Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2376 articles:

Microsoft Confirms Hack by Lapsus$ Group

Microsoft has confirmed that the Lapsus$ group gained "limited" access after the group leaked Bing, Bing Maps and Cortana source code.

Source Code, Microsoft

Okta Says Small Percentage of Customers Affected by Breach

The Lapsus$ hacking and extortion group claims to have had access to internal Okta systems since January, but the company said it looked into the incident at a third party and it was contained.

Okta, Data Breaches

FBI: AvosLocker Ransomware Hitting U.S. Critical Infrastructure

The AvosLocker ransomware-as-a-service is spread via ProxyShell exploits and spam email messages, and in some cases attackers threaten DDoS attacks during negotiations.

Ransomware, Fbi

Google Details New ‘Exotic Lily’ Initial Access Group

A new initial access broker known as Exotic Lily has used exploits for zero days and sells network access to cybercrime teams such as FIN12 for ransomware deployment.

Google, Malware

Container Escape Flaw Fixed in CRI-O Runtime Engine

A critical container escape flaw in the CRI-O Kubernetes runtime engine has been patched.

Kubernetes

CafePress Faces Fine Over Data Breach Cover Up

The American online retailer will be required to pay half a million dollars and improve its security practices by implementing MFA and encrypting sensitive data.

Data Breaches, FTC

OpenSSL Fixes High-Severity Bug

OpenSSL has fixed a high-risk denial-of-service vulnerability in several versions of the software.

Openssl

Mobile Zero-Day, Phishing Attacks on the Rise

A recent report found that phishing attacks and zero-day exploits that target mobile devices have crept up over the past year.

Mobile, Phishing

Qakbot Email Thread Hijacking Attacks Drop Multiple Payloads

Researchers have observed attackers leveraging email thread hijacking tactics to spread the Qakbot malware, which in turn deploys multiple payloads.

Malware, Email

Decipher Podcast: Source Code 3/11

This week's Source Code podcast by Decipher takes a look behind the scenes at top news with input from our sources.

Source Code, Podcast

NetWalker Ransomware Suspect Sent to U.S.

A Canadian man who U.S. authorities allege is part of the NetWalker ransomware operation has been extradited to the U.S.

Ransomware

Online Contact Forms Used in BazarLoader Attacks

Threat actors are attempting to gain the trust of victims by pretending to be a potential customer and filling out an online contact form before launching the BazarLoader attack.

Malware, Email

Alleged REvil Operator Extradited to U.S.

A Ukrainian man charged with using the REvil ransomware in the attack on Kaseya last summer has been extradited to the U.S. and arraigned in Texas.

Ransomware

SEC Proposes Four-Day Security Incident Reporting Mandate

Beyond the SEC, lawmakers and federal agencies at a broader level are examining cyberattack reporting deadlines.

Cyberattack, Federal Cybersecurity

FBI Warns of Ragnar Locker Attacks on Critical Infrastructure

The FBI says that the Ragnar Locker ransomware group has compromised more than 50 critical infrastructure organizations in the U.S.

Ransomware