Security news that informs and inspires

All Articles

2201 articles:

Four Threat Groups Targeted Zimbra Collaboration Flaw

Google's Threat Analysis Group has identified four separate campaigns targeting the Zimbra Collaboration vulnerability (CVE-2023-37580) in recent months.

Zimbra, Google

Memory Safe: Merritt Baer

Merritt Baer, field CISO at Lacework and former member of the AWS office of the CISO, joins Lindsey O'Donnel-Welch in this week's Memory Safe episode to discuss her career arc, finding a true seat at the table as a security executive, and security as a business enabler.

Podcast, CISO

EU Parliament Committee Rejects Mass Scanning of Encrypted Messages

A key European Union Parliament committee has rejected proposed language that would allow for mass scanning of encrypted messages.

Encryption, Government

Microsoft Patches Three Zero Days in November Update

Microsoft released patches for 57 vulnerabilities in November's Patch Tuesday update, including three flaws that have been actively exploited.

Microsoft

Decipher Podcast: Source Code 11/9

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code

Lace Tempest Seen Exploiting SysAid Zero Day

A path traversal zero day (CVE-2023-47246) in the SysAid on-premises product is under active attack by the ace Tempest threat group.

Vulnerability, Ransomware

CISOs, Developers and the Software Supply Chain Security Disconnect

A new report revealed discrepancies in how CISOs and developers view their roles and responsibilities around software supply chain security.

Supply Chain Security

Decipher Podcast: Kymberlee Price

Kymberlee Price, co-founder of Zatik, joins Dennis Fisher to talk about her experience running security response programs at Microsoft, BlackBerry, and other companies, and how the changing security landscape helped lead her to start her own company.

Podcast

New Gootloader Malware Variant Harder to Detect, Block

Researchers with IBM X-Force recently observed the new Gootloader variant being used for lateral movement, marking a significant change in the malware’s post-infection tactics.

Malware, Detection and Response, MDR

Exploit Attempts, Ransomware Target Critical Confluence Flaw

Attackers are targeting the critical Atlassian Confluence flaw (CVE-2023-22518) with active exploit attempts, including some trying to deploy ransomware.

Atlassian

Decipher Podcast: Source Code 11/3

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code

Threat Actors Target Apache ActiveMQ Flaw

Apache disclosed this flaw and released patches for it on Oct. 25, and proof-of-concept exploit code is also available for the bug.

Apache

Atlassian CISO Warns of Critical Confluence Flaw

Further details for the vulnerability were not specified, but the bug is rated 9.1 out of 10 on the CVSS v3 scale, and Atlassian is underscoring its potential impact for customers.

Vulnerability

Memory Safe: Michelle Finneran Dennedy

In the premier episode of Memory Safe, our new podcast and video series, Dennis Fisher talks with Michelle Finneran Dennedy, founder and CEO of Privacy Code, former CPO of Sun Microsystems and Cisco, and all around great person, about her early interest in technology, the influence of her father on her career, and why she's still doing security after all this time.

Video, Podcast

White House AI Executive Order Puts Focus on Cybersecurity

Federal agencies are being ordered to take a closer look at how AI could potentially impact areas like vulnerability discovery capabilities or critical infrastructure cyberattacks.

AI