Security news that informs and inspires

All Articles

2164 articles:

CISA Details Cloud-Focused Attack Techniques Used by APT29

CISA and some its foreign partner agencies are warning that APT29 is using a variety of techniques to target cloud services and accounts.

Cloud, Russia

Nation-State Threat Actors Hit Change Healthcare

Change Healthcare on Monday continued to work through disruptions to its systems after an attack by nation-state threat actors.


Challenges Remain in Evaluating Ransomware Crackdowns

While law enforcement disruptions certainly have a positive impact, there are deep-rooted difficulties in measuring substantial long-term changes.


Decipher Podcast: Source Code 2/23

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code

Critical ScreenConnect Flaw Under Active Exploitation

The ConnectWise ScreeConnect authentication vulnerability disclosed this week is now under active exploitation and there is proof-of-concept exploit code available.


Decipher Podcast: Jennifer Leggio Returns

Jennifer Leggio, a longtime security industry executive who has served in many different roles, joins Dennis Fisher to talk about the shift in thinking among those in the security community, technical gatekeeping in security, her new consulting venture Moveable Feast, and finding your niche.


Europol, FBI Announce LockBit Ransomware Crackdown

The breadth of the takedown itself is multifaceted and impacts everything from LockBit’s infrastructure backbone to members’ ability to access cryptocurrency accounts linked to the ransomware group.


Decipher Podcast: LockBit Takedown

Dennis Fisher and Lindsey O'Donnell-Welch discuss the disruption of the LockBit ransomware operation by the FBI, Europol, and UK authorities, what it means for victims, and how it fits into the government's larger strategy to target cybercrime groups.


Decipher Podcast: Source Code 2/16

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.


U.S. Government Disrupts Botnet Used by Russian GRU Hackers

The operation marks the latest effort by U.S. law enforcement to knock down malicious cyber operations.

Botnet, Fbi

APT Exploits Microsoft Zero-Day in Malware Attacks

Microsoft fixed the flaw as part of its regularly scheduled updates on Tuesday.

Microsoft, Zero Day

The Creeping Threat of Security Debt

A new study shows that more than 70 percent of organizations have applications with vulnerabilities that are more than a year old, and nearly 50 percent have critical bugs that old.

Software Security

U.S. Organizations Targeted in Bumblebee Malware Campaign

The campaign uses a slightly modified attack chain for Bumblebee and marks the return of the malware after a four-month absence from the threat landscape.


QNAP Fixes Pair of Command Injection Flaws

QNAP has patched two command injection flaws in several versions of its QTS and QuTS hero firmware.


Decipher Podcast: Mick Baccio

Mick Baccio, global security advisor at SURGe with Splunk, talks about how his perspectives on cybersecurity have changed over time - from first reading Neuromancer at age nine, to acting as the White House threat intelligence branch chief across multiple administrations.