Security news that informs and inspires

All Articles

2376 articles:

Lazarus Group Affiliate Uses Trojanized Open Source Apps in New Campaigns

Zinc, a Lazarus group offshoot, is using trojanized versions of open source apps such as KiTTY and PuTTY in a new phishing campaign.

North Korea, Microsoft

New Chaos Malware Targets Windows and Linux Devices

A new piece of malware known as Chaos that is built for Windows and Linux systems is infecting home routers, enterprise servers, and other devices and launching DDoS attacks.

Malware, Botnet, China

Phishing Attack Targets Microsoft Flaw to Deliver Cobalt Strike

The attack was first discovered in August after victims received phishing emails containing malicious document attachments.

Phishing

Node.js Update Fixes High Severity Flaws

An update for the Node.js framework includes fixes for DNS rebinding and HTTP smuggling vulnerabilities.

Vulnerabilities, Javascript

Watchdog Report Highlights Nuclear Agency’s Security Shortcomings

The Government Accountability Office criticized the National Nuclear Security Administration's mixed risk management practices around operational technology devices and its lax oversight of subcontractor cybersecurity practices.

Government, Government Agencies

CISA: Critical Zoho ManageEngine Flaw Actively Exploited

The critical-severity unauthenticated remote code execution flaw is now being actively exploited, according to CISA.

Exploit, Vulnerability

Decipher Podcast: Source Code 9/23

Welcome to Source Code: Decipher's behind-the-scenes look at the weekly news with input from our sources.

Source Code, Podcast

The NSA is Here to Help

The NSA's new Cybersecurity Collaboration Center is the centerpiece of an effort to provide more information and context for private sector defenders.

NSA

New Metador APT Discovered Targeting ISPs, Telcos

Researchers have discovered a new APT actor called Metador that has been targeting ISPs, telcos, and universities in the Middle East and Africa.

Apt

Attackers Deploying Noberus Ransomware Update Tactics

The Noberus ransomware (also known as BlackCat and ALPHV) has received a major update, and affiliates deploying it have also evolved their tactics.

Ransomware

Government Makes Headway in Executing Cybersecurity Commission’s Recommendations

A new report by the CSC 2.0 pointed to both progress and "unfinished business" in the government's implementation of its recommendations for bolstering its cybersecurity strategy.

Government

Decipher Podcast: Asheer Malhotra and Guilherme Venere

Dennis Fisher talks with Asheer Malhotra and Guilherme Venere of Cisco Talos about the group's new research on the Gamaredon APT group, which has been targeting Ukrainian organizations in a new campaign.

Podcast

Siemens Fixes Numerous Flaws in Wide Range of ICS Products

Siemens has patched dozens of vulnerabilities in several of its ICS products, including Parasolid, RuggedCom ROS, and Simcenter Femap.

ICS, Siemens

Decipher Podcast: Hack-a-Sat 2022

Mark Werremeyer and Bryce Kerley join Dennis Fisher to talk about this year's Hack-a-Sat capture the flag competition, how the challenges have evolved since last year, and how the competition helps players build their hacking skills.

Podcast

Decipher Podcast: Source Code 9/16

Welcome back to Source Code, Decipher's weekly security news podcast.

Source Code, Podcast