Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2376 articles:

CISOs, Board Members and the Search for Cybersecurity Common Ground

Boards of directors are on track to better understand cybersecurity and its impact on their companies - and interactions with CISOs play a key role in that evolution.

CISO

Decipher Podcast: Martin Roesch Returns

Martin Roesch, CEO of Netography, joins Dennis Fisher to talk about the evolution of network security, protecting hybrid computing environments, and where that Snort pig couch came from.

Podcast

‘Milestone’ Ursnif Variant Sheds Banking Trojan Features

Ursnif's newest variant, LDR4, has been reconstructed from a banking trojan into a generic backdoor.

Malware

Security Remains a ‘Living, Breathing Task’ Long After Incidents

A panel of CISOs from companies like SolarWinds and Kaseya discussed their efforts to rebuild company culture with security in mind on the heels of massive security incidents at their organizations.

CISO, Ciso Concerns

With Attacks Underway, Fortinet Urges Customers to Patch CVE-2022-40684

Fortinet said many of its customers still have not updated to fix CVE-2022-40684, which has been under active attack for two weeks.

Fortinet, Greynoise

Critical-Severity Flaw in Apache Commons Text Library Fixed

Details about the severity and scope of the vulnerability are still emerging, including the detection of any examples of real-world applications using vulnerable configurations of the impacted library.

Apache

Prestige Ransomware Hits Targets in Ukraine and Poland

A new ransomware called Prestige has hit organizations in Poland and Ukraine using a variety of deployment methods.

Russia, Ukraine

Black Basta Uses Qakbot, Brute Ratel in Ransomware Attacks

Researchers said the attack kill chain is the first time they observed Brute Ratel being used as a second-stage payload via a Qakbot infection.

Ransomware

Attackers Exploiting Critical Fortinet Authentication Bypass

Mass exploitation of a new Fortinet authentication bypass flaw (CVE-2022-40684) is ongoing and proof of concept exploits are available.

Vulnerability, Fortinet

Decipher Podcast: Source Code 10/14

Welcome back to Source Code, Decipher’s weekly news wrap podcast.

Source Code, Podcast

Budworm Threat Group Attacks Reveal ‘Change in Focus’

The Budworm espionage group leveraged the Log4j flaw to target a number of high-value organizations worldwide, including an unnamed U.S.-based state legislature.

Log4j

Google Rolls Out Support for Passkeys in Android and Chrome

Google is rolling out support for passkeys in Android and Chrome in a significant step toward passwordless authentication.

Passwords, Google

New Alchimist C2 Framework Emerges

Researchers at Cisco Talos have uncovered a new all-in-one C2 framework called Alchimist that has implants called Insekt for Windows and Linux.

Malware

Decipher Podcast: David Agranovich

David Agranovich, director of threat disruption with Meta, discusses how threat groups are evolving their targeting of social media platforms in malware and espionage campaigns.

Facebook, Podcast

Microsoft Fixes Actively Exploited Windows Privilege-Escalation Bug

Meanwhile, two exploited Exchange flaws that publicly emerged two weeks ago were not addressed in Microsoft’s update.

Microsoft, Patch Tuesday