Security news that informs and inspires

All Articles

2376 articles:

Cisco Releases Update for IOS XE Flaws

Cisco has released an update for two zero days in IOS XE that attackers have been exploiting in the wild.

Patch, Cisco

Okta: Stolen Credential Led to Support System Breach

Okta customer BeyondTrust said that it first detected the attack and notified Okta on Oct. 2, though Okta did not confirm an internal breach until Oct. 19.

Okta

U.S., European Authorities Disrupt Ragnar Locker Ransomware Operation

Law enforcement agencies from Europe and the U.S. seized the infrastructure and arrested alleged members of the Ragnar Locker ransomware gang this week.

Ransomware

More Companies Adopt Board-Level Cybersecurity Committees

The hope is that these types of committees will tighten collaboration between boards and CISOs and lead to more support and resources for organizations’ cybersecurity strategies.

CISO

TeamCity Flaw Exploited By North Korean Nation-State Actors

Microsoft warned that these attacks are “particularly high risk” for impacted organizations.

North Korea, Microsoft

State Actors Targeting WinRAR Flaw in Multiple Campaigns

APT groups from Russia and China are targeting CVE-2023-38831 in WinRAR in multiple campaigns, deploying custom and commodity malware.

Russia, China

Threat Actors Exploit Citrix Netscaler ADC and Gateway Flaw

The flaw was disclosed last week, but researchers said that exploitation started in late August.

Citrix, Citrix Netscaler

CISA Pushes Organizations to Patch Known Confluence Bug

CISA and the FBI are urging network administrators to apply patches for the Atlassian Confluence bug (CVE-2023-22515) immediately.

Vulnerability

Threat Actors Deliver DarkGate Malware via Skype, Teams Chats

The global campaign, which occurred between July and September, mostly targeted organizations in the Americas region.

Microsoft, Microsoft Teams

Decipher Podcast: Dr. Christopher Mitchell

Dr. Christopher Mitchell, the CISO for the City of Houston, joins the Decipher podcast to discuss how he inspires his team and drives collaboration related to security within his organization.

CISO

Microsoft Patches Actively Exploited Flaws in WordPad, Skype For Business

The two important-severity flaws are publicly known and are part of Microsoft’s regularly scheduled Patch Tuesday releases, which overall included more than 100 fixes.

Microsoft

HTTP/2 Rapid Reset Flaw Affects All Major Web Servers

A new flaw in HTTP/2 known as Rapid Reset has enabled threat actors to launch massive DDoS attacks and is believed to affect all modern web servers.

Ddos

MGM Resorts Details Compromised Data, Financial Hit After Cyberattack

More details about the impacts of the cyberattack hitting MGM Resorts have been disclosed.

Cyberattack

Linux Distributions Impacted By High-Severity Glibc Bug

The high-severity flaw (CVE-2023-4911), which was introduced in glibc version 2.34, exists in glibc’s dynamic loader.

Linux

Clues Point to Ongoing Campaign From Qakbot Threat Actors

Researchers have discovered clues that may indicate that the Qakbot threat actors are still active.

Qakbot