The Scattered Spider threat group in recent months has been targeting software-as-a-service (SaaS) applications for data theft and leveraging virtualization platforms for persistence.
Amy Bogac, a longtime security executive with a depp background in systems administration and networking, joins Dennis Fisher to talk about how she came to security, how her background in communications informed her career choices, and the difficult conversations that need to occur before someone has to push the button during an incident.
The Dutch Military Intelligence and Security Service said it has identified more than 20,000 FortiGate devices that have been compromised by a Chinese state-sponsored threat group.
A recently disclosed PHP argument injection flaw (CVE-2024-4577) is being used in ransomware attacks, according to threat researchers and CISA.
A few days after Microsoft announced the new AI-enabled Recall feature--generating tremendous concerns and pushback from the security and privacy communities--the company had decided to disable it by default, but many concerns still remain. A month after the company's CEO proclaimed that it would be "prioritizing security above all else", how did this happen?
Researchers with Mandiant said that since at least April 14, the threat group behind the attack has used stolen credentials to access over 100 customer tenants. Some of the credentials were stolen via infostealer malware as early as 2020.
A new ecosystem of security researchers is emerging, looking to sniff out data security and privacy issues in AI systems and grappling with issues like a lack of transparency into and understanding of LLMs.
A critical remote code execution bug (CVE-2024-4577) in all versions of PHP on Windows has been patched. The bug also affects all Windows versions of XAMPP.
Microsoft said the controversial Copilot Plus PC Recall feature will no longer be enabled by default after backlash from security and privacy experts.
Wyden said the Change Healthcare ransomware attack demonstrates how the HHS’ current self-regulatory approach to cybersecurity is “insufficient.”
Veteran security journalist and podcaster Ryan Naraine joins the Decipher podcast to discuss the challenges of separating fact from fiction when reporting on complex incidents such as the Snowflake breach.
Hundreds of separate IP addresses are now trying to exploit the Check Point patch traversal flaw (CVE-2024-24919) that was disclosed lat week.
Synnovis is experiencing a ransomware attack impacting all IT systems and resulting in interruptions to many of the organization’s pathology services across top hospitals in London.
Garrett Yamada, associate director of identity security at Texas A&M University, talks about his experiences navigating identity challenges.
Tenable researchers discovered a technique for abusing Azure service tags to bypass firewall rules and Microsoft has issued new guidance for customers.