Security news that informs and inspires

All Articles

2376 articles:

Wendy Nather on the ‘Topics That Are Distracting CISOs’

Wendy Nather, distinguished cybersecurity leader and director of strategic engagements at Cisco, talks to Lindsey O’Donnell-Welch, executive editor with Decipher, at Black Hat 2024 about the biggest “topics that are distracting CISOs."

Video

The ‘Sleeping Time Bomb’ of Third-Party Cybersecurity Risk

CISOs discuss third-party risk, why it’s a “sleeping time bomb” and how organizations can approach this complex issue.

Video

The New Age of Cloud Security and Multi-Cloud Defense

Longtime cloud security educator and researcher Rich Mogull, SVP of cloud security at FireMon, joins Decipher editor Dennis Fisher to dive into the challenges of securing multi-cloud environments, how cloud security has evolved, and how enterprises are learning to handle those changes.

Video, Cloud Security

What Impact Will AI Have on Cybersecurity Risk Management?

CISOs talk about how they’re seeing security teams leverage machine learning, what generative AI innovations mean for risk management and more.

Video

‘The Tidal Wave Coming At Everybody:’ The Issue of Data Sprawl and Identity

CISOs sound off on how security teams are approaching the “massive sprawl” of different data and accounts across their ecosystem, especially with the proliferation of identity-related threats.

Identity, Video

The Impacts of the SEC Cyber Rules on Incident Disclosure, CISO Liability

CISOs sound off on the long-term impacts of the SEC's cyber rules, with the regulations in effect for months now.

Video

Apache Fixes OFBiz Remote Code Execution Flaw

Apache has issued a fix in OFBiz (Open For Business) that addresses an unauthenticated remote code execution bug.

Apache

Russian GRU Unit Linked to Critical Infrastructure Attacks

Several U.S. government agencies issued a new advisory Thursday warning of global cyber operations by threat actors that they affiliated with Unit 29155 of the GRU.

Russia

New North Korean Campaigns Target Cryptocurrency Industry

New social engineering and vulnerability exploitation campaigns by North Korean threat actors are targeting people and organizations in the cryptocurrency industry.

North Korea

New Backdoor Linked to Earth Lusca Threat Group

Researchers have uncovered a new backdoor called KTLVdoor, which is written in the Go language, has versions for targeting Windows and Linux and is linked back to Chinese-speaking threat actor Earth Lusca.

Malware

The Lasting Repercussions of the Sony Hack

The Sony Pictures hack in 2014 by the North Korean Lazarus Group was a seminal event both in Hollywood and in the security community, bringing to light the capabilities and ambitions of North Korean attackers and showing the damage a leak of sensitive data can be. Brian Raftery joins Dennis Fisher to discuss his new Ringer‬ podcast, The Hollywood Hack, that digs deep into the incident, its repercussions in Hollywood, and how it helped set the tone for how companies handle public data leaks.

Podcast, Sony

FTC: Verkada Must Create Security Program After Breaches

Security camera firm Verkada must develop and implement a security program after the company was hit with two separate security incidents in 2020 and 2021.

FTC

APT29 Watering Hole Attacks Used Spyware Exploits

The Russian-backed APT29 group was seen using the same iOS and Google Chrome exploits as commercial surveillanceware vendors NSO Group and Intellexa.

Spyware

Zero Day Exploit Reuse and A Busy Week for Iranian APTs

The focus was on Iranian APTs this week, both from private threat intelligence teams and CISA, exposing new operations from UNC757 and other groups targeting government, higher education, and private industry. We also check in on a new report from Google's Threat Analysis Group on APTs using the same exploits for zero days that were developed by private commercial surveillance vendors NSO Group and Intellexa.

Iran, Video

New Backdoor Used By Iranian State-Sponsored Group

The backdoor is being used for intelligence gathering campaigns against U.S. organizations in the government, communications equipment, oil and gas and satellite sectors.

Iran