Security news that informs and inspires

All Articles

2376 articles:

Microsoft Fixes Six Actively Exploited Bugs

Overall, Microsoft fixed dozens of vulnerabilities in its August patch Tuesday updates.

Microsoft

Exploit Code Available For Critical Ivanti vTM Bug

Ivanti has fixed a critical-severity flaw in its Virtual Traffic Manager (vTM), which if exploited could enable attackers to bypass authentication and create a user with administrator privileges.

Vulnerability

Humans Are Bad at Risk Assessment, and Other Stories

Risk management is not one of humanity's strong points, but we can learn some lessons from our own real life experiences to apply to our security careers.

Risk Management

What We Learned at Black Hat 2024

Dennis Fisher and Lindsey O'Donnell-Welch reflect on their week in Las Vegas at Black Hat and discuss the talks they liked, including Moxie Marlinspike's keynote and the Google Project Zero retrospective, and the other topics they found interesting, including vulnerability exploitation versus social engineering and the AI ecosystem.

Video, Black Hat

FBI Disrupts Radar/Dispossessor Ransomware Group

The FBI has disrupted a ransomware operation called Radar/Dispossessor, which has targeted at least 43 companies by leveraging weak passwords with a lack of two-factor authentication.

Ransomware

Project Zero: ‘It Will Take All of Us to End The Era of Zero Days’

At Black Hat USA, Google Project Zero highlighted how far we’ve come in understanding zero days.

Black Hat

Software Has Eaten the World But There’s Still Hope

As software systems have become ever more complex, the opportunity for security researchers to show their value has grown, as well.

Black Hat, Software Security

Black Hat Podcast: Josh Harguess and Chris Ward

Josh Harguess and Chris Ward, with Cranium AI, talk about the backstory of how MITRE Labs’ AI Red Team came to be.

Black Hat, AI

Researchers Detail ‘Bucket Monopoly’ AWS Flaws

At Black Hat USA this week, researchers detailed now-fixed vulnerabilities across six AWS services.

Black Hat

The Growing Threat of Data Feudalism in AI Models

AI and machine learning security expert Gary McGraw joins Dennis Fisher to discuss the concept of data feudalism in LLM foundation models, what the security implications of it are, and whether narrowly focused models may help address these issues.

AI, Video

Chinese Threat Group Compromised ISP to Deliver Malware

Threat actors compromised an unnamed internet service provider in order to poison DNS responses and target macOS and Windows systems with malware.

Malware

Attackers Abuse Cloudflare Tunnels to Deliver Xworm Malware

The attack’s abuse of Cloudflare Tunnels is part of an overall increase in malware delivery via this vector, said researchers.

Cloudflare, Malware, Phishing

Black Hat USA 2024 Preview: AI, AI, and More AI

Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch are joined by Brian Donohue to dissect the Black Hat talks they're looking forward to.

Black Hat, Video

Taiwanese Research Center Targeted by APT41

The threat group likely used tools like Cobalt Strike as well as ShadowPad, a modular RAT that is a successor to the PlugX malware, in its attack.

Apt41

Microsoft Azure Outage Stemmed From DDoS Defense Error

Microsoft said that a global outage of its Azure service on Tuesday was exacerbated by “an error” in its response to a distributed denial-of-service (DDoS) attack.

Ddos