Security news that informs and inspires

All Articles

2376 articles:

White House Implements AI Safety Reporting Mandate

Under the now-live White House executive order requirement, developers of the “most powerful AI systems” to report “vital information” related to cybersecurity measures, training plans and more.

AI

‘Radical Transparency’ Needed For Tackling Identity Challenges

“One of the biggest challenges that we face in this space… is to say, ‘how are we doing?’” said CISA's Eric Goldstein, speaking at the Identity, Authentication and the Road Ahead event on Thursday.

Identity

HPE Discloses Hack by Russian Nation-State Actor

HPE's disclosure of the breach comes days after Microsoft said the same group was able to access corporate email accounts of its senior leadership team.

HPE, Data Breach

Exploit Code Released For Fortra GoAnywhere MFT Flaw

The flaw (CVE-2024-0204) could enable remote, unauthenticated attackers to bypass authentication in order to create new users.

Vulnerability

For AI Risk, ‘The Real Answer Has to be Regulation’

The development and deployment of AI systems based on LLMs includes many inherent risks and should be regulated, and soon, experts say.

AI, Government

SEC: SIM Swapping Attack Led to Twitter Account Compromise

New revelations from the investigation into the SEC's Twitter account compromise reveal that it stemmed from a SIM swapping attack and that MFA had been disabled on the account.

Identity

Apple Patches WebKit Zero Day, Adds Stolen Device Protection in iOS

Apple has fixed a actively exploited WebKit bug (CVE-2024-23222) in iOS and macOS. and added a new security feature called Stolen Device Protection.

Apple

CISA Issues Emergency Directive For Ivanti Flaws, Warns of ‘Widespread Exploitation’

CISA said its new emergency directive for Ivanti zero-days is “based on widespread exploitation of vulnerabilities by multiple threat actors."

CISA, Ivanti

Exploitation of Recently Patched VMware Bug Started in 2021

Threat actors exploited a critical-severity VMware flaw for almost two years before patches were released in October.

Exploit, Vulnerability

Decipher Podcast: Source Code 1/19

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

Russian COLDRIVER Group Uses New Backdoor to Target Governments

The Russian APT known as COLDRIVER is using a new backdoor called SPICA in phishing campaigns against NGOs and governments.

Russia, Phishing

Citrix Discloses Actively Exploited NetScaler ADC and Gateway Flaws

Flaws in Citrix NetScaler and ADC Gateway have historically been targeted by threat actors, though researchers don't believe the impact of these two bugs to match that of CitrixBleed.

Zero Day, Citrix, Citrix Netscaler

Memory Safe: Casey Ellis

In the latest Decipher Memory Safe episode, Casey Ellis, founder and CTO of Bugcrowd, talks about everything from imposter syndrome to the security concept of “building it like it’s broken.”

Memory Safe, Video

Mint Sandstorm APT Targets Universities, Researchers

A new phishing campaign by a subset of the Iranian threat group Mint Sandstorm is targeting universities and research organizations with custom backdoors.

Iran

VMware Fixes Critical Aria Automation Bug

For patching, VMware said that "this situation qualifies as an emergency change."

Vmware