Security news that informs and inspires

All Articles

2376 articles:

Snowflake: Customer Accounts Targeted in ‘Identity-Based Attacks’

Ticketmaster and others companies are reportedly wrapped up in a series of attacks that target accounts without MFA.

Identity

Operation Endgame Targets Trickbot, IcedID, Other Botnets in Huge Disruption

Europol and other agencies disrupted several major malware families, including IcedID, Bymblebess, Trickbot, and Smokeloader in an action dubbed Operation Endgame.

Malware, Trickbot

Wyden: SEC, FTC Should Investigate UnitedHealth’s ‘Negligent’ Security Practices

The senator called for investigations into “negligent cybersecurity practices” by UnitedHealth Group after a ransomware attack on its subsidiary Change Healthcare.

Ransomware

U.S. Sanctions Three Chinese Nationals for Alleged Connection to 911 S5 Botnet

The Office of Foreign Asset Control has sanctioned three Chinese citizens for their alleged operation of the 911 S5 botnet.

China, Government

Check Point Releases Fix For Zero-Day VPN Flaw

The flaw (CVE-2024-24919) could enable attackers to read certain information on Gateways if they are connected to the Internet and enabled with Remote Access VPN or Mobile Access.

Exploit

Decipher Podcast: Sarah Powazek

Sarah Powazek, the Program Director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity, joins Dennis Fisher to talk about her work in setting up Cybersecurity Clinics at high education institutions around the country to help bring knowledge and skills to underserved organizations.

Podcast

North Korean Threat Actor Deploys New, Custom Ransomware

A new North Korean threat group called Moonstone Sleet relies on trojanized, legitimate software, deploys custom ransomware and creates fake companies to further trick victims in its campaigns.

Ransomware, North Korea

Google Fixes Another Chrome Zero Day

Google has patched yet another Chrome zero day, this one a type confusion flaw in V8 (CVE-2024-5274).

Google

Backdoor Found in Courtroom Recording Software Installer

Researchers are warning of an apparent supply chain attack via a specific version of JAVS Viewer, audio-visual recording software used for courtrooms.

Supply Chain

Privacy, Security Concerns Mount Over Microsoft Recall Feature

Privacy experts are criticizing a new Microsoft screenshot feature called Recall on its recently announced Copilot Plus PCs.

Privacy

Intercontinental Exchange Faces $10M Penalty Over Delayed Disclosure

The SEC has hit the owner of the New York Stock Exchange with a $10 million penalty, saying its subsidiaries failed to notify the commission in a timely manner of a cyber intrusion discovered in 2021.

SEC

Decipher Podcast: Caitlin Condon on the Attack Intelligence Report

Caitlin Condon of Rapid7 joins Dennis Fisher to dive into the juicy tidbits from the Rapid7 Attack iNtelligence Report, including the rise in attacks on zero days, ransomware proliferation, and why network edge devices remain a major problem.

Podcast

Decipher Podcast: Chris Langford

Chris Langford, Director of Network, Infrastructure, and Cyber Security at the Lewisville Independent School District, talks about how having experience in the classroom has helped him from a cybersecurity perspective, and how we can best educate the next generation of students on cybersecurity best practices.

Podcast

Kimsuky APT Using Newly Discovered Gomir Linux Backdoor

The North Korean Kimsuky APT group has been using a new Linux backdoor called Gomir in attacks on South Korean targets.

North Korea

AI Security ‘Is a Software Problem’

Securing AI systems and LLMs seems like a daunting task, but experts say the same principles that apply to software security can be used to build safe AI systems.

AI, RSA Conference