Wendy Nather, distinguished cybersecurity leader and director of strategic engagements at Cisco, talks to Lindsey O’Donnell-Welch, executive editor with Decipher, at Black Hat 2024 about the biggest “topics that are distracting CISOs."
CISOs discuss third-party risk, why it’s a “sleeping time bomb” and how organizations can approach this complex issue.
Longtime cloud security educator and researcher Rich Mogull, SVP of cloud security at FireMon, joins Decipher editor Dennis Fisher to dive into the challenges of securing multi-cloud environments, how cloud security has evolved, and how enterprises are learning to handle those changes.
CISOs talk about how they’re seeing security teams leverage machine learning, what generative AI innovations mean for risk management and more.
CISOs sound off on how security teams are approaching the “massive sprawl” of different data and accounts across their ecosystem, especially with the proliferation of identity-related threats.
CISOs sound off on the long-term impacts of the SEC's cyber rules, with the regulations in effect for months now.
Apache has issued a fix in OFBiz (Open For Business) that addresses an unauthenticated remote code execution bug.
Several U.S. government agencies issued a new advisory Thursday warning of global cyber operations by threat actors that they affiliated with Unit 29155 of the GRU.
New social engineering and vulnerability exploitation campaigns by North Korean threat actors are targeting people and organizations in the cryptocurrency industry.
Researchers have uncovered a new backdoor called KTLVdoor, which is written in the Go language, has versions for targeting Windows and Linux and is linked back to Chinese-speaking threat actor Earth Lusca.
The Sony Pictures hack in 2014 by the North Korean Lazarus Group was a seminal event both in Hollywood and in the security community, bringing to light the capabilities and ambitions of North Korean attackers and showing the damage a leak of sensitive data can be. Brian Raftery joins Dennis Fisher to discuss his new Ringer podcast, The Hollywood Hack, that digs deep into the incident, its repercussions in Hollywood, and how it helped set the tone for how companies handle public data leaks.
Security camera firm Verkada must develop and implement a security program after the company was hit with two separate security incidents in 2020 and 2021.
The Russian-backed APT29 group was seen using the same iOS and Google Chrome exploits as commercial surveillanceware vendors NSO Group and Intellexa.
The focus was on Iranian APTs this week, both from private threat intelligence teams and CISA, exposing new operations from UNC757 and other groups targeting government, higher education, and private industry. We also check in on a new report from Google's Threat Analysis Group on APTs using the same exploits for zero days that were developed by private commercial surveillance vendors NSO Group and Intellexa.
The backdoor is being used for intelligence gathering campaigns against U.S. organizations in the government, communications equipment, oil and gas and satellite sectors.