Security news that informs and inspires

All Articles

2290 articles:

Latest EU Proposal ‘Fundamentally Undermines Encryption’

A recent proposal in discussion in the European Union Council would mandate "upload moderation" of encrypted content, something that would break encryption for everyone, Singal's president said.

Encryption, Privacy

Fake Error Messages Used in Lumma Stealer, RAT Attacks

Researchers have been tracking a social engineering technique in ongoing attacks where a pop-up message gives end users instructions to manually copy and paste a malicious script, leading to the deployment of malware.

Malware

Deciphering Heat

Michael Mann's 1995 thriller Heat is considered by many people to be the best crime movie ever made. And hidden inside the intricate plot is a story of a lone hacker with a background at DARPA who uses his skills to set up scores for the crews in LA's underworld. Meg Gardiner, the co-author of Heat 2, and Casey Ellis, cofounder of Bugcrowd, join Dennis Fisher to dig into the technological and psychological details of this modern masterpiece. This is Deciphering Heat.

Podcast, Hacker Movies

Microsoft Delays Release of Controversial Recall Feature

The release of the Recall feature in Copilot Plus PCs will now be delayed on the heels of backlash from the security and privacy communities.

Microsoft

Scattered Spider Targets SaaS Platforms For Data Exfiltration

The Scattered Spider threat group in recent months has been targeting software-as-a-service (SaaS) applications for data theft and leveraging virtualization platforms for persistence.

Identity, Saas

Decipher Podcast: Amy Bogac

Amy Bogac, a longtime security executive with a depp background in systems administration and networking, joins Dennis Fisher to talk about how she came to security, how her background in communications informed her career choices, and the difficult conversations that need to occur before someone has to push the button during an incident.

Podcast

Ransomware Attacks Leverage Recent Critical PHP Flaw

A recently disclosed PHP argument injection flaw (CVE-2024-4577) is being used in ransomware attacks, according to threat researchers and CISA.

Ransomware

Thousands of FortiGate Devices Compromised in Ongoing Campaign

The Dutch Military Intelligence and Security Service said it has identified more than 20,000 FortiGate devices that have been compromised by a Chinese state-sponsored threat group.

Fortinet, China

Decipher Podcast: The Microsoft Recall Recall

A few days after Microsoft announced the new AI-enabled Recall feature--generating tremendous concerns and pushback from the security and privacy communities--the company had decided to disable it by default, but many concerns still remain. A month after the company's CEO proclaimed that it would be "prioritizing security above all else", how did this happen?

Podcast, Microsoft

Mandiant: 165 Snowflake Customers ‘Potentially Exposed’ in Campaign

Researchers with Mandiant said that since at least April 14, the threat group behind the attack has used stolen credentials to access over 100 customer tenants. Some of the credentials were stolen via infostealer malware as early as 2020.

MFA

The Emerging Ecosystem Dedicated to AI Accountability

A new ecosystem of security researchers is emerging, looking to sniff out data security and privacy issues in AI systems and grappling with issues like a lack of transparency into and understanding of LLMs.

AI

After Backlash, Microsoft Recall Will be Disabled by Default

Microsoft said the controversial Copilot Plus PC Recall feature will no longer be enabled by default after backlash from security and privacy experts.

Microsoft

Critical PHP Flaw CVE-2024-4577 Patched

A critical remote code execution bug (CVE-2024-4577) in all versions of PHP on Windows has been patched. The bug also affects all Windows versions of XAMPP.

PHP

Wyden Pushes HHS to Mandate Healthcare Cybersecurity Standards

Wyden said the Change Healthcare ransomware attack demonstrates how the HHS’ current self-regulatory approach to cybersecurity is “insufficient.”

Government

The Challenge of Reporting on Complex Breaches

Veteran security journalist and podcaster Ryan Naraine joins the Decipher podcast to discuss the challenges of separating fact from fiction when reporting on complex incidents such as the Snowflake breach.

Video