Security news that informs and inspires

All Articles

2376 articles:

GitLab Patches Critical Account Takeover Flaw

The critical flaw (CVE-2022-1680) can allow for account takeover in impacted installations that have not been upgraded.

Gitlab

Zero Day in Atlassian Confluence Under Attack

A newly disclosed zero day in some versions of Atlassian Confluence and Data Center is under attack and being used to install webshells on target servers.

Atlassian

Evil Corp Affiliates Deploy LockBit Ransomware to Sidestep Sanctions

A threat cluster with significant overlap to the Evil Corp cybercriminal gang has started deploying the LockBit ransomware in an effort to evade U.S. sanctions.

Ransomware, Lockbit

CISA Warns of Karakurt Extortion Group

The Karakurt data extortion group is stealing sensitive information from enterprises and holding it for ransom, CISA warns.

Ransomware, CISA

Enterprise Ransomware Attacks Are Getting Faster

The average ransomware attack duration - from the initial access to the deployment of the ransomware payload at scale - was under four days in 2021.

Ransomware

Attackers Continue to Target Critical WSO2 Flaw

Weeks after the disclosure of the vulnerability (CVE-2022-29464) in WSO2 products, attackers are leveraging the flaw to install Linux-compatible Cobalt Strike beacons, cryptocurrency miners and more.

Wso2, Vulnerability

Cheerscrypt Linux-Based Ransomware Targets VMware ESXi Servers

The new Linux-based ransomware is only the latest to target VMware ESXi servers.

Linux

Exploits Target Zero Day in Windows and Office

A zero day flaw (CVE-2022-30190) in Windows and Office is under active attack and MIcrosoft has not issued a patch yet.

Microsoft

Interpol Arrests Alleged Head of BEC Cybercrime Syndicate

Interpol and private-sector companies announced the arrest of the alleged leader of a well-known phishing and BEC group.

BEC

Ransomware Safe Havens, Reporting Inconsistencies Trouble Authorities

Despite the U.S. government adopting many recommendations by the Ransomware Task Force in combating ransomware, authorities still grapple with several challenges that enable the ransomware ecosystem to thrive.

Ransomware, Ransomware Task Force

Cisco Patches Serious Flaw in IOS

Cisco has patched a flaw in IOS XR that can allow an attacker to write arbitrary files to the Redis instance.

Vulnerability

Decipher Podcast: Source Code 5/20

Welcome back to Source Code, Decipher’s weekly news wrap podcast.

Source Code

DoJ Will Not Prosecute Good-Faith Hackers Under CFAA

The Department of Justice's new policy changes further narrow the scope of the Computer Fraud and Abuse Act, which has long been criticized for being too vague.

CFAA

QNAP Warns of Deadbolt Ransomware Targeting NAS Devices

QNAP is urging customers to remove NAS devices from the Internet amid a new wave of Deadbolt ransomware intrusions.

Ransomware

CISA: Federal Agencies Must Fix VMware Bugs Within Five Days

CISA is mandating federal agencies to apply updates that fix several serious VMware bugs.

Vmware, CISA