Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2376 articles:

Long Before Colonial Pipeline, Red Flags Foreshadowed Hack

“There’s a lack of imagination or… anticipation about the next move that hackers will make," warned investigative journalist Kim Zetter during Black Hat this week.

Colonial Pipeline, Black Hat

Krebs: ‘We’ve Over-Fetishized the APT Threat’

Former CISA director Chris Krebs said at Black Hat that the community may have focused too much on APT groups in recent years.

Black Hat, Government

After Log4j, Efforts to ‘Uplift’ Open Source Ecosystem Continue

At Black Hat USA this week, Cyber Safety Review Board members tasked with looking at key lessons learned from Log4j talked about continued security issues facing the open source community.

Log4j

Microsoft Fixes Known, Exploited Flaw in Windows Diagnostic Tool

The flaw was first reported to Microsoft in 2019, but at the time it said it did not consider the issue to be a vulnerability.

Microsoft, Windows

Exploit Available for Critical VMware Bug CVE-2022-31656

A researchers has released a proof-of-concept exploit for CVE-2022-31656, a critical authentication bypass in VMware ONE Access.

Vmware

How Three Ransomware Groups Targeted One Vulnerable Network

Researchers warn of an uptick in multiple ransomware groups targeting the same vulnerable networks, as seen in a recent attack that involved Hive, LockBit and BlackCat/ALPHV affiliates.

Ransomware

Treasury Department Sanctions Tornado Cash Crypto Mixer

Tornado Cash is the second virtual currency mixer in three months to be sanctioned by the U.S. Treasury Department.

Lazarus, Cryptocurrency

Decipher Podcast: Megan Stifel

Megan Stifel, the chief strategy officer at the Institute for Security and Technology and co-chair of the Ransomware Task Force, talks about ransomware mitigation measures for organizations at a global scale and for small and medium-sized businesses.

Podcast, Ransomware

Twilio Customer, Employee Accounts Compromised In Text Phishing Attack

Attackers compromised some customer and employee accounts at Twilio through a text-based phishing campaign.

Phishing, 2fa

Linux Botnet Targets Weak SSH Server Credentials

A new botnet targets weak SSH server credentials, but its limited DDoS capabilities and "curious changes" leave researchers questioning its motivations.

Botnet, Mirai

Slack Reset Some Users’ Passwords Due to Bug in Invite Links

Slack has automatically reset the passwords of a small number of users after discovering a bug in invitation links that sent hashed passwords to other users.

Slack

Decipher Podcast: Source Code 8/5

Welcome back to Source Code, Decipher's weekly security news podcast with input from our sources.

Podcast, Source Code

Meta: Bitter APT Espionage Attack Leveraged Apple’s TestFlight Service

Meta said it took down the accounts linked to the APT attacks, blocked their domain infrastructure from being shared on its services and notified victims.

Apt

F5 Patches Serious Flaws in BIG-IP

F5 has patched more than 20 vulnerabilities in BIG-IP, including one that an attacker could use to take complete control of a target appliance.

F5

NVIDIA Fixes High-Severity Flaws in Graphics Drivers For Windows, Linux

The flaws could lead to denial-of-service attacks, information disclosure, privilege escalation, and in some cases, code execution.

Nvidia, Vulnerability