SEARCH
All Articles
Apple Fixes Three Flaws Exploited in the Wild
Apple has patched three bugs in iOS and macOS that have been exploited by attackers.
The Senators Who Will Set the Security and Privacy Agenda in Congress
Whether it's election security, nation-state attacks, or massive data breaches, there is growing pressure on Congress to do something. One way to suss out how the security and privacy agenda will unfold in the 117th Congress is to look at what these Senators have said and done previously.
Oracle Releases Emergency Patch for WebLogic Flaw
Oracle has pushed an emergency patch for CVE-2020-14750, a remotely exploitable flaw in its WebLogic application server.
Privacy Prevails at the Ballot Box
For many voters, Election Day in the United States was more than just about voting for government officials such as the president, lawmakers, judges, and sheriffs. They were also asked to weigh in on referendums, new state laws, and amendments to the state constitution.
Google Discloses Unpatched Windows Flaw Used in Attacks
A windows kernel bug (CVE-2020-17087) is being used in active targeted attacks alongside a recently fixed Chrome bug.
Decipher Podcast: Jeremy Kennelly
Jeremy Kennelly of Mandiant joins Dennis Fisher to discuss the spike in ransomware infections in health care organizations and how ransomware operators are evolving their tactics.
UK Regulator Tells Experian to Change Data Processing Practices
The United Kingdom’s Information Commissioner’s Office issued an enforcement notice against Experian last week, ordering the company to make “fundamental changes” to how it handles consumer data.
CISA, Microsoft Warn of Continued Attacks on Zerologon Bug
The Zerologon (CVE-2020-1472) vulnerability is continuing to draw attention from attackers and Microsoft is urging enterprises to patch immediately.
If Catching All Attackers Is the Goal, A New Path is Needed
Stairwell, a new startup founded by Google and Chronicle veteran Mike Wiacek, aims to help more organizations stop high-level attackers.
KashmirBlack Botnet Targets Unpatched CMS Software
The KashmirBlack botnet exploits multiple flaws in popular content management systems (CMS) is behind millions of attacks per day, including mining for cryptocurrency, redirecting website traffic to spam sites, and defacing websites, Imperva said.
U.S. Sanctions Russian Institute for Triton Malware
The Office of Foreign Assets Control announced sanctions against a Russian research institute for deploying the Triton ICS malware.
Energetic Bear Attackers Targeting US Government Agencies
A Russian threat group known as Energetic Bear has compromised some state and local government agencies in recent weeks.
Decipher Podcast: Kurtis Minder
Kurtis Minder, CEO of GroupSense, joins Dennis Fisher to discuss the delicate process of ransomware negotiations and how enterprises are dealing with infections today.
Microsoft Continues Dismantling Trickbot
Talk about a Whack-a-Mole Operation. Microsoft tries to disable Trickbot command-and-control servers faster than botnet operators can rebuild new infrastructure.
Enterprises Should Fix These 25 Flaws
Enterprise IT staff should prioritize fixing the flaws listed in the Top 25 list of most commonly targeted vulnerabilities released by the United States National Security Agency.