Security news that informs and inspires

All Articles

2297 articles:

European Council Sanctions Individuals Tied to Conti, Trickbot

The European Council has sanctioned six individuals allegedly tied to the Wizard Spider, Armageddon and Callisto threat groups.

EU

Decipher Podcast: Metin Kortak

Metin Kortak, CISO with Rhymetec, talks about how organizations are approaching data privacy and security compliance, and thinking about risk management policies, when it comes to generative AI in the workplace.

AI, Podcast

Serious Flaws Fixed in ExpressionEngine CMS

Packet Tide has fixed a group of XSS vulnerabilities and an open HTTP redirection bug in its ExpressionEngine content management system, some of which could give an attacker admin access.

Vulnerabilities

Espionage Threat Actor Hits Multiple Government Entities

Cisco Talos researchers have linked known Gh0stRAT campaigns targeting public and private sector entities to a Chinese-speaking threat actor called SneakyChef.

Cyberattack

UNC3886 Leverages Zero Days, Novel Backdoor Variants

A new deep-dive investigation into the known UNC3886 gives insight into how the China-linked threat actor “operates in a sophisticated, cautious, and evasive nature.”

Zero Day

VMware Warns of Critical vCenter Server Flaws

Two critical vulnerabilities in VMware's vCenter Server centralized management utility could allow remote code execution.

Vmware

Latest EU Proposal ‘Fundamentally Undermines Encryption’

A recent proposal in discussion in the European Union Council would mandate "upload moderation" of encrypted content, something that would break encryption for everyone, Singal's president said.

Encryption, Privacy

Fake Error Messages Used in Lumma Stealer, RAT Attacks

Researchers have been tracking a social engineering technique in ongoing attacks where a pop-up message gives end users instructions to manually copy and paste a malicious script, leading to the deployment of malware.

Malware

Heat, Kelso and the Hacker Mindset

In the 1995 classic Heat, the character Kelso is an old-school hacker with a background as a DARPA scientist who uses his knowledge to sell scores to criminals. Meg Gardiner, Casey Ellis, and Dennis Fisher discuss his connection to the hacker ethos.

Hacker Movies

Deciphering Heat

Michael Mann's 1995 thriller Heat is considered by many people to be the best crime movie ever made. And hidden inside the intricate plot is a story of a lone hacker with a background at DARPA who uses his skills to set up scores for the crews in LA's underworld. Meg Gardiner, the co-author of Heat 2, and Casey Ellis, cofounder of Bugcrowd, join Dennis Fisher to dig into the technological and psychological details of this modern masterpiece. This is Deciphering Heat.

Podcast, Hacker Movies

Microsoft Delays Release of Controversial Recall Feature

The release of the Recall feature in Copilot Plus PCs will now be delayed on the heels of backlash from the security and privacy communities.

Microsoft

Scattered Spider Targets SaaS Platforms For Data Exfiltration

The Scattered Spider threat group in recent months has been targeting software-as-a-service (SaaS) applications for data theft and leveraging virtualization platforms for persistence.

Identity, Saas

Decipher Podcast: Amy Bogac

Amy Bogac, a longtime security executive with a depp background in systems administration and networking, joins Dennis Fisher to talk about how she came to security, how her background in communications informed her career choices, and the difficult conversations that need to occur before someone has to push the button during an incident.

Podcast

Thousands of FortiGate Devices Compromised in Ongoing Campaign

The Dutch Military Intelligence and Security Service said it has identified more than 20,000 FortiGate devices that have been compromised by a Chinese state-sponsored threat group.

Fortinet, China

Ransomware Attacks Leverage Recent Critical PHP Flaw

A recently disclosed PHP argument injection flaw (CVE-2024-4577) is being used in ransomware attacks, according to threat researchers and CISA.

Ransomware