All Articles

Browse by Category:

Browse by Tag:

Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware

2376 articles:

Iranian APT Targets Email Credentials in Espionage Attacks

APT42 is creative in its social engineering efforts and steals credentials and MFA authentication codes in order to compromise targets and conduct espionage.

Apt

Q&A: Meg Gardiner

Meg Gardiner recently joined Dennis Fisher on the Decipher podcast to talk about the hacking and security aspects of her new novel, Heat 2.

Cybercrime, Books

CISA, FBI Warn of Vice Society Ransomware Attacks on Schools

The U.S. government security advisory comes the same week that the Los Angeles Unified School District, the second-largest U.S. school district, said it was hit by ransomware.

Ransomware, Vice Society

A Look Inside TA505’s ServHelper Malware Control Panel

The control panels show how TA505 is “highly proactive” in updating its malware and has the ability to run multiple malware campaigns at the same time.

Banking Malware

Google Fixes Zero Day in Chrome

Google has released an emergency update for Chrome to fix a vulnerability (CVE-2022-3075) that has been actively exploited.

Google

Decipher Podcast: Meg Gardiner on Heat 2

Dennis Fisher talks with Meg Gardiner, the coauthor of Heat 2, the bestselling sequel and prequel to Heat, the greatest crime movie ever made. They discuss the infosec and hacking subplot of the novel, where that idea came from, and how the research into the hacking scene worked.

Podcast

Decipher Podcast: Source Code 9/2

Welcome back to Source Code, Decipher’s weekly news podcast with input from our sources.

Source Code, Podcast

CISA Warns of Flaws in Contec Health Patient Monitoring Devices

CISA is warning customers about several locally exploitable flaws in Contec Health CMS8000 devices.

ICS

Microsoft Discloses Previously Fixed Azure Synapse Bug

Microsoft quietly fixed the elevation of privilege flaw in June.

Microsoft, Azure

Apple Fixes Zero Day in Older iOS Devices

Apple has released an update for older iOS devices and iPhones to address an actively exploited WebKit zero day (CVE-2022-32893).

Apple

Google Launches Bug Bounty Program For Open Source Projects

Google will reward the discoveries of flaws found in its open source software projects, such as Golang, Angular and Fuchsia.

Google, Bug Bounty

China-Based Group Uses ScanBox Framework in Espionage Attacks

The group activity has overlaps with APT40, which has continued its “operational tempo” despite a previous indictment by the U.S. Department of Justice in 2021.

Phishing

FTC Sues Data Broker For Selling Sensitive Location Data

The lawsuit against data broker Kochava is another step by the FTC to crack down on invasive data collection and sharing practices.

Data Privacy, FTC

Attacker Stole Portion of LastPass Source Code

An attacker was able to compromise a developer account and steal a portion of the LastPass source code recently, the company said. But no customer data was affected.

Passwords

Phishing Campaign Targets PyPI Project Maintainers

The PyPI maintainers say a new phishing campaign is targeting Python project maintainers and aiming to steal credentials and compromise projects.

Open Source Security, Pypi, Github