VMware has released patches for a critical-severity vulnerability that could enable remote code execution attacks.
The Winter Vivern APT group has been targeting a zero day XSS vulnerability in the Roundcube webmail server in recent weeks.
Dennis Fisher talks with Mat Donahue, a former FBI counterterrorism specialist and founder and CEO of Kodex, and Nick Selby, a technologist and law enforcement officer, about the challenges organizations face when responding to data requests from law enforcement agencies and how CISOs and legal teams can address them.
Cisco has released an update for two zero days in IOS XE that attackers have been exploiting in the wild.
Okta customer BeyondTrust said that it first detected the attack and notified Okta on Oct. 2, though Okta did not confirm an internal breach until Oct. 19.
Law enforcement agencies from Europe and the U.S. seized the infrastructure and arrested alleged members of the Ragnar Locker ransomware gang this week.
The hope is that these types of committees will tighten collaboration between boards and CISOs and lead to more support and resources for organizations’ cybersecurity strategies.
Microsoft warned that these attacks are “particularly high risk” for impacted organizations.
APT groups from Russia and China are targeting CVE-2023-38831 in WinRAR in multiple campaigns, deploying custom and commodity malware.
The flaw was disclosed last week, but researchers said that exploitation started in late August.
CISA and the FBI are urging network administrators to apply patches for the Atlassian Confluence bug (CVE-2023-22515) immediately.
The global campaign, which occurred between July and September, mostly targeted organizations in the Americas region.
Dr. Christopher Mitchell, the CISO for the City of Houston, joins the Decipher podcast to discuss how he inspires his team and drives collaboration related to security within his organization.
The two important-severity flaws are publicly known and are part of Microsoft’s regularly scheduled Patch Tuesday releases, which overall included more than 100 fixes.
A new flaw in HTTP/2 known as Rapid Reset has enabled threat actors to launch massive DDoS attacks and is believed to affect all modern web servers.