SEARCH
All Articles
Rather Than Measuring Risk, Fix an Interesting Problem
Measuring risk is a notoriously hard task, so Andy Ellis suggests teams focus on fixing the problems in fornt of them instead of trying to measure what could happen.
RSA Conference 2024: What We Wish People Were Talking About
It's hard to separate the signal from the noise at the RSA Conference, so we asked a group of experts which topics they wish people were discussing more, including security metrics, applying engineering concepts to security, and more.
F5 Fixes Critical RCE Bugs in BIG-IP Next Central Manager
F5 has patched two vulnerabilities (CVE-2024-26026 and CVE-2024-21793) in its BIG-IP Next Central Manager console that can grant full admin control of the target application.
How CISA is Preparing For the Influx of CIRCIA Reports
CIRCIA will mark a fundamental shift for CISA in the scale and scope of reported incidents that it receives from critical infrastructure entities.
‘Zero Day Piled on Zero Day’
Edge devices have become the go-to targets for cybercriminals and state actors, and experts say that will continue for the foreseeable future.
To Fix IoT Security, ‘We Need to Aim at the Security Have-Nots’
The IoT security landscape is grim, but private sector and government experts are trying to improve things through advocacy and collaboration.
Krebs: ‘Business Risk and Geopolitical Risk Are Intertwined’
CISA's former and current directors talked at the RSA Conference this week about challenges around inherently insecure technology and an explosion of threat actors.
Decipher Podcast: Kelly Shortridge at RSA Conference
At RSA Conference 2024, Kelly Shortridge, senior director of portfolio product management at Fastly, talks about the first steps organizations can take toward adopting a Secure by Design mindset and how businesses can approach the challenge of sustaining resilience in complex systems.
Proposed Bill Focuses on Voluntary AI Security Incident Reporting
A newly proposed bill aims to set up databases and processes for voluntary sharing of security incidents related to, and vulnerabilities in, AI systems.
Attacker Accessed Dropbox Sign User Authentication Data in Recent Intrusion
An unknown attacker compromised a customer database for Dropbox Sign and accessed authentication information such as OAuth tokens and MFA data.
RSA Conference 2024 Preview: The Sessions to See This Year
In this special episode, Dennis Fisher and Lindsey O'Donnell-Welch are joined by Brian Donohue of Red Canary to preview the RSA conference talks they're excited about and to try to make sense of some of the session titles that are maybe a little indecipherable.
Senators Reprimand UnitedHealth CEO in Ransomware Hearing
UnitedHealth CEO Andrew Witty faced criticism over the handling of the Change Healthcare ransomware attack in two different government hearings on Wednesday.
‘Uncharted Territory:’ Companies Devise AI Security Policies
Businesses have been preparing security policies for generative AI in the workplace, but many executives say that they still don’t fully understand the security implications of AI.
Verizon DBIR: Enterprises Know the Pain of Zero Day Exploits All Too Well
The Verizon 2024 Data Breach Investigations Report shows a 180 percent increase in the use of vulnerability exploits in breaches from last year, thanks to MOVEit Transfer and other bugs.
Memory Safe: Dennis Fisher
In a special bonus Memory Safe episode, Dennis Fisher, Decipher’s editor in chief, talks about his decades of experience writing about cybersecurity news, the article he authored that inspired him to get into the industry (hint: it involved phishing) and how the cybersecurity news world has changed over the years.