Security news that informs and inspires

All Articles

2376 articles:

Security Industry Mulls Spyware ‘Whack-A-Mole’ Problem

As the commercial spyware market continues to grow, public and private sector organizations are considering all their options - from financial sanctions to a complete global moratorium.

Spyware

Capibar Malware Used in Turla Espionage Attacks

Researchers and Ukraine’s governmental computer emergency response team are publishing details on new Turla malware used in espionage attacks against the defense sector in Ukraine and Eastern Europe.

Turla, Ukraine

White House Unveils New Cyber Trust Mark for IoT Security

The new U.S. Cyber Trust Mark program is meant as a seal of approval for IoT device security and could drive more secure development practices.

Iot Security, Government

FIN8 Reworks Backdoor to Sidestep Detection

A financially motivated threat group is using a reworked version of its known backdoor to deploy the Noberus ransomware.

Fin8, Backdoors

Adobe Fixes Critical ColdFusion Flaw

Adobe has released a patch for a critical bug in ColdFusion (CVE-2023-38203) and warns that a proof-of-concept analysis is available for it.

Adobe

Workers Come and Go: Offboarding Security Gaps Remain the Same

Onboarding and offboarding are operationally complex, time-consuming processes - and security frequently falls between the cracks.

Human Resources, CISO

Decipher Podcast: Source Code 7/14

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Podcast, Source Code

Zimbra Warns of Zero Day in Collaboration Suite

The Zimbra Collaboration Suite version 8.8.15 has a cross-site scripting flaw that Google researchers say has been actively exploited.

Zimbra

White House Maps Out National Cybersecurity Strategy

The White House has dropped the long-awaited plan for executing its National Cybersecurity Strategy, which involves 65 initiatives and 18 government agencies.

Government, Critical Infrastructure

Rockwell Automation Warns of Critical Bug in ControlLogix Modules

Rockwell Automation discovered an exploit for its ControlLogix modules that was developed by an unnamed APT actor.

ICS

Microsoft: China-Based Hackers Accessed U.S. Government Emails

The threat group used forged authentication tokens - with an acquired Microsoft account consumer signing key - to access the email accounts of more than two dozen organizations.

Microsoft, Supply Chain

Decipher Podcast: Jackie Burns Koven

Jackie Burns Koven, head of cyber threat intelligence at Chainalysis, talks about cryptocurrency-related cybercrime.

Podcast, Cryptocurrency

Microsoft Warns of Unpatched Office Zero Day

The Microsoft zero-day flaw (CVE-2023-36884) is being leveraged by a Russian-based cybercriminal group in phishing emails sent to defense and government entities in Europe and North America.

Microsoft, Zero Day

RedDriver Abuses Windows Driver Policy Loophole

An undocumented malicious driver called RedDriver uses an open-source tool to forge signature timestamps, as a way to bypass Microsoft’s Windows driver signature enforcement policies.

Windows, Microsoft

Former Contractor Charged in California Water Treatment Plant Hack

A California man allegedly gained unauthorized access to a water treatment plant network, “causing a threat to public health and safety,” according to the DoJ.

Critical Infrastructure, Critical Infrastructure Security