SEARCH
All Articles
Ivanti Rolls Out Patches For Exploited Connect Secure Flaws
Ivanti has rolled out its first round of patches for two existing - and two newly discovered - vulnerabilities in its Ivanti Connect Secure VPN and Ivanti Policy Secure appliances.
U.S. Leaders Warn of Chinese Attacks on Critical Infrastructure
The Department of Justice has disrupted an attack campaign by Chinese state-sponsored attackers on U.S. critical infrastrucutre and says that country's targeting of civilian resources is a "low blow".
Decipher Podcast: Kevin Tian and Rahul Madduluri
Kevin Tian and Rahhul Madduluri, co-founders of Doppel, join Dennis Fisher to discuss the emerging threats of AI-enabled phishing and brand impersonation and how AI can also be used to detect and stop these attacks.
White House Implements AI Safety Reporting Mandate
Under the now-live White House executive order requirement, developers of the “most powerful AI systems” to report “vital information” related to cybersecurity measures, training plans and more.
‘Radical Transparency’ Needed For Tackling Identity Challenges
“One of the biggest challenges that we face in this space… is to say, ‘how are we doing?’” said CISA's Eric Goldstein, speaking at the Identity, Authentication and the Road Ahead event on Thursday.
HPE Discloses Hack by Russian Nation-State Actor
HPE's disclosure of the breach comes days after Microsoft said the same group was able to access corporate email accounts of its senior leadership team.
Exploit Code Released For Fortra GoAnywhere MFT Flaw
The flaw (CVE-2024-0204) could enable remote, unauthenticated attackers to bypass authentication in order to create new users.
For AI Risk, ‘The Real Answer Has to be Regulation’
The development and deployment of AI systems based on LLMs includes many inherent risks and should be regulated, and soon, experts say.
SEC: SIM Swapping Attack Led to Twitter Account Compromise
New revelations from the investigation into the SEC's Twitter account compromise reveal that it stemmed from a SIM swapping attack and that MFA had been disabled on the account.
Apple Patches WebKit Zero Day, Adds Stolen Device Protection in iOS
Apple has fixed a actively exploited WebKit bug (CVE-2024-23222) in iOS and macOS. and added a new security feature called Stolen Device Protection.
CISA Issues Emergency Directive For Ivanti Flaws, Warns of ‘Widespread Exploitation’
CISA said its new emergency directive for Ivanti zero-days is “based on widespread exploitation of vulnerabilities by multiple threat actors."
Exploitation of Recently Patched VMware Bug Started in 2021
Threat actors exploited a critical-severity VMware flaw for almost two years before patches were released in October.
Decipher Podcast: Source Code 1/19
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
Russian COLDRIVER Group Uses New Backdoor to Target Governments
The Russian APT known as COLDRIVER is using a new backdoor called SPICA in phishing campaigns against NGOs and governments.
Citrix Discloses Actively Exploited NetScaler ADC and Gateway Flaws
Flaws in Citrix NetScaler and ADC Gateway have historically been targeted by threat actors, though researchers don't believe the impact of these two bugs to match that of CitrixBleed.