Overall, Microsoft fixed dozens of vulnerabilities in its August patch Tuesday updates.
Ivanti has fixed a critical-severity flaw in its Virtual Traffic Manager (vTM), which if exploited could enable attackers to bypass authentication and create a user with administrator privileges.
Risk management is not one of humanity's strong points, but we can learn some lessons from our own real life experiences to apply to our security careers.
Dennis Fisher and Lindsey O'Donnell-Welch reflect on their week in Las Vegas at Black Hat and discuss the talks they liked, including Moxie Marlinspike's keynote and the Google Project Zero retrospective, and the other topics they found interesting, including vulnerability exploitation versus social engineering and the AI ecosystem.
The FBI has disrupted a ransomware operation called Radar/Dispossessor, which has targeted at least 43 companies by leveraging weak passwords with a lack of two-factor authentication.
At Black Hat USA, Google Project Zero highlighted how far we’ve come in understanding zero days.
As software systems have become ever more complex, the opportunity for security researchers to show their value has grown, as well.
Josh Harguess and Chris Ward, with Cranium AI, talk about the backstory of how MITRE Labs’ AI Red Team came to be.
At Black Hat USA this week, researchers detailed now-fixed vulnerabilities across six AWS services.
AI and machine learning security expert Gary McGraw joins Dennis Fisher to discuss the concept of data feudalism in LLM foundation models, what the security implications of it are, and whether narrowly focused models may help address these issues.
Threat actors compromised an unnamed internet service provider in order to poison DNS responses and target macOS and Windows systems with malware.
The attack’s abuse of Cloudflare Tunnels is part of an overall increase in malware delivery via this vector, said researchers.
Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch are joined by Brian Donohue to dissect the Black Hat talks they're looking forward to.
The threat group likely used tools like Cobalt Strike as well as ShadowPad, a modular RAT that is a successor to the PlugX malware, in its attack.
Microsoft said that a global outage of its Azure service on Tuesday was exacerbated by “an error” in its response to a distributed denial-of-service (DDoS) attack.