Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2376 articles:

Google Exposes Heliconia Exploit Framework Targeting Chrome, Firefox, Windows

Google's Threat Analysis Group has exposed a new exploit framework called Heliconia that may have been used to exploit zero days in Chrome, Firefox, and Windows.

Google, Spyware

New Chinese Cyberespionage Campaign Targets Asia, US

A newly discovered cyber espionage campaign from a Chinese threat actor is targeting Asian and US organizations with self-replicating malware called MISTCLOAK.

Malware

Google Patches Heap Overflow Zero Day in Chrome

Google has updated Chrome on the desktop and Android to address a zero day that is being exploited in the wild.

Google, Zero Day

Discontinued Web Server Poses IoT Security Risks

Researchers warn that the usage of the discontinued Boa web server is opening up SDKs and Internet of Things devices to attack.

Iot

Complex M&A Deals Pave Way For Security Gaps

The inherent complexity, speed and secrecy across the acquisitions process makes this landscape particularly lucrative for threat actors.

M&a

Q&A: Dan Lorenc

Dan Lorenc discusses the rise of software supply chain security threats, the value of accurate asset inventory, and how companies are addressing these challenges.

Supply Chain Security

Threat Actors Find Success in Callback Phishing Attacks

Researchers warn that a stealthy callback phishing attack has been targeting the legal and retail sectors with the end goal of stealing data for extortion.

Phishing

Hive Ransomware Attacks Target FortiOS, Microsoft Exchange Flaws

The Hive ransomware has victimized 1,300 companies globally as of November, in particular targeting healthcare sector organizations, according to U.S. federal agencies in a new advisory.

Ransomware

Decipher Podcast: Source Code 11/18

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Podcast

LodaRAT Malware Evolves With New Functionalities

New variants of the RAT reveal added functionalities and deployment alongside other malware families.

Malware

Code Execution Flaws Found in F5 BIG-IP Appliances

Rapid7 researchers discovered two code execution flaws in several versions of the F5 BIG-IP appliances.

F5

Emotet Malware Returns in High-Volume Email Campaign

Hundreds of thousands of email distributing Emotet reveal significant changes to the malware's tactics and payloads.

Emotet

Decipher Podcast: Dan Lorenc

Dan Lorenc, CEO and founder of Chainguard, joins Dennis Fisher to talk about supply chain security, asset inventory, Sigstore, and the challenges of helping developers write more secure code.

Podcast, Supply Chain Security

U.S. DoD Struggles With Cyber Incident Reporting Gaps

A watchdog report highlighted weaknesses in the Department of Defense's cyber incident reporting procedures, particularly for the critical defense industrial base sector.

Government Agencies

Resilience Seen as a Key to Critical Infrastructure Security

Attackers are focusing their attention on critical infrastructure operators, and building resilience into those networks is a key to defending them, experts say.

Government, Critical Infrastructure