SEARCH
All Articles
Lace Tempest Seen Exploiting SysAid Zero Day
A path traversal zero day (CVE-2023-47246) in the SysAid on-premises product is under active attack by the ace Tempest threat group.
CISOs, Developers and the Software Supply Chain Security Disconnect
A new report revealed discrepancies in how CISOs and developers view their roles and responsibilities around software supply chain security.
Decipher Podcast: Kymberlee Price
Kymberlee Price, co-founder of Zatik, joins Dennis Fisher to talk about her experience running security response programs at Microsoft, BlackBerry, and other companies, and how the changing security landscape helped lead her to start her own company.
New Gootloader Malware Variant Harder to Detect, Block
Researchers with IBM X-Force recently observed the new Gootloader variant being used for lateral movement, marking a significant change in the malware’s post-infection tactics.
Exploit Attempts, Ransomware Target Critical Confluence Flaw
Attackers are targeting the critical Atlassian Confluence flaw (CVE-2023-22518) with active exploit attempts, including some trying to deploy ransomware.
Decipher Podcast: Source Code 11/3
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
Threat Actors Target Apache ActiveMQ Flaw
Apache disclosed this flaw and released patches for it on Oct. 25, and proof-of-concept exploit code is also available for the bug.
Atlassian CISO Warns of Critical Confluence Flaw
Further details for the vulnerability were not specified, but the bug is rated 9.1 out of 10 on the CVSS v3 scale, and Atlassian is underscoring its potential impact for customers.
Memory Safe: Michelle Finneran Dennedy
In the premier episode of Memory Safe, our new podcast and video series, Dennis Fisher talks with Michelle Finneran Dennedy, founder and CEO of Privacy Code, former CPO of Sun Microsystems and Cisco, and all around great person, about her early interest in technology, the influence of her father on her career, and why she's still doing security after all this time.
White House AI Executive Order Puts Focus on Cybersecurity
Federal agencies are being ordered to take a closer look at how AI could potentially impact areas like vulnerability discovery capabilities or critical infrastructure cyberattacks.
F5 Patches Remote Code Execution Bug in BIG-IP
The critical-severity, unauthenticated remote code execution flaw exists in several versions of the F5 BIG-IP security appliances.
Decipher Podcast: Source Code 10/27
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
VMware Fixes Critical-Severity vCenter Server Bug
VMware has released patches for a critical-severity vulnerability that could enable remote code execution attacks.
Winter Vivern APT Targets Zero Day in Roundcube
The Winter Vivern APT group has been targeting a zero day XSS vulnerability in the Roundcube webmail server in recent weeks.
Decipher Podcast: Matt Donahue and Nick Selby
Dennis Fisher talks with Mat Donahue, a former FBI counterterrorism specialist and founder and CEO of Kodex, and Nick Selby, a technologist and law enforcement officer, about the challenges organizations face when responding to data requests from law enforcement agencies and how CISOs and legal teams can address them.