SEARCH
All Articles
Decipher Podcast: Source Code 4/19
Welcome back to the Source Code podcast, Decipher’s weekly news wrap podcast with input from our sources.
OpenMetadata Bugs Enable Kubernetes Cryptomining Attacks
Threat actors have been exploiting known vulnerabilities in open-source platform OpenMetadata in order to access Kubernetes workloads and use them for cryptomining.
Phishing Attack Targets LastPass Users’ Master Passwords
In order to convince LastPass users to hand over their passwords, attackers used a mix of phone calls, phishing emails and a phishing page under the domain “help-lastpass[.]com,” which has since been taken down.
UK Police Take Down LabHost Phishing Service
Europol and a collection of UK law enforcement agencies have disrupted the LabHost phishing platform, which targeted victims globally.
Decipher Podcast: Cody Stokes
Cody Stokes, a security leader at Procellis Technology, joins Dennis Fisher to talk about his time in the Marine Corps, the challenges of breaking into the cybersecurity field, and the fulfillment he gets from helping to protect users.
Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas
Recent activity by the well-known Sandworm group - which researchers with Mandiant have started calling APT44 - relies on a mix of espionage efforts and hacktivist personas.
UnitedHealth Took $872M Hit From Change Cyberattack
UnitedHealth Group reports that the Change Healthcare ransomware attack has had an $872 million financial hit on its business, so far.
Critical Crypto Bug Fixed in PuTTY
Many versions of the PuTTY client have a weakness that can generate biased ECDSA nonces and enable an attacker to eventually recover private encryption keys.
CISA Warns of Sisense Breach
CISA is warning of a customer data breach at Sisense, a provider of business data analytics platforms, but the details of the incident are scarce still.
Palo Alto Networks Discloses Critical PAN-OS Zero Day
The flaw is being exploited in the wild, and no patches will be available until Sunday.
CISA Emergency Directive Orders Mitigations After Microsoft Breach
The U.S. government has made public an emergency directive that it issued last week for federal agencies, ordering them to take various mitigation measures after Microsoft's compromise last year.
Microsoft Patch Tuesday Update Fixes Actively Exploited Flaws
Microsoft has issued over 147 patches in its largest patch Tuesday release since 2017, including fixes for two actively exploited vulnerabilities.
Memory Safe: Sherrod DeGrippo
In this week’s Memory Safe episode, Sherrod DeGrippo of Microsoft talks about her first experiences with hacker culture, why a Stanley Kubrik movie shows a glimpse of what AI is, and how she makes sure that “threat intelligence hits the right note.”
SAP Fixes Three High-Severity Flaws
The most severe flaw stems from password requirements not being checked in some features of SAP’s NetWeaver Java User Management Engine.
Hospital IT Help Desks Hit With Social Engineering Attacks
The U.S. Department of Health and Human Services is warning of "sophisticated" social engineering attacks on hospital IT help desks that aim to gain access to employees' email accounts.