SEARCH
All Articles
GitLab Patches Critical Account Takeover Flaw
The flaw (CVE-2023-7028) stems from the fact that user account password reset emails can be delivered to unverified email addresses.
APT Group Targets Ivanti Flaws
An unidentified APT group is actively exploiting the two recently disclosed Ivanti Pulse Secure and Connect Secure vulnerabilities (CVE-2023-46805 and CVE-2024-21887).
FBot Hacking Tool Targets Cloud, Payment Platforms
A new Python-based hacking tool is leveraged by cybercriminals to target cloud and SaaS platforms, and payment services, like AWS, Office365, PayPal and Twilio.
Decipher Podcast: Source Code 1/12
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
Ivanti Warns of Connect Secure, Policy Secure Zero Days
Patches will be released starting Jan. 22, but until then Ivanti urges customers to apply mitigations.
Decryptor Issued For Babuk Tortilla Ransomware Variant
Cisco Talos researchers also said that Dutch law enforcement has identified and apprehended the threat actor behind Babuk Tortilla operations.
Threat Actors Target Microsoft SQL Servers in Mimic Ransomware Attacks
Organizations based in the U.S., EU and Latin America have been targeted over the past few weeks.
Attackers Focus on Apache OFBiz Bug
Threat actors are targeting a critical flaw in the Apache OFBiz platform that was disclosed in late December.
Decipher Podcast: James Doggett
James Doggett, CISO of Semperis and a longtime executive in the financial and insurance industries, joins Dennis Fisher to discuss his career arc and the challenges of being a CISO in today's highly scrutinized and pressure-filled environment.
What We Learned in 2023
2023 was one of the crazier years in recent memory for security news, and we did our best to make sense of it all. We gathered some of our friends to talk about what the biggest stories of the year were and what we learned from them.
Law Enforcement Disrupts BlackCat Ransomware Operation
In addition to creating the decryption tool, law enforcement agencies have also gained visibility into the ransomware group’s network and have seized several attacker-operated websites.
Decipher Library: Holiday Edition 2023
Our annual holiday book recommendation guide is here to help you discover what to read during your holiday downtime.
Decipher Podcast: Feross Aboukhadijeh
Feross Aboukhadijeh, founder and CEO of Socket, joins Dennis Fisher to talk about the challenges of securing open-source projects, supply chain security, and the fragility of the open-source software ecosystem.
U.S., Australian Government Agencies Warn of Play Ransomware Attacks
A new advisory from U.S. and Australian government agencies warns that the Play ransomware group has successfully infected at least 300 organizations since its emergence in June 2022, including critical infrastructure entities.
Microsoft Cracks Down on Fraudulent Outlook Account Sales
Microsoft has obtained a court order from the Southern District of New York allowing the company to seize U.S.-based infrastructure and take websites used by Storm-1152 offline.