Security news that informs and inspires

All Articles

2376 articles:

U.S. Gov Offers $10M Bounty for DarkSide Ransomware Leaders

The U.S. government is upping its efforts to track down members of the DarkSide cybercrime group, which was behind the May ransomware attack on the Colonial Pipeline.

Cybercrime, Ransomware

Vulnerable Microsoft Exchange Servers Hit With Babuk Ransomware

An emerging threat called Tortilla has been exploiting vulnerabilities in Microsoft (MS) Exchange servers hit with Babuk ransomware.

Ransomware, Microsoft Exchange, Microsoft

Decipher Podcast: Source Code 11/5

Welcome to Source Code: Decipher’s new behind the scenes look at the weekly news with input from our sources. Topping the headlines this week are two key cybersecurity-related moves by the U.S. government. These include the government blocking exports to NSO Group, Positive Technologies and other companies, and creating a catalog of known, actively exploited vulnerabilities that federal agencies must address. In other news, researchers have uncovered a threat group targeting vulnerable Microsoft Exchange servers with ransomware. A new report also shed light on various network access brokers selling credentials that they claimed belonged to logistics companies.

Podcast

BlackMatter Ransomware Group Claim It’s Shutting Down

The BlackMatter ransomware group says it is closing up shop after pressure from authorities and the disappearance of some members.

Ransomware

CISA Orders Federal Agencies to Patch Hundreds of Known Flaws

Under a new binding operational directive (BOD), CISA has developed a catalog of known, exploited vulnerabilities that federal agencies must address.

Government Agencies, CISA, Vulnerabilities, Vulnerability Management

U.S. Blocks Exports to NSO Group, Other Firms Over National Security Concerns

The Commerce Department added NSO Group, Candiru, Positive Technologies, and COSEINC to its Entity List, restricting exports of software and hardware to them.

Government, Spyware

Cybercriminals Target Transport and Logistics Industry

Cybercriminals claim they have access to various shipping and logistics company networks, causing what researchers say could be a “precarious situation” for the struggling supply chain sector.

Supply Chain, Cybercrime

Firefox 94 Adds Site Isolation to Mitigate Side-Channel Attacks

Mozilla has added site isolation to Firefox 94 to defend against side-channel attacks such as Spectre and Meltdown.

Firefox

Google Fixes Two Chrome Zero-Day Flaws

The two zero-day flaws were part of eight vulnerabilities patched this week in Google Chrome.

Google Chrome, Chrome Security, Zero Day

International Task Force Disrupts European Ransomware Operation

A task force of European and U.S. agencies arrested 12 suspects in Switzerland and Ukraine as part of an action against a ransomware operation.

Ransomware

Apple Fixes Slew of Bugs in iOS, macOS

Apple has fixed more than 20 vulnerabilities in iOS 15.1 and macOS Monterey 12.01.

Apple

FTC Beefs Up Security Mandates For Financial Sector

The FTC has made changes to the Safeguards Rule aimed at securing consumer data in the financial industry.

FTC, Financial Services, Finance Security

Lazarus APT Uses Updated Malware in Potential Supply Chain Attacks

The Lazarus group has been recently observed “building supply-chain attack capabilities” by targeting a legitimate South Korean security software and an IT asset monitoring solution vendor.

Supply Chain, Lazarus, Apt

Emerging Loader Delivered Via Hijacked Email Threads

Researchers shed light on a malware loader that's been spotted consistently being spread via email spam messages over the past month.

Email, Malware, Spammers

Nation-State Attackers Sharpen Focus on Governments, NGOs

New data from Microsoft shows that Nobelium, Thallium, and other nation-state attack groups are increasingly focusing on government agencies and NGOs.

Microsoft, Malware