Security news that informs and inspires

All Articles

1278 articles:

FISMA Update Could Boost CISA’s Authority

Potential new legislation to update FISMA could codify CISA's role and grant it additional authority.

Government, Ransomware

U.S. Warns of Continued Threat from Conti Ransomware

A joint advisory from the FBI, CISA, and NSA warns that the Conti ransomware operation is still a threat to enterprises, despite some takedowns of its infrastructure.


VMware Fixes Critical Flaw in vCenter Server

VMware has released a fix for a critical file-upload vulnerability, along with nearly 20 other bugs in vCenter Server.


New Turla Backdoor Identified

Cisco Talos researchers have identified a new backdoor being deployed by the Turla APT against targets in multiple countries.

Apt, Russia

Azure OMIGOD Flaw Under Attack

The Azure OMI vulnerability (CVE-2021-38647) is under attack by several threat actors, including the Mirai botnet operators.

Mirai, Microsoft, Azure

MSHTML Zero Day Exploits Used Shared Infrastructure With Ransomware Group

Attackers exploiting the CVE-2021-40444 Windows flaw used infrastructure also known to be associated with a ransomware group.

Microsoft, Windows

Re-Deciphering Hackers

On the anniversary of the release of Hackers, Zoe Lindsey and Pete Baker join Dennis Fisher to talk about the cultural influence of the movie, the effect it's had on hacker culture, and why it is still so beloved today.

Hacker Movies, Podcast

Apple Patches Two iOS Bugs Exploited in the Wild

Apple has patched two iOS vulnerabilities that have been exploited in the wild, including one that requires no user interaction.


REvil Ransomware Group Reemerges

The REvil ransomware group has come back online after disappearing following the attack on Kaseya in July.


Decipher Podcast: Carolina Terrazas

Carolina Terrazas joins Dennis Fisher to talk about getting into security, the importance of diversity in hiring practices, and why Tom Brady is the worst.


Exploits Circulating for Windows MSHTML Zero Day

Some proof-of-concept exploits have begun circulating for CVE-2021-40444 and no patch is yet available.

Microsoft, Vulnerability

Attackers Exploiting Critical Flaw in Zoho Password Management Tool

Attackers are exploiting an authentication bypass flaw in Zoho's ManageEngine ADSelfService Plus password management app.


Microsoft Warns of Attacks on Windows MSHTML Zero Day

Attackers are exploiting a new zero day flaw in Windows (CVE-2021-40444) in targeted attacks.


Decipher Podcast: Amélie Koran

Amélie Koran joins Dennis Fisher to talk about her start in computing with a Commodore 64, her early years in the private sector, and her security and policy work in several federal government agencies.


Slow Uptake on Critical Confluence Update

New data shows that enterprises are not updating their Confluence instances to address a critical code execution flaw.

Atlassian, Vulnerabilities