SEARCH
All Articles
Bill Would Provide Funding for Security Research on Energy Infrastructure
A new bill would provide funding for security research at the university level into threats to the energy sector.
Attacks Target Control Web Panel Flaw
Exploit attempts are ramping up against a flaw in Control Web Panel that allows unauthenticated remote code execution.
Decipher Podcast: Chris Eng on the State of Software Security
Chris Eng, chief research officer at Veracode, joins Dennis Fisher to discuss the company's new State of Software Security report, whether we're getting better at fixing bugs, and the fragility of open source projects an the software supply chain.
MegaCortex Ransomware Decryptor Released
BitDefender has released a decryption tool for the MegaCortex ransomware variant.
Q&A: Sounil Yu
Sounil Yu, CISO at JupiterOne, talks about imposter syndrome and pinpointing gaps in organizations’ security programs.
CircleCI Warns Customers to Rotate Secrets After Security Incident
CircelCI said it is investigating a security incident and warned customers to rotate all of the secrets stored in the service.
Fortinet Fixes Serious Flaw in FortiADC
Fortinet has patched a serious bug (CVE-2022-39947) in its FortiADC application delivery controllers.
Deciphering Home Alone
Kevin McCallister may not be a hacker or even own a computer (as far as we know), but no one embodies the hacker ethic better than he does, an eight-year-old boy left alone at Christmas who is forced to use his imagination and creativity to defend a prime target and lure his adversaries into his trap. This is Deciphering Home Alone.
Play Ransomware Group Using New ProxyNotShell Exploit
Play ransomware actors have been using a previously undocumented exploitation method for the ProxyNotShell Exchange flaws.
Q&A: Andy Greenberg
Andy Greenberg, author and journalist at Wired, recently joined Dennis Fisher on the Decipher podcast to discuss his new book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, which tells the stories of the people who hunted the operators of several major dark web markets.
Q&A: Helen Patton
Helen Patton, CISO for the Security Business Group at Cisco, discusses why it’s vital for CISOs to be able to “talk about security things in non-security ways with non-security people.”
Ukrainian Organizations Hit With New Supply Chain Attack
Mandiant researchers recently discovered a new software supply chain attack that targeted Ukrainian government agencies with trojanized Windows installers.
Microsoft-Signed Malicious Driver Used in Pre-Ransomware Intrusions
Researchers have found a malicious driver signed by Microsoft used in the lead up to Hive and Cuba ransomware deployments.
Decipher Podcast: Andy Greenberg on Tracers in the Dark
Wired journalist and author Andy Greenberg joins Dennis Fisher to discuss his new book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, which tells the stories of the agents, academics, and security experts who tracked the admins of the Silk Road, AlphaBay, and other darknet markets through specialized blockchain tracing techniques.
APT5 Exploiting New Flaw in Citrix ADC and Gateway
APT5, a Chinese threat group, has used a newly discovered flaw (CVE-2022-27518) in Citrix ADC and Gateway to target a small number of organizations.