Security news that informs and inspires

All Articles

2164 articles:

Okta Says Breach Affected All Support Customers

Okta officials said that the September intrusion in its customer support system affected every company in the Okta system.

Data Breach, Okta

International Operation Leads to Ransomware Ringleader Arrest

In a series of raids across Ukraine, the agencies apprehended several individuals that allegedly belong to the group, which has encrypted over 250 servers and cost large corporations several hundreds of millions of euros.

Cybercrime

Ardent Health Services Impacted By Ransomware Attack

On the heels of a ransomware attack, Ardent said facilities are rescheduling elective procedures and diverting some emergency room patients to other local hospitals until systems are back online.

Healthcare

New AI Guidelines Focus on Safety and Security of Models, Data

New AI guidelines authored by CISA and the UK's NCSC stress the importance of secure design, development, deployment, and operation of AI models and tools.

Ai, Government

Stealthy Malware Leverages MQTT Protocol in Spam Campaigns

Researchers observed thousands of spam emails delivering the WailingCrab malware that were sent to targets in North and South America, Europe and Asia.

Spam, Malware

Decipher Podcast: What We’re Thankful For

Dennis Fisher and Lindsey O'Donnell-Welch talk about some of things in the security community they're thankful for, and a couple of things they're not.

Podcast

CISA Warns of Widespread Exploitation of Citrix Bleed Flaw

Citrix is urging impacted customers to update, but also recommends that they remove any active or persistent sessions and look for patterns of suspicious session use.

Citrix, Citrix Netscaler

Morgan Stanley Fined $6.5M, Must Take Security Measures

The fine stems from two previously known Morgan Stanley data security incidents.

Morgan Stanley, Bank Security

Four Threat Groups Targeted Zimbra Collaboration Flaw

Google's Threat Analysis Group has identified four separate campaigns targeting the Zimbra Collaboration vulnerability (CVE-2023-37580) in recent months.

Zimbra, Google

Memory Safe: Merritt Baer

Merritt Baer, field CISO at Lacework and former member of the AWS office of the CISO, joins Lindsey O'Donnel-Welch in this week's Memory Safe episode to discuss her career arc, finding a true seat at the table as a security executive, and security as a business enabler.

Podcast, Ciso

EU Parliament Committee Rejects Mass Scanning of Encrypted Messages

A key European Union Parliament committee has rejected proposed language that would allow for mass scanning of encrypted messages.

Encryption, Government

Microsoft Patches Three Zero Days in November Update

Microsoft released patches for 57 vulnerabilities in November's Patch Tuesday update, including three flaws that have been actively exploited.

Microsoft

Decipher Podcast: Source Code 11/9

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code

Lace Tempest Seen Exploiting SysAid Zero Day

A path traversal zero day (CVE-2023-47246) in the SysAid on-premises product is under active attack by the ace Tempest threat group.

Vulnerability, Ransomware

CISOs, Developers and the Software Supply Chain Security Disconnect

A new report revealed discrepancies in how CISOs and developers view their roles and responsibilities around software supply chain security.

Supply Chain Security