SEARCH
All Articles
Wendy Nather on the ‘Topics That Are Distracting CISOs’
Wendy Nather, distinguished cybersecurity leader and director of strategic engagements at Cisco, talks to Lindsey O’Donnell-Welch, executive editor with Decipher, at Black Hat 2024 about the biggest “topics that are distracting CISOs."
The ‘Sleeping Time Bomb’ of Third-Party Cybersecurity Risk
CISOs discuss third-party risk, why it’s a “sleeping time bomb” and how organizations can approach this complex issue.
The New Age of Cloud Security and Multi-Cloud Defense
Longtime cloud security educator and researcher Rich Mogull, SVP of cloud security at FireMon, joins Decipher editor Dennis Fisher to dive into the challenges of securing multi-cloud environments, how cloud security has evolved, and how enterprises are learning to handle those changes.
What Impact Will AI Have on Cybersecurity Risk Management?
CISOs talk about how they’re seeing security teams leverage machine learning, what generative AI innovations mean for risk management and more.
‘The Tidal Wave Coming At Everybody:’ The Issue of Data Sprawl and Identity
CISOs sound off on how security teams are approaching the “massive sprawl” of different data and accounts across their ecosystem, especially with the proliferation of identity-related threats.
The Impacts of the SEC Cyber Rules on Incident Disclosure, CISO Liability
CISOs sound off on the long-term impacts of the SEC's cyber rules, with the regulations in effect for months now.
Apache Fixes OFBiz Remote Code Execution Flaw
Apache has issued a fix in OFBiz (Open For Business) that addresses an unauthenticated remote code execution bug.
Russian GRU Unit Linked to Critical Infrastructure Attacks
Several U.S. government agencies issued a new advisory Thursday warning of global cyber operations by threat actors that they affiliated with Unit 29155 of the GRU.
New North Korean Campaigns Target Cryptocurrency Industry
New social engineering and vulnerability exploitation campaigns by North Korean threat actors are targeting people and organizations in the cryptocurrency industry.
New Backdoor Linked to Earth Lusca Threat Group
Researchers have uncovered a new backdoor called KTLVdoor, which is written in the Go language, has versions for targeting Windows and Linux and is linked back to Chinese-speaking threat actor Earth Lusca.
The Lasting Repercussions of the Sony Hack
The Sony Pictures hack in 2014 by the North Korean Lazarus Group was a seminal event both in Hollywood and in the security community, bringing to light the capabilities and ambitions of North Korean attackers and showing the damage a leak of sensitive data can be. Brian Raftery joins Dennis Fisher to discuss his new Ringer podcast, The Hollywood Hack, that digs deep into the incident, its repercussions in Hollywood, and how it helped set the tone for how companies handle public data leaks.
FTC: Verkada Must Create Security Program After Breaches
Security camera firm Verkada must develop and implement a security program after the company was hit with two separate security incidents in 2020 and 2021.
APT29 Watering Hole Attacks Used Spyware Exploits
The Russian-backed APT29 group was seen using the same iOS and Google Chrome exploits as commercial surveillanceware vendors NSO Group and Intellexa.
Zero Day Exploit Reuse and A Busy Week for Iranian APTs
The focus was on Iranian APTs this week, both from private threat intelligence teams and CISA, exposing new operations from UNC757 and other groups targeting government, higher education, and private industry. We also check in on a new report from Google's Threat Analysis Group on APTs using the same exploits for zero days that were developed by private commercial surveillance vendors NSO Group and Intellexa.
New Backdoor Used By Iranian State-Sponsored Group
The backdoor is being used for intelligence gathering campaigns against U.S. organizations in the government, communications equipment, oil and gas and satellite sectors.