Security news that informs and inspires

All Articles

2376 articles:

Decipher Podcast: Danny Rogers and Rocky Cole

iVerify CEO Danny Rogers and COO Rocky Cole join Dennis Fisher to discuss the spinout of the iVerify mobile security tool as a standalone company, the scourge of mercenary spyware, and how enterprises can protect their users.

Podcast

Federal VDP Program Shows Early Success

The federal government's vulnerability disclosure policy platform has taken in more than 1,300 unique valid bug reports in its first 18 months.

Government, Vulnerabilities

China-Based APT Flies Under Radar in Espionage Attacks

While the APT has targeted dozens of organizations in Taiwan, researchers with Microsoft warn that its tactics could easily be used in campaigns in other areas.

Apt

Proposed Bill Would Mandate Federal Contractor VDPs

The newly proposed Federal Cybersecurity Vulnerability Reduction Act mandate vulnerability disclosure policies for contractors.

Bug Bounty

Decipher Podcast: Source Code 8/25

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

Exploit Code Published for Ivanti Sentry Flaw

Researchers have published working exploit code for the Ivanti Sentry CVE-2023-38035 flaw.

Ivanti

Researchers Uncover New Lazarus Group Malware Details

The group reused its infrastructure in attacks against internet infrastructure and healthcare organizations in the U.S. and UK, allowing researchers to unearth details about its newest malware tools.

Lazarus Group

Ivanti Warns of Actively Exploited Flaw in Sentry

Ivanti on Tuesday said it “has been informed that CVE-2023-38035 was exploited after exploiting CVE-2023-35078 and CVE-2023-35081.”

Ivanti

Serious RCE Bug Fixed in WinRAR

The makers of WinRAR have released a new version that fixes a serious remote code execution flaw (CVE-2023-4407) in the compression utility.

Patch

Decipher Podcast: Greg Notch

At Black Hat USA, Greg Notch, CISO at Expel, talked about his previous experiences as the former NHL CISO and how to effectively communicate security risk at the board level.

Podcast

XLoader MacOS Malware Variant Resurfaces

A new version of the macOS XLoader malware has been observed.

Macos

Cuba Ransomware Attacks Reveal TTP Modifications

Researchers said they observed new tactics being used by the well-known ransomware group in attacks against a critical infrastructure entity in the U.S. and an IT integrator in Latin America.

Ransomware

Threat Actors Exploit Known Citrix ShareFile Flaw

The ShareFile flaw could allow unauthenticated attackers to remotely compromise the customer-managed ShareFile storage zone controller.

Citrix

Phishing Campaign Targets Zimbra Users

A newly identified phishing campaign is targeting Zimbra Collaboration users around the world.

Zimbra

Ivanti Fixes Flaws in Enterprise Mobile Device Management Software

One of the more serious flaws in Ivanti's enterprise mobile device management platform could allow unauthenticated, remote attackers to execute code.

Vulnerability, Ivanti