SEARCH
All Articles
The Creeping Threat of Security Debt
A new study shows that more than 70 percent of organizations have applications with vulnerabilities that are more than a year old, and nearly 50 percent have critical bugs that old.
U.S. Organizations Targeted in Bumblebee Malware Campaign
The campaign uses a slightly modified attack chain for Bumblebee and marks the return of the malware after a four-month absence from the threat landscape.
QNAP Fixes Pair of Command Injection Flaws
QNAP has patched two command injection flaws in several versions of its QTS and QuTS hero firmware.
Decipher Podcast: Mick Baccio
Mick Baccio, global security advisor at SURGe with Splunk, talks about how his perspectives on cybersecurity have changed over time - from first reading Neuromancer at age nine, to acting as the White House threat intelligence branch chief across multiple administrations.
Ivanti Discloses New Flaw in Policy Secure, Connect Secure VPN
A new vulnerability has been disclosed in certain versions of Ivanti’s Connect Secure VPN and Ivanti Policy Secure appliances.
Fortinet Warns of Zero Day in FortiOS
Fortinet is urging customers to patch an actively exploited flaw (CVE-2024-21762) in many versions of its FortiOS software.
Q&A: Gary McGraw
Software security pioneer and AI expert Gary McGraw talks to Dennis Fisher about the risks of black box LLMs in AI and the need for regulation.
Ransomware Payments Hit $1.1B Record in 2023
With ransomware payments hitting an all-time high in 2023, CISOs “need to concentrate on making their organizations a hard target.”
Experts Urge Tighter Focus on Critical Infrastructure Security
ICS and operational technology experts told Congress Tuesday that adversaries' focus on critical infrastructure attacks requires a better focus on the security of these networks by defenders and regulators.
Decipher Podcast: Gary McGraw on AI Security
Software security and AI security expert Gary McGraw joins Dennis Fisher to discuss the findings of a new AI architectural risk analysis research paper that his Berryville Institute of Machine Learning did on LLMs, the risks of black box models, and what kind of regulation would be most effective at reducing those risks.
U.S. Cracks Down on Spyware With Visa Restriction Policy
The U.S. will impose visa restrictions on individuals that use or financially benefit from commercial spyware in a "novel and creative measure."
Decipher Podcast: Source Code 2/2
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
CISA: Federal Agencies Must Disconnect Vulnerable Ivanti Appliances
Federal agencies must disconnect Ivanti Connect Secure and Policy Secure appliances - which have actively exploited vulnerabilities in them - from agency networks within the next 48 hours.
Executives Navigate Operational Technology Security Challenges
While boards of directors and C-Suite executives are better understanding the value of operational technology security, challenges remain in the complexity of these systems and potential impact should threat actors attack them.
Ivanti Rolls Out Patches For Exploited Connect Secure Flaws
Ivanti has rolled out its first round of patches for two existing - and two newly discovered - vulnerabilities in its Ivanti Connect Secure VPN and Ivanti Policy Secure appliances.