Security news that informs and inspires

All Articles

2376 articles:

House Bill Would Ban States From Weakening Encryption

The ENCRPYT Act reintroduced in the House of Representatives last week would prevent states from passing laws to weaken or ban encryption.

Government, Encryption

U.S. Seizes Domains Used in Nobelium Phishing Campaign

The Department of Justice seized two domains used in the Nobelium spear-phishing campaign that impersonated the United States Agency for International Development.

Government, Russia

Nobelium Phishing Campaign Targets Government Agencies, NGOs

A phishing campaign by the Russian actor known as Nobelium impersonated the United States Agency for International Development while targeting government agencies and humanitarian groups.

Russia, Government

Chinese Cyber Espionage Actors Continue to Zero In on Pulse Secure Bugs

Two Chinese cyberespionage groups are targeting flaws in Pulse Secure VPN devices to compromise government and private networks in the U.S. and Europe.

China

Ingredient List Only Part of the Recipe to Fix Supply Chain Security

The requirement for vendors to provide a software bill of materials for the apps they sell to federal agencies will only address part of the supply chain risk, experts say.

Government, Software Security, Solarwinds

Apple Fixes MacOS Flaw Abused in XCSSET Malware Attacks

Researchers uncovered a flaw in macOS that could allow attackers to access permissions, like screen recording, on victim devices - without their approval.

Apple, Vulnerability, Malware, Zero Day

VMware Patches Critical Flaw in vCenter

VmWare has released updates for a critical flaw in several versions of its vCenter Server virtualization product that can be used for remote code execution.

Vmware

Cyber Insurance Industry Grapples With Evolving Security Risks

As demand for cyber insurance skyrockets, insurers are scrutinizing specific security risk factors more carefully when determining the cost and affordability of coverage.

Cybersecurity Insurance

DarkSide Affiliates Looking to Get Paid in Full

The shutdown of the DarkSide ransomware group has affiliates seeking resolution for unpaid ransom fees.

Ransomware

Decipher Podcast: Troy Hunt

Lindsey O'Donnell-Welch talks with Troy Hunt, founder of Have I Been Pwned, about the biggest challenges facing the security industry when it comes to credential stuffing and data breaches.

Podcast, Data Breaches

Phorpiex and the Versatility of Botnets

Decade-old botnets continue to adapt to the current threat landscape, as seen through the wide-ranging malicious activities of the resilient Phorpiex botnet.

Botnet, Phorpiex, Ransomware

Q&A: Kimberly Goody

Kimberly Goody of the FireEye cyber crime analysis team explains the ransomware-as-a-service model and the recent changes some groups have made to their operations.

Ransomware

Savvy Voice-Based Attacks Add Social Engineering Layer

Attackers are building innovative voice-based social engineering tactics into their malware and phishing campaigns.

Malware, Phishing, Social Engineering

Attackers Focused on SolarWinds Network as Early as January 2019

The APT29 attackers who targeted SolarWinds were doing reconnaissance on the company's network as early as January 2019.

Solarwinds

Decipher Podcast: Kimberly Goody

Dennis Fisher talks with Kimberly Goody from FireEye's cybercrime analysis team about the DarkSide ransomware operation, the emergence of the ransomware-as-a-service model, and what might be next for these groups.

Podcast, Ransomware