Security news that informs and inspires

All Articles

2376 articles:

QNAP Fixes Pair of Command Injection Flaws

QNAP has patched two command injection flaws in several versions of its QTS and QuTS hero firmware.

Storage

Decipher Podcast: Mick Baccio

Mick Baccio, global security advisor at SURGe with Splunk, talks about how his perspectives on cybersecurity have changed over time - from first reading Neuromancer at age nine, to acting as the White House threat intelligence branch chief across multiple administrations.

Podcast

Ivanti Discloses New Flaw in Policy Secure, Connect Secure VPN

A new vulnerability has been disclosed in certain versions of Ivanti’s Connect Secure VPN and Ivanti Policy Secure appliances.

Ivanti, Patch

Fortinet Warns of Zero Day in FortiOS

Fortinet is urging customers to patch an actively exploited flaw (CVE-2024-21762) in many versions of its FortiOS software.

Fortinet

Q&A: Gary McGraw

Software security pioneer and AI expert Gary McGraw talks to Dennis Fisher about the risks of black box LLMs in AI and the need for regulation.

AI

Ransomware Payments Hit $1.1B Record in 2023

With ransomware payments hitting an all-time high in 2023, CISOs “need to concentrate on making their organizations a hard target.”

Ransomware

Experts Urge Tighter Focus on Critical Infrastructure Security

ICS and operational technology experts told Congress Tuesday that adversaries' focus on critical infrastructure attacks requires a better focus on the security of these networks by defenders and regulators.

ICS, Government

Decipher Podcast: Gary McGraw on AI Security

Software security and AI security expert Gary McGraw joins Dennis Fisher to discuss the findings of a new AI architectural risk analysis research paper that his Berryville Institute of Machine Learning did on LLMs, the risks of black box models, and what kind of regulation would be most effective at reducing those risks.

Podcast, AI

U.S. Cracks Down on Spyware With Visa Restriction Policy

The U.S. will impose visa restrictions on individuals that use or financially benefit from commercial spyware in a "novel and creative measure."

Spyware

Decipher Podcast: Source Code 2/2

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

CISA: Federal Agencies Must Disconnect Vulnerable Ivanti Appliances

Federal agencies must disconnect Ivanti Connect Secure and Policy Secure appliances - which have actively exploited vulnerabilities in them - from agency networks within the next 48 hours.

Ivanti, CISA

Executives Navigate Operational Technology Security Challenges

While boards of directors and C-Suite executives are better understanding the value of operational technology security, challenges remain in the complexity of these systems and potential impact should threat actors attack them.

Critical Infrastructure

Ivanti Rolls Out Patches For Exploited Connect Secure Flaws

Ivanti has rolled out its first round of patches for two existing - and two newly discovered - vulnerabilities in its Ivanti Connect Secure VPN and Ivanti Policy Secure appliances.

Ivanti, Patch

U.S. Leaders Warn of Chinese Attacks on Critical Infrastructure

The Department of Justice has disrupted an attack campaign by Chinese state-sponsored attackers on U.S. critical infrastrucutre and says that country's targeting of civilian resources is a "low blow".

Government, China

Decipher Podcast: Kevin Tian and Rahul Madduluri

Kevin Tian and Rahhul Madduluri, co-founders of Doppel, join Dennis Fisher to discuss the emerging threats of AI-enabled phishing and brand impersonation and how AI can also be used to detect and stop these attacks.

Podcast