Security news that informs and inspires

All Articles

2376 articles:

The Long Tail of the SolarWinds Breach

Completely recovering from the effects of the breach of SolarWinds could take months for some customers.

Solarwinds

Broad Cyber Espionage Campaign Follows Supply Chain Attack on SolarWinds

Attackers planted a compromised update for the SolarWinds Orion platform, leading to a cyber espionage campaign that hit many companies and government agencies.

Malware, Government

Facebook Disrupts Activity by APT32

Facebook has disrupted attacks on its platform it attributes to APT32, a group based in Vietnam.

Facebook, Apt

Decipher Podcast: Haroon Meer

Haroon Meer, founder of Thinkst, joins Dennis Fisher to talk about why a lot of security products don't work, the challenges of running a security company from South Africa, and doing well by doing good.

Podcast

Congress About to Pass Security-Heavy Defense Bill

The House of Representatives overwhelmingly passed the National Defense Authorization Act and the Senate is expected to vote on the defense appropriations bill this week.

Government

Microsoft Teams Flaw Allowed Easy Remote Code Execution

A flaw in Microsoft Teams allowed remote code execution by sending one message to a victim.

Microsoft

NSA Warns Russian Attackers Are Exploiting VMware Flaw

The NSA warned that Russian state attackers are targeting a recent VMware vulnerability, which NSA discovered and disclosed.

Vmware, Vulnerability

Decipher Podcast: Ryan Noon and Abhishek Agrawal

Ryan Noon and Abhishek Agrawal, founders of Material Security, join Dennis Fisher to talk about fixing the email security problem and approaching security challenges with diverse mindsets.

Podcast

New TrickBot Module Targets UEFI Firmware

The TrickBot trojan now includes a capability to scan for vulnerable UEFI firmware implementations and could soon exploit them.

Trickbot

Software Supply Chain Woes Afflict DockerHub, Too

Threat analysis firm Prevasio scanned the entire DockerHub and found that 51 percent of all container images had at least one critical vulnerability and 13 percent had at least one high-severity vulnerability. Researchers also identified 6,433 images that were malicious or potentially harmful.

Containers, Docker

The Painful Calculus of Ransomware Payments

Ransomware gangs have added data theft to their tactics, bringing another variable into the pay or don't pay equation.

Ransomware

Home Depot Settles With States Over 2014 Data Breach

The home improvement giant reached a $17.5 million settlement with 46 states and Washington, DC to resolve the investigation into the data breach that compromised the payment information of 40 million customers who used self-checkout terminals at its stores in the United States and Canada.

Data Breaches

New Signed Version of Old Bandook Malware Emerges

New variants of the Bandook malware that are digitally signed have been used in a recent wave of attacks on organizations in many industries.

Malware

Interpol Arrests Three in BEC Scam

The Nigeria Police Force, in partnership with Interpol and Group-IB, has arrested three men suspected of being part of a cybercriminal gang that specialized in business-email-compromise scams.

Phishing

VMware Warns of Critical Zero Day in Workspace One

A critical command injection vulnerability (CVE-2020-4006) with no fix available has been discovered in VMware Workspace One.

Vmware