Security news that informs and inspires

All Articles

2376 articles:

Attackers Use SEO Poisoning to Spread Malware, Steal Credentials

SEO-friendly websites promising Zoom or TeamViewer application installations are actually attacker-owned and deploy malware.

Malware, Credentials

Decipher Podcast: Source Code 2/4

Welcome back to Source Code, Decipher’s weekly news podcast with input from our sources.

Source Code, Podcast

DHS Launches Cyber Safety Review Board

The board, tasked with identifying and sharing lessons learned from “significant cybersecurity events," will first assess the Log4j logging library flaw.

DHS, Government Agencies, Government

Critical Samba Remote Code Execution Flaw Fixed

A Samba bug could allow remote attackers without authentication to execute arbitrary code as root on impacted systems.

Vulnerability, Samba

Alpha-Omega Project Aims to Secure Open Source Ecosystem

The new Alpha-Omega Project from the Open Source Security Foundation will offer technical and financial assistance to open source maintainers to help them find and fix security flaws.

Log4j, Heartbleed, Opensource

The Hunt For a Federal Data Privacy Law

Privacy experts pinpoint the challenges and complexities behind a federal data privacy law.

Data Privacy, Federal Cybersecurity, Federal

Decipher Podcast: Source Code 1/28

Welcome back to Source Code, Decipher’s weekly news podcast with input from our sources.

Podcast, Source Code

Decipher Podcast: Jon Callas

Jon Callas, director of technology projects with EFF, talks about invasive data tracking and surveillance during the pandemic.

Podcast, Privacy

BotenaGo Malware Source Code Uploaded to GitHub

The source code's release on GitHub can potentially mean future attacks on IoT devices and routers, warn researchers.

Iot Security, Source Code, Malware

‘Every Intrusion Attempt Has a Story to Tell’

Developing good communication and storytelling skills can be a vital career step for cyber threat intelligence professionals.

Threat Intelligence

Serious Privilege Escalation Flaw in Linux Component Patched

A local privilege escalation bug in the Polkit Linux component could allow an attacker to gain root privileges with a simple exploit.

Linux

White House Orders Federal Agencies to Adopt Zero-Trust Strategy

The White House has outlined a number of cybersecurity measures that federal agencies must adopt - as part of an overall zero-trust strategy - though it acknowledges that the transition "will not be a quick or easy task."

Government Agencies, Zero Trust

Q&A: Timo Steffens

Timo Steffens, private security researcher and author of Attribution of Advanced Persistent Threats, discusses some of the top roadblocks that researchers face during attribution.

Q&a, Malware, Cyberattack

LockBit Ransomware Variant Targets VMware ESXi Servers

Researchers found an announcement on an underground forum for LockBit Linux-ESXi Locker version 1.0 in October.

Ransomware, Linux, Vmware

Remote Code Execution Bugs Fixed in PrinterLogic Platform

Three remote code execution bugs in the PrinterLogic platform have been patched. The bugs could allow an attacker to run arbitrary code on any connected endpoint.

Vulnerability