Security news that informs and inspires

All Articles

2376 articles:

Ransomware Group Targeted Dragos in Unsuccessful Extortion Attempt

A known ransomware group was able to access limited information resources, which it then attempted to use in an unsuccessful extortion attempt against the company.

Critical Infrastructure Security, Critical Infrastructure, Operational Technology

FBI Disrupts Turla Espionage Malware Network

While Operation Medusa disrupts long standing espionage efforts by Turla, security researchers say that its effects will only be temporary.

Malware

GitHub Enables Push Protection to Prevent Secret Leaks

GitHub has released a new push protection feature to prevent developers from accidentally including secrets in commits.

Github

Intel BootGuard, Firmware Signing Keys Found in MSI Data Leak

Researchers have discovered the firmware signing keys and Intel BootGuard keys for several manufacturers in data dumped by attackers who breached Taiwanese hardware maker MSI.

Data Breach

Microsoft Fixes Windows Bug, Secure Boot Bypass Under Active Attack

Microsoft has patched two flaws (CVE-2023-29336 and CVE-2023-24932) that have been actively exploited.

Microsoft, UEFI

Decipher Podcast: Lucia Milica

Lucia Milica, global resident CISO at Proofpoint, discusses the top takeaways from the 2023 Voice of the CISO report.

Podcast, CISO, Ciso Concerns

Decipher Podcast: Source Code 5/5

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

Ransomware Task Force: Data Sharing Needed to ‘Build a Clear Picture’

The ransomware task force said in their latest progress report that private sector organizations, governments and cryptocurrency entities need to work together more in swapping information about cyber incidents.

Ransomware, Ransomware Task Force

Threat Actors Add Complexity to DLL Sideloading Attacks

A recent APT campaign shows how threat actors are adding complexity to the decade-old attack.

Cyberattack, Malware

New EARN IT Act Has Old Issues

The newest version of the EARNT IT Act still has language that would force platform providers to weaken or abandon encrypted services.

Privacy, Government

NodeStealer Malware Targets Gmail, Outlook, Facebook Credentials

The new malware was found stealing saved usernames and passwords in browsers in order to compromise business Gmail, Outlook and Facebook accounts.

Meta, Facebook, Outlook, Malware

Decipher Podcast: Dawn Cappelli

Decipher talks to Dawn Cappelli, director of OT-CERT at Dragos, about the challenges of securing operational technology, particularly for organizations with limited budget and resources.

Podcast, Critical Infrastructure Security, Critical Infrastructure

Iranian Threat Groups Spread Cyberattack Fears Through Influence Operations

Iranian threat groups are launching cyberattacks - or in some cases saying they are - and then sowing fear around the hacks through online influence operations.

Iran, Apt

Apple, Google Develop Specification to Address Unwanted Bluetooth Tracking

Apple and Google have submitted a draft IETF specification to alert users when they are being tracked by Bluetooth accessories such as AirTags.

Privacy, Apple, Google

Google Enables Passkeys for Account Login

Google is enabling passkeys as a login method for all accounts as part of its effort to move users away from passwords to more secure authentication methods.

Google, Passwords