Security news that informs and inspires

All Articles

1808 articles:

New Threat Actor Hits Ukrainian Agencies

A previously unknown APT is targeting Ukrainian government agencies with malware known as PowerMagic and CommonMagic.

Apt, Ukraine

Six Flaws Fixed in libcurl 8

Version 8 of libcurl has been released, patching six vulnerabilities, including an authentication bypass.


Q&A: Chris Morales

Chris Morales, CISO at Netenrich, has held various roles throughout his career before becoming a CISO, including ones advising and designing incident response and threat management programs for enterprise organizations.

Ciso Q&a

US, German Authorities Take Down ChipMIxer Platform

U.S. and German law enforcement authorities have seized the assets and infrastructure of the ChipMixer cryptocurrency mixing platform, alleging it launders ransomware payments.


Winter Vivern APT Targeting Ukrainian, European Organizations

A low-profile attack group known as Winter Vivern has recently been targeting government and private organizations in Ukraine, Poland, Italy, and elsewhere.

Apt, Russia

Microsoft Patches Two Bugs Under Active Attack

In its March Patch Tuesday release, Microsoft has fixed two vulnerabilities (CVE-2023-23397) and (CVE-2023-24880) that have been exploited in the wild.


Decipher Podcast: Chris Wysopal Returns

Chris Wysopal, CTO and founder of Veracode, joins Dennis Fisher to dive into the new White House National Cybersecurity Strategy and discuss what's missing, how practical the pillars are, and when these ideas may be implemented.


YoroTrooper Group Targets European, CIS Countries in Cyberespionage Campaigns

The newly identified YoroTrooper group is targeting embassies and government agencies in European and Commonwealth of Independent States countries in phishing campaigns.


Decipher Podcast: Courtney Nash Returns

Courtney Nash joins Dennis Fisher to talk about the 2022 VOID Report on incidents, why mean time to resolve is no longer a meaningful metric, whether the duration of an incident matters, and how organizations can get better at responding to an analyzing incidents.


GitHub Begins Mandatory 2FA Rollout for Developers

Starting March 13, developers on GitHub will be required to enable some form of two-factor authentication for their accounts.

2fa, Github

Apache Patches Two Important Bugs in Web Server

The Apache Software Foundation has fixed two important security flaws in version 2.4.56 of its HTTP Server.


Europol Hits Alleged Members of DoppelPaymer Ransomware Group

Europol, along with law enforcement from Germany and Ukraine, arrested two alleged members of the DoppelPaymer ransomware group.


Decipher Podcast: Andrew Morris Returns

Andrew Morris, the founder and CEO of GreyNoise, joins Dennis Fisher to talk about software liability, the evolution of the security industry, and why we're not getting better at securing our systems.


Q&A: Bryan Willett

Bryan Willett, CISO at Lexmark, talks about why a “silver bullet” doesn’t exist in security and what he describes as a “multi-pronged” approach to building out a security program.

Ciso Q&a

LastPass Attacker Compromised Employee’s Personal Machine

An attacker who stole corporate and customer data from LastPass in 2022 gained initial access by compromising an engineer's personal computer.

Lastpass, Data Breach