SEARCH
All Articles
Decipher Podcast: Dan Lorenc Returns
Dan Lorenc, co-founder and CEO of Chainguard, joins Dennis Fisher to dig into the recent XZ Utils backdoor incident, the implications for the open source ecosystem, and what can be done to avoid similar incidents in the future. Then they discuss the problems facing NIST's National Vulnerability Database and the CVE ecosystem.
Carefully Crafted Campaign Led to XZ Utils Backdoor
The person or people that implanted malicious code into XZ Utils put time and effort into building trust in the open source software ecosystem.
CISA Releases Cyber Incident Reporting Rule Draft
CISA has laid out the proposed details of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).
Decipher Podcast: Source Code 3/29
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
Red Hat, CISA Warn of XZ Utils Backdoor
The malicious code (which is being tracked as CVE-2024-3094) is embedded in XZ Utils versions 5.6.0 and 5.6.1, and may allow unauthorized access to impacted systems.
U.S. Offers Reward For BlackCat Ransomware Group Intel
The U.S. government is looking for more information about the individuals affiliated with the BlackCat ransomware group, which was behind the Change Healthcare attack.
Organizations Grapple With Identity Pain Points
Cisco's 2024 Cybersecurity Readiness Index showed that 36 percent of respondents ranked identity protection as a major challenge.
The Unique AI Cybersecurity Challenges in the Financial Sector
A new report by the Treasury Department looks at both the challenges and the opportunities when it comes to AI and cybersecurity in the financial sector.
Google: Zero-Day Attacks Surged in 2023
Google reported that 97 flaws were exploited in the wild in 2023, up 50 percent from the number of zero-day attacks recorded in 2022.
Decipher Podcast: Jack Cable
Jack Cable, senior technical advisor at the Cybersecurity and Infrastructure Security Agency (CISA), talks about his past experiences with bug bounty programs, CISA’s Secure By Design initiative and its efforts to help secure the open-source software ecosystem.
Critical Fortinet Flaw Now Actively Exploited
Fortinet earlier this month disclosed and issued a patch for the flaw (CVE-2023-48788), which exists in FortiClientEMS, its central management solution for endpoints.
APT29 Phishing Attack Targets German Political Parties
Researchers observed APT29 using phishing emails in order to target German political parties with a new backdoor variant in late February.
U.S. Sanctions, Indicts Alleged Members of Chinese APT31
The U.S. has announced sanctions against a Chinese state-backed company and two individuals, as well as indictments against seven people alleged to part of China's APT31 threat group.
Q&A: Karen Habercoss
Karen Habercoss, chief privacy officer with UChicago Medicine, talks to Decipher about the unique data privacy and security challenges that the healthcare sector faces, and how organizations in this industry are approaching areas like AI and identity management.
Ransomware, Backdoors Deployed in JetBrains Flaw Attacks
Researchers released further details about exploitation campaigns targeting the critical-severity JetBrains flaw.