Security news that informs and inspires

All Articles

2376 articles:

Russian Threat Actor Leverages Microsoft Teams in Phishing Attacks

Researchers with Microsoft on Wednesday said that the threat actor has used a “highly targeted” social engineering attack to hit 40 global organizations.

Microsoft, Phishing

Russia-Linked Group Resurfaces With New Infrastructure

Researchers observed 94 new domains associated with a known Russia-linked espionage threat group.

Phishing

New Ivanti MobileIron Core Bug Emerges

Rapid7 researchers have found a new flaw (CVE-2023-35082) in Ivanti MobileIron Core 11.2 and earlier.

Ivanti

Ivanti Patches Second Zero Day in Mobile Management Software

The actively exploited flaw in Ivanti Endpoint Manager Mobile can be used in conjunction with another zero day addressed last week.

Zero Day, Flaw

Less Than Zero Day: What’s Causing the Drop in Usage of Unknown Bugs

The number of zero days detected in the wild in 2022 dropped 40 percent from the previous year, but researchers say that doesn't mean we're getting better at security.

Zero Days, Google

Decipher Podcast: Source Code 7/28

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

CISO Interview: Dave Lewis

In this CISO interview, Decipher talks to Dave Lewis, Global Advisory CISO at Cisco, about breaking barriers between CISOs and other players across the organization.

CISO Interview

SEC Rule Will ‘Change Playbook’ on Cyber Incident Management

New requirements approved by the SEC this week will impact how publicly traded companies disclose cyber incidents, data risk management and oversight by the board of directors of security policies.

Incident Response, Ciso Concerns

CISA: Valid Accounts and Phishing Still Effective for Initial Access

A new CISA analysis of risk and vulnerability assessments at government agencies shows that the use of valid credentials and spear phishing are still the most effective initial access vectors.

Government

New Tech Coalition Aims to Improve Network Resilience

A new coalition of tech companies, including AT&T, Cisco, Verizon, and VMware, is aiming to address the challenges to global network resilience.

Government, Critical Infrastructure

Apple Fixes Actively Exploited Kernel Flaw

The Apple kernel flaw is the third bug related to the Operation Triangulation campaign.

Iphone Security, Macos, Apple

North Korean Attackers Target Cryptocurrency Via JumpCloud Compromise

The North Korean threat actor is leveraging the supply-chain attack to target MacOS keychains and reconnaissance data.

Supply Chain Security

Atlassian Fixes Critical Confluence, Bamboo Bugs

Atlassian has patched three nigh-risk vulnerabilities, two in its Confluence products and one in its Bamboo products.

Atlassian

CISA Warns of Actively Exploited Citrix Flaw

Organizations are urged to apply patches for the flaw in Netscaler (formerly Citrix) ADC and Gateway products.

Citrix, Citrix Netscaler

Decipher Podcast: Source Code 7/21

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast