Exchange ProxyLogon flaw.

Microsoft

Number of Exchange Servers Vulnerable to ProxyLogon Declines

The number of Exchange servers vulnerable to the ProxyLogon flaws is continuing to drop, but there are still more than 60,000 online.

Microsoft

DearCry Ransomware Hitting Exchange Servers

Attackers are installing the DearCry ransomware on some vulnerable Exchange servers.

Ransomware, Microsoft

Decipher Podcast: Joe Slowik

Joe Slowik, senior security researcher at Domaintools, joins Dennis Fisher to discuss the Exchange vulnerabilities, the exploitation activity timeline, and the question of attribution.

Podcast

Four Critical Flaws Hit F5 BIG-IP Boxes

F5 has patched four critical flaws in its BIG-IP appliances, all of which can lead to remote code execution.

F5, Networking

ThreatFox Aims to Simplify IOC Sharing

The new ThreatFox platform from Abuse.ch is designed to allow researchers to share IOCs freely and easily without the need to register or subscribe to a feed.

Threat Intelligence