Security news that informs and inspires

All Articles

2094 articles:

VMware Fixes Critical-Severity vCenter Server Bug

VMware has released patches for a critical-severity vulnerability that could enable remote code execution attacks.


Winter Vivern APT Targets Zero Day in Roundcube

The Winter Vivern APT group has been targeting a zero day XSS vulnerability in the Roundcube webmail server in recent weeks.

Apt, Vulnerability

Decipher Podcast: Matt Donahue and Nick Selby

Dennis Fisher talks with Mat Donahue, a former FBI counterterrorism specialist and founder and CEO of Kodex, and Nick Selby, a technologist and law enforcement officer, about the challenges organizations face when responding to data requests from law enforcement agencies and how CISOs and legal teams can address them.


Cisco Releases Update for IOS XE Flaws

Cisco has released an update for two zero days in IOS XE that attackers have been exploiting in the wild.

Patch, Cisco

Okta: Stolen Credential Led to Support System Breach

Okta customer BeyondTrust said that it first detected the attack and notified Okta on Oct. 2, though Okta did not confirm an internal breach until Oct. 19.


U.S., European Authorities Disrupt Ragnar Locker Ransomware Operation

Law enforcement agencies from Europe and the U.S. seized the infrastructure and arrested alleged members of the Ragnar Locker ransomware gang this week.


More Companies Adopt Board-Level Cybersecurity Committees

The hope is that these types of committees will tighten collaboration between boards and CISOs and lead to more support and resources for organizations’ cybersecurity strategies.


TeamCity Flaw Exploited By North Korean Nation-State Actors

Microsoft warned that these attacks are “particularly high risk” for impacted organizations.

North Korea, Microsoft

State Actors Targeting WinRAR Flaw in Multiple Campaigns

APT groups from Russia and China are targeting CVE-2023-38831 in WinRAR in multiple campaigns, deploying custom and commodity malware.

Russia, China

Threat Actors Exploit Citrix Netscaler ADC and Gateway Flaw

The flaw was disclosed last week, but researchers said that exploitation started in late August.

Citrix, Citrix Netscaler

CISA Pushes Organizations to Patch Known Confluence Bug

CISA and the FBI are urging network administrators to apply patches for the Atlassian Confluence bug (CVE-2023-22515) immediately.


Threat Actors Deliver DarkGate Malware via Skype, Teams Chats

The global campaign, which occurred between July and September, mostly targeted organizations in the Americas region.

Microsoft, Microsoft Teams

Decipher Podcast: Dr. Christopher Mitchell

Dr. Christopher Mitchell, the CISO for the City of Houston, joins the Decipher podcast to discuss how he inspires his team and drives collaboration related to security within his organization.


Microsoft Patches Actively Exploited Flaws in WordPad, Skype For Business

The two important-severity flaws are publicly known and are part of Microsoft’s regularly scheduled Patch Tuesday releases, which overall included more than 100 fixes.


HTTP/2 Rapid Reset Flaw Affects All Major Web Servers

A new flaw in HTTP/2 known as Rapid Reset has enabled threat actors to launch massive DDoS attacks and is believed to affect all modern web servers.