Security news that informs and inspires

SEARCH

All Articles

Browse by Category:
Duo Labs Industry Events Industry News passwords Product & Engineering
Browse by Tag:
Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware
2349 articles:

Microsoft Warns of Unpatched Office Zero Day

The Microsoft zero-day flaw (CVE-2023-36884) is being leveraged by a Russian-based cybercriminal group in phishing emails sent to defense and government entities in Europe and North America.

Microsoft, Zero Day

RedDriver Abuses Windows Driver Policy Loophole

An undocumented malicious driver called RedDriver uses an open-source tool to forge signature timestamps, as a way to bypass Microsoft’s Windows driver signature enforcement policies.

Windows, Microsoft

Former Contractor Charged in California Water Treatment Plant Hack

A California man allegedly gained unauthorized access to a water treatment plant network, “causing a threat to public health and safety,” according to the DoJ.

Critical Infrastructure, Critical Infrastructure Security

Apple Releases Fix For Actively Exploited WebKit Bug

The update for the flaw (CVE-2023-37450) is available for iOS 16.5.1, macOS Ventura 13.4.1 and iPadOS 16.5.1.

Apple, Zero Day

Decipher Podcast: Source Code 7/7

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

Patches for Three New MOVEit Transfer Bugs Released

Progress Software has released a service pack that addresses three new vulnerabilities in its MOVEit Transfer application.

Moveit

CISA Warns of Spike in TrueBot Malware Attacks

CISA warned of an increase in TrueBot malware attacks that exploit a known remote code execution flaw in the Netwrix Auditor application.

Malware

Police Arrest OPERA1ER Cybercrime Group Suspect

Operation Nervone shows how international and private-public sector collaboration is essential in identifying and arresting cybercriminals.

Interpol, Cybercrime

StackRot Flaw Bug Fixed in Linux Kernel

A new bug in the Linux kernel (CVE-2023-3269) known as StackRot has been fixed in versions 6.1-6.4.

Linux

Iranian Charming Kitten Group Evolves Tools and Tactics

The Charming Kitten attack group is using new tools and tactics in recent operations, including a new macOS backdoor called NokNok.

Iran

Medtronic Fixes Critical Flaw in Cardiac Device Data System

The critical flaw is exploitable remotely and has a low attack complexity, warns CISA.

Medical Devices

New Variant of Rustbucket macOS Malware Found

A new, previously undetected, version of the Rustbucket macOS malware has been discovered in an intrusion by a known North Korean APT group.

North Korea, Cryptocurrency

Decipher Podcast: Source Code 6/30

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

OpenTitan Chips Are on the Horizon

The OpenTitan project, backed by Google, is nearing the release of its first secure root-of-trust chips.

Hardware, Google

CISA Sounds Alarm on Critical Infrastructure Devices Vulnerable to Ransomware

As part of its Ransomware Vulnerability Warning Pilot program, CISA has notified more than 100 organizations that they are running internet-exposed devices with flaws that are frequently targeted by ransomware actors, including 26 alerts related to the MOVEit Transfer flaw.

CISA, Ransomware